Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix log after infection - is my PC clean?


  • This topic is locked This topic is locked
11 replies to this topic

#1 Kyuketsuki

Kyuketsuki

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 12:54 PM

Greetings, everyone,

 

I'm a newbie user who's havind a hard time with a malware infection acquired by downloading unwanted programs and idontevenknowthatmore.

I took some dumb actions such as uninstalling and deleting programs and folders I didn't recognize, even unsure if they were truly malware. I had some problems and found out that some of them were important, so I fixed what I could.

I scanned the system with Microsoft Security Essencials and Kaspersky (free) which I already had installed. They detected theats, but the results didn't seem satisfactory. Then, I tried to install SpyBot - Search & Destroy, but the malware kept deleting its files and I couldn't use it.

I searched for information and then found and followed the steps of a small guide on Tech Advisor, downloading rkill to stop malware action and running Malwarebytes (trial) to take care of the threat. It did good and all seemed ok.

In despite of that, I still wasn't satisfied, I went then back to the dumb actions and found a Qoobox folder I couldn't delete. Yeah... someone had run ComboFix here for me, I don't even remember when. Probably, the person didn't uninstall it as you recommend, and the program was a victim of a dumb action of mine and was uninstalled incorrectly, leaving the leftover. I found a thread here on how to properly delete it an that's how I downloaded and had to run ComboFix for myself.

I'm concerned since I'm a newbie all alone and it seems to have found threats even though they should be gone with Malwarebytes.

Therefore, I ask for your help.

 

Can you, please, analyse my ComboFix Log and tell me if everything is ok? And, if some problem persists, can you help me on the next steps?

 

Thank you for your time!

 

 

PS: I guess this shouldn't be a problem, but I'm Brazillian, Portuguese speaker, so the log is in this language.



BC AdBot (Login to Remove)

 


#2 Kyuketsuki

Kyuketsuki
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 12:56 PM

ComboFix 18-03-14.01 - Scarlet 28/04/2018  12:49:28.2.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.4078.2189 [GMT -3:00]
Executando de: c:\users\Scarlet\Desktop\ComboFix.exe
AV: Kaspersky Free *Disabled/Updated* {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Microsoft Security Essentials *Enabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Kaspersky Free *Disabled/Updated* {3D579475-6DDE-A186-1569-44B9F9DE8725}
SP: Microsoft Security Essentials *Enabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\security\logs\scecomp.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2018-03-28 to 2018-04-28  ))))))))))))))))))))))))))))
.
.
2018-04-28 16:06 . 2018-04-28 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2018-04-28 15:35 . 2018-04-28 15:35 58120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51A78D28-3854-4CFB-9065-E8923C8C31CA}\MpKsl553bb7e6.sys
2018-04-28 15:31 . 2018-04-28 15:31 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51A78D28-3854-4CFB-9065-E8923C8C31CA}\offreg.628.dll
2018-04-28 02:03 . 2013-01-22 22:19 3851776 ----a-w- c:\windows\system32\drivers\athrx.sys
2018-04-28 02:03 . 2013-01-22 22:19 3851776 ------w- c:\windows\system32\athrx.sys
2018-04-28 02:03 . 2018-04-28 02:03 -------- d-----w- c:\windows\Options
2018-04-28 02:03 . 2018-04-28 02:12 -------- d-----w- c:\windows\system32\nn-NO
2018-04-28 02:03 . 2013-02-03 21:42 60416 ------w- c:\windows\system32\athihvui.dll
2018-04-28 02:03 . 2013-02-03 21:41 440320 ------w- c:\windows\system32\athihvs.dll
2018-04-28 02:02 . 2018-04-28 02:24 -------- d-----w- c:\program files (x86)\Dell Wireless
2018-04-28 02:02 . 2018-04-28 02:02 -------- d-----w- c:\program files (x86)\Cisco
2018-04-28 02:02 . 2006-12-02 02:37 904704 ----a-w- c:\program files\Common Files\Microsoft Shared\VC\msdia80.dll
2018-04-28 01:45 . 2018-04-28 01:48 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2018-04-28 00:17 . 2018-04-28 00:17 253664 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2018-04-28 00:16 . 2018-03-19 15:57 76192 ----a-w- c:\windows\system32\drivers\mbae64.sys
2018-04-28 00:16 . 2018-04-28 00:16 -------- d-----w- c:\programdata\Malwarebytes
2018-04-28 00:16 . 2018-04-28 00:16 -------- d-----w- c:\program files\Malwarebytes
2018-04-27 16:46 . 2018-04-27 16:46 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51A78D28-3854-4CFB-9065-E8923C8C31CA}\offreg.544.dll
2018-04-27 16:10 . 2018-04-13 19:08 14575456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51A78D28-3854-4CFB-9065-E8923C8C31CA}\mpengine.dll
2018-04-27 14:54 . 2018-04-27 14:54 -------- d-----w- c:\users\Scarlet\AppData\Local\Programs
2018-04-27 14:29 . 2018-04-27 14:29 773968 ----a-w- c:\programdata\Microsoft\Windows\GPR\func\msvcr100.dll
2018-04-26 06:31 . 2018-04-26 06:31 -------- d-----w- c:\users\Scarlet\AppData\Local\CEF
2018-04-26 06:26 . 2018-04-26 06:26 -------- d-----w- c:\users\Scarlet\AppData\Local\VirtualStore
2018-04-26 06:03 . 2018-04-27 15:11 -------- d-----w- c:\programdata\Package Cache
2018-04-26 05:27 . 2018-04-13 19:08 14575456 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-04-26 03:20 . 2018-04-28 14:48 -------- d-----r- c:\users\Scarlet\Creative Cloud Files
2018-04-26 02:51 . 2018-04-28 00:52 -------- d-----w- c:\windows\nv
2018-04-26 02:51 . 2018-04-28 00:17 -------- d-----w- c:\windows\wdf
2018-04-11 18:09 . 2018-03-14 17:09 656384 ----a-w- c:\windows\system32\aeinv.dll
2018-04-11 18:09 . 2018-03-14 13:05 1559552 ----a-w- c:\windows\system32\appraiser.dll
2018-04-11 18:09 . 2018-03-14 13:05 291840 ----a-w- c:\windows\system32\acmigration.dll
2018-04-11 18:09 . 2018-03-14 13:05 739840 ----a-w- c:\windows\system32\generaltel.dll
2018-04-11 18:09 . 2018-03-14 13:05 599552 ----a-w- c:\windows\system32\devinv.dll
2018-04-11 18:09 . 2018-03-14 13:05 450048 ----a-w- c:\windows\system32\centel.dll
2018-04-11 18:09 . 2018-03-14 13:05 414720 ----a-w- c:\windows\system32\invagent.dll
2018-04-11 18:09 . 2018-03-14 13:05 237056 ----a-w- c:\windows\system32\aepic.dll
2018-04-11 18:09 . 2018-03-14 13:05 1993728 ----a-w- c:\windows\system32\aitstatic.exe
2018-04-11 18:09 . 2018-03-14 17:14 135360 ----a-w- c:\windows\system32\CompatTelRunner.exe
2018-04-02 00:27 . 2018-02-18 21:34 634272 ----a-w- c:\windows\system32\winload.exe
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2018-04-11 20:15 . 2017-10-11 06:03 136971704 -c--a-w- c:\windows\system32\MRT-KB890830.exe
2018-04-11 20:15 . 2012-12-17 21:23 136971704 -c--a-w- c:\windows\system32\MRT.exe
2018-04-10 23:38 . 2012-11-27 22:12 804864 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2018-04-10 23:38 . 2012-11-27 22:12 144896 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2018-03-31 01:09 . 2018-04-11 18:25 44544 ----a-w- c:\windows\apppatch\acwow64.dll
2018-03-23 18:52 . 2018-03-23 18:52 1094320 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E851E7E6-FD7B-4E45-8954-D524161D7AC2}\gapaengine.dll
2018-02-22 04:31 . 2016-10-11 17:14 57024 ----a-w- c:\windows\system32\drivers\klim6.sys
2018-02-22 04:31 . 2017-09-28 00:42 1072840 ----a-w- c:\windows\system32\drivers\klif.sys
2018-02-22 04:31 . 2016-12-27 10:56 119496 ----a-w- c:\windows\system32\drivers\klbackupflt.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2018-04-24 2409424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 Beat;Beat;p:\softnyxgame\LoveRitmoPS\avital\lbeat64.sys;p:\softnyxgame\LoveRitmoPS\avital\lbeat64.sys [x]
R3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
R3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 klvssbridge64_18.0.0;klvssbridge64_18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WacHidRouterPro;Wacom Hid Router Pro;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\EVGA\PrecisionX 16\WinRing0\WinRing0x64.sys;c:\program files (x86)\EVGA\PrecisionX 16\WinRing0\WinRing0x64.sys [x]
R3 X6va062;X6va062;c:\windows\SysWOW64\Drivers\X6va062;c:\windows\SysWOW64\Drivers\X6va062 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 cm_km;AO Kaspersky Lab Cryptographic Module x64 (56 bit);c:\windows\system32\DRIVERS\cm_km.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km.sys [x]
S0 klbackupdisk;Kaspersky Lab klbackupdisk;c:\windows\system32\DRIVERS\klbackupdisk.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupdisk.sys [x]
S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S1 klbackupflt;Kaspersky Lab klbackupflt;c:\windows\system32\DRIVERS\klbackupflt.sys;c:\windows\SYSNATIVE\DRIVERS\klbackupflt.sys [x]
S1 klhk;Kaspersky Lab service driver;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;Kaspersky Lab format recognizer driver;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;KLwtp - WFP callout traffic inspector;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 MpKsl553bb7e6;MpKsl553bb7e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51A78D28-3854-4CFB-9065-E8923C8C31CA}\MpKsl553bb7e6.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51A78D28-3854-4CFB-9065-E8923C8C31CA}\MpKsl553bb7e6.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AVP18.0.0;Kaspersky Anti-Virus Service 18.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 KSDE2.0.0;Kaspersky Secure Connection Service 2.0.0;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [x]
S2 nebula;Logitech Video Camera Service;c:\program files\Logitech\Collaboration\Services\Video\ServiceLayer.exe;c:\program files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 kltap;Kaspersky Security Data Escort Adapter;c:\windows\system32\DRIVERS\kltap.sys;c:\windows\SYSNATIVE\DRIVERS\kltap.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-11-27 21:03 324080 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2018-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2016-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1c4efa685b0477e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2014-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfea637e86af85.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2015-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cfff96efb91b74.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2015-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0427faab3ab6c.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2015-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d08f2f4e8dde14.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2015-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0bf74775159e8.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2015-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e151f3d15c5e.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2015-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f0511e0bcaba.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2005-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d12ed596d78f22.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2016-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d1ab08da8d77dd.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2016-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d21129677ec604.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04 05:25]
.
2015-11-13 c:\windows\Tasks\{84F6E16C-0320-48E4-83D8-D1321FC00EDF}.job
- c:\program files (x86)\google\chrome\application\chrome.exe [2012-12-04 05:59]
.
2015-06-14 c:\windows\Tasks\{EAB7340E-130C-4746-BCA1-F9FB003ADD03}.job
- c:\program files (x86)\google\chrome\application\chrome.exe [2012-12-04 05:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2018-02-10 04:12 614856 ----a-w- c:\program files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2018-02-10 04:12 614856 ----a-w- c:\program files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2018-02-10 04:12 614856 ----a-w- c:\program files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-14 1353680]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2017-06-21 1903224]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-03 309376]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-02-25 519296]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2018-04-11 509936]
"AdobeGCInvoker-1.0"="c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" [2018-01-05 315880]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.25.1
TCP: Interfaces\{15936ADF-C50B-4C8A-90DA-94B87701B82C}: NameServer = 8.8.8.8
TCP: Interfaces\{A8E990D4-308C-4CFC-A755-458FC33C32A2}: NameServer = 8.8.8.8
TCP: Interfaces\{ACF58238-8641-4D63-B2DE-D0B201910954}: NameServer = 8.8.8.8
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Steam - g:\steam\steam.exe
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-Steam - g:\steam\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va062]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va062"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-4072864123-3423228628-2200760-1000\Software\SecuROM\License information*]
"datasecu"=hex:f9,74,56,47,ff,66,f9,e6,6d,4d,51,fa,3c,4f,21,bc,88,12,44,20,61,
   d3,7c,c9,64,6e,93,a6,da,a9,9a,89,b8,6c,35,3b,77,0f,f2,f5,dd,4e,5f,d0,6e,12,\
"rkeysecu"=hex:20,cf,19,25,77,90,c9,86,46,92,b7,1c,9f,6e,ae,da
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_29_0_0_140_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_29_0_0_140_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.29"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_29_0_0_140.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
c:\program files\Tablet\Wacom\WacomHost.exe
c:\program files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
.
**************************************************************************
.
Tempo para conclusão: 2018-04-28  13:23:46 - Máquina reiniciou
ComboFix-quarantined-files.txt  2018-04-28 16:23
ComboFix2.txt  2014-06-18 18:45
.
Pré-execução: 20.894.068.736 bytes disponíveis
Pós execução: 20.261.249.024 bytes disponíveis
.
- - End Of File - - 071D75C1570258C6072DC901242252E3
5C616939100B85E558DA92B899A0FC36


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 AM

Posted 28 April 2018 - 01:05 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please run this Farbar program. Post the logs. Will take it from there.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs for my review.

Let me know what problems persists.
==============================

#4 Kyuketsuki

Kyuketsuki
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 28 April 2018 - 09:33 PM

Thank you for your quick reply, nasdaq!
As you asked, there are the logs:

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25.04.2018
Executado por Scarlet (administrador) em SCARLET-PC (28-04-2018 23:18:27)
Executando a partir de C:\Users\Scarlet\Desktop\FRST
Perfis Carregados: Scarlet (Perfis Disponíveis: Scarlet)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(Logitech) C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registro (Whitelisted) ===========================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [309376 2011-03-03] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [519296 2011-02-25] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4072864123-3423228628-2200760-1000\...\Policies\system: [DisableLockWorkstation] 0
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{15936ADF-C50B-4C8A-90DA-94B87701B82C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{15936ADF-C50B-4C8A-90DA-94B87701B82C}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{A8E990D4-308C-4CFC-A755-458FC33C32A2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{A8E990D4-308C-4CFC-A755-458FC33C32A2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ACF58238-8641-4D63-B2DE-D0B201910954}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B16E7021-8920-46F0-BD26-31658053983C}: [DhcpNameServer] 192.168.25.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4072864123-3423228628-2200760-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4072864123-3423228628-2200760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USSMB/5
SearchScopes: HKLM -> DefaultScope {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4072864123-3423228628-2200760-1000 -> DefaultScope {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = 
SearchScopes: HKU\S-1-5-21-4072864123-3423228628-2200760-1000 -> {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = 
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2017-09-27] (AO Kaspersky Lab)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2017-09-27] (AO Kaspersky Lab)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2017-09-27] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2017-09-27] (AO Kaspersky Lab)
 
FireFox:
========
FF ProfilePath: C:\Users\Scarlet\AppData\Roaming\Mozilla\Firefox\Profiles\e0a339az.default-1512010723818 [2018-04-27]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-12-14]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Nenhum Arquivo]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default [2018-04-28]
CHR Extension: (Google Drive) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-04]
CHR Extension: (Documentos Google off-line) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Kaspersky Protection) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-09-27]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (BlazBlue) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadeikoddihcngdcndofjdknecdbmolp [2013-01-24]
CHR Extension: (Gmail) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR Profile: C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-04-27]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKU\S-1-5-21-4072864123-3423228628-2200760-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Serviços (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-06-27] (EasyAntiCheat Ltd)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2017-09-27] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4384376 2018-02-13] (Logitech)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3473120 2015-08-10] (INCA Internet Co., Ltd.) [Arquivo não assinado]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [692680 2017-06-28] (Wacom Technology, Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-02-06] (Atheros) [Arquivo não assinado]
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ======================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATENÇÃO (não ServiceDLL)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-09-04] (Echobit, LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-06-14] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-14] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [119496 2018-02-22] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [206040 2017-10-16] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [350944 2017-10-16] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1072840 2018-02-22] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57024 2018-02-22] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-06-23] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-06-23] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [140000 2017-12-14] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-12-14] (AO Kaspersky Lab)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-27] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-28] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-27] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [122512 2017-04-28] (Wacom Technology)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
U3 aqi8jsuf; C:\Windows\System32\Drivers\aqi8jsuf.sys [0 ] (Advanced Micro Devices) <==== ATENÇÃO (zero byte Arquivo/Pasta)
S3 Beat; \??\P:\SoftnyxGame\LoveRitmoPS\avital\lbeat64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R1 MpKsl553bb7e6; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51A78D28-3854-4CFB-9065-E8923C8C31CA}\MpKsl553bb7e6.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20150713.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20150713.004\EX64.SYS [X]
S3 npkcusb; \??\P:\Ragnarök\npkcusb.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\EVGA\PrecisionX 16\WinRing0\WinRing0x64.sys [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Um Mês Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2018-04-28 23:18 - 2018-04-28 23:18 - 000000000 ____D C:\FRST
2018-04-28 23:10 - 2018-04-28 23:18 - 000000000 ____D C:\Users\Scarlet\Desktop\FRST
2018-04-28 20:09 - 2018-04-28 20:09 - 000232028 _____ C:\Users\Scarlet\Desktop\shiftboard SPJA Volunteer Handbook.pdf
2018-04-28 18:10 - 2018-04-28 23:04 - 000000000 ____D C:\Users\Scarlet\Desktop\CMQ comp
2018-04-28 16:15 - 2018-04-28 16:15 - 000079870 _____ C:\Users\Scarlet\Desktop\pexels-photo-900103.jpeg
2018-04-28 16:09 - 2018-04-28 16:09 - 000084528 _____ C:\Users\Scarlet\Desktop\pexels-photo-938962.jpeg
2018-04-28 13:55 - 2018-04-28 13:55 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-28 13:55 - 2018-04-28 13:55 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-28 13:55 - 2018-04-28 13:55 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-28 13:34 - 2018-04-28 13:34 - 000028321 _____ C:\Users\Scarlet\Desktop\ComboFix Log 28-04-2018.txt
2018-04-28 13:23 - 2018-04-28 13:23 - 000028321 _____ C:\ComboFix.txt
2018-04-28 12:30 - 2018-04-28 12:31 - 005659794 ____R (Swearware) C:\Users\Scarlet\Desktop\ComboFix.exe
2018-04-28 00:08 - 2018-04-28 12:08 - 000000000 ____D C:\Users\Scarlet\Desktop\Drive
2018-04-27 23:03 - 2018-04-27 23:12 - 000000000 ____D C:\Windows\system32\nn-NO
2018-04-27 23:03 - 2018-04-27 23:03 - 000000000 ____D C:\Windows\Options
2018-04-27 23:03 - 2018-04-27 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
2018-04-27 23:03 - 2018-04-27 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net
2018-04-27 23:03 - 2013-02-06 03:41 - 000008841 ____N C:\Windows\system32\athrextx.cat
2018-04-27 23:03 - 2013-02-03 18:42 - 000060416 ____N (Atheros) C:\Windows\system32\athihvui.dll
2018-04-27 23:03 - 2013-02-03 18:41 - 000440320 ____N (Atheros) C:\Windows\system32\athihvs.dll
2018-04-27 23:03 - 2013-01-22 19:19 - 003851776 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2018-04-27 23:03 - 2013-01-22 19:19 - 003851776 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2018-04-27 23:02 - 2018-04-27 23:24 - 000000000 ____D C:\Program Files (x86)\Dell Wireless
2018-04-27 23:02 - 2018-04-27 23:02 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-04-27 21:54 - 2018-04-27 21:54 - 000094552 _____ C:\Users\Scarlet\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-27 21:52 - 2018-04-27 21:52 - 000362992 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-27 21:43 - 2018-04-27 21:47 - 007256272 _____ (Malwarebytes) C:\Users\Scarlet\Downloads\adwcleaner_7.1.0.0.exe
2018-04-27 21:17 - 2018-04-27 21:17 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-27 21:16 - 2018-04-28 23:10 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-27 21:16 - 2018-04-27 21:16 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2018-04-27 21:16 - 2018-04-27 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-27 21:16 - 2018-04-27 21:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-27 21:16 - 2018-04-27 21:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-27 21:16 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-27 21:11 - 2018-04-27 21:13 - 074269016 _____ (Malwarebytes ) C:\Users\Scarlet\Downloads\mb3-setup-consumer-3.4.5.2467-1.0.342-1.0.4890.exe
2018-04-27 21:05 - 2018-04-27 21:05 - 000841241 _____ C:\Users\Scarlet\Downloads\rkill.zip
2018-04-27 12:24 - 2018-04-26 00:58 - 000000378 _____ C:\Windows\system32\Drivers\etc\hosts.20180427-122428.backup
2018-04-27 11:59 - 2018-04-27 11:59 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-04-26 09:14 - 2018-04-27 19:59 - 000000022 _____ C:\Users\Scarlet\Downloads\Install.zip
2018-04-26 03:31 - 2018-04-26 03:31 - 000000000 ____D C:\Users\Scarlet\AppData\Local\CEF
2018-04-26 03:26 - 2018-04-26 03:26 - 000000000 ____D C:\Users\Scarlet\AppData\Local\VirtualStore
2018-04-26 03:11 - 2018-04-26 03:11 - 000001224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-04-26 03:11 - 2018-04-26 03:11 - 000001212 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-04-26 03:03 - 2018-04-27 12:11 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2018-04-26 03:03 - 2018-04-27 12:11 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-26 02:26 - 2018-04-26 02:27 - 068742112 _____ (Microsoft Corporation) C:\Users\Scarlet\Downloads\NDP471-KB4033342-x86-x64-AllOS-ENU.exe
2018-04-26 00:42 - 2018-04-26 00:42 - 000003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Scarlet-PC-Scarlet
2018-04-26 00:40 - 2018-04-26 00:40 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2018.lnk
2018-04-26 00:20 - 2018-04-28 11:48 - 000000000 ___RD C:\Users\Scarlet\Creative Cloud Files
2018-04-25 23:51 - 2018-04-27 21:52 - 000000000 ____D C:\Windows\nv
2018-04-25 23:51 - 2018-04-27 21:17 - 000000000 ____D C:\Windows\wdf
2018-04-25 23:51 - 2018-04-25 23:51 - 000003290 _____ C:\Windows\System32\Tasks\{8CD8FFDB-990C-4086-A98D-62F71C31ECB8}
2018-04-25 22:57 - 2018-04-25 22:57 - 000000000 ____D C:\Users\Scarlet\AppData\LocalLow\uTorrent
2018-04-25 22:13 - 2018-04-25 22:35 - 000000000 ____D C:\Users\Scarlet\Desktop\Projetos e talz
2018-04-25 22:07 - 2018-04-25 22:16 - 000000000 ____D C:\Users\Scarlet\Desktop\GRACOM
2018-04-23 22:28 - 2018-04-23 22:28 - 001741381 _____ C:\Users\Scarlet\Downloads\TUTORIALGUIADEBUSCASatualizacao308122017Modulo1.pdf
2018-04-23 18:22 - 2018-04-23 18:22 - 004989367 _____ C:\Users\Scarlet\Downloads\Blank-white-stacks-of-business-cards.zip
2018-04-23 18:12 - 2018-04-23 18:12 - 000698844 _____ C:\Users\Scarlet\Downloads\White-plastic-cup.zip
2018-04-23 18:10 - 2018-04-23 18:10 - 000406709 _____ C:\Users\Scarlet\Downloads\Cup-mockup.zip
2018-04-23 18:06 - 2018-04-23 18:07 - 012329419 _____ C:\Users\Scarlet\Downloads\Cup-mock-up.zip
2018-04-22 22:33 - 2018-04-22 22:34 - 144301962 _____ C:\Users\Scarlet\Downloads\Cup & Cookies Mockup.zip
2018-04-21 12:46 - 2018-04-21 12:46 - 000090560 _____ C:\Users\Scarlet\Downloads\persona.pdf
2018-04-21 01:28 - 2018-04-21 01:28 - 002163180 _____ C:\Users\Scarlet\Downloads\Manual de Marca - Scarlet (INCOMPLETÍSSIMO).ai
2018-04-20 23:47 - 2018-04-20 23:48 - 036371416 _____ C:\Users\Scarlet\Downloads\drive-download-20180421T024713Z-001.zip
2018-04-11 15:25 - 2018-03-30 23:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-11 15:25 - 2018-03-30 23:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-11 15:25 - 2018-03-30 23:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-11 15:25 - 2018-03-30 23:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-11 15:25 - 2018-03-30 23:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-11 15:25 - 2018-03-30 22:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-11 15:25 - 2018-03-30 22:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-11 15:25 - 2018-03-30 22:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-11 15:25 - 2018-03-30 22:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-11 15:25 - 2018-03-30 22:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-11 15:25 - 2018-03-30 22:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-11 15:25 - 2018-03-30 22:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-11 15:25 - 2018-03-30 22:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-11 15:25 - 2018-03-30 22:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-11 15:25 - 2018-03-30 22:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-11 15:25 - 2018-03-30 21:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-11 15:25 - 2018-03-30 21:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-11 15:25 - 2018-03-30 21:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-11 15:25 - 2018-03-30 21:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-11 15:25 - 2018-03-30 21:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-11 15:25 - 2018-03-30 21:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-11 15:25 - 2018-03-30 21:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-11 15:25 - 2018-03-30 21:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-11 15:25 - 2018-03-30 21:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-11 15:25 - 2018-03-28 04:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-11 15:25 - 2018-03-23 15:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-11 15:25 - 2018-03-23 14:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-11 15:25 - 2018-03-22 20:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-11 15:25 - 2018-03-22 18:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-11 15:25 - 2018-03-22 18:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-11 15:25 - 2018-03-22 18:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-11 15:25 - 2018-03-22 18:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-11 15:25 - 2018-03-22 18:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-11 15:25 - 2018-03-22 18:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-11 15:25 - 2018-03-22 18:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-11 15:25 - 2018-03-22 18:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-11 15:25 - 2018-03-22 18:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-11 15:25 - 2018-03-22 18:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-11 15:25 - 2018-03-22 18:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-11 15:25 - 2018-03-22 18:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-11 15:25 - 2018-03-22 18:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-11 15:25 - 2018-03-22 18:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-11 15:25 - 2018-03-22 18:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-11 15:25 - 2018-03-22 18:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-11 15:25 - 2018-03-22 18:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-11 15:25 - 2018-03-22 18:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-11 15:25 - 2018-03-22 17:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-11 15:25 - 2018-03-22 17:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-11 15:25 - 2018-03-22 17:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-11 15:25 - 2018-03-22 17:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-11 15:25 - 2018-03-22 17:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-11 15:25 - 2018-03-22 17:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-11 15:25 - 2018-03-22 17:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-11 15:25 - 2018-03-22 17:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-11 15:25 - 2018-03-22 17:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-11 15:25 - 2018-03-22 17:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-11 15:25 - 2018-03-22 17:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-11 15:25 - 2018-03-22 17:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-11 15:25 - 2018-03-22 17:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-11 15:25 - 2018-03-22 17:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-11 15:25 - 2018-03-22 17:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-11 15:25 - 2018-03-22 17:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-11 15:25 - 2018-03-22 17:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-11 15:25 - 2018-03-22 17:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-11 15:25 - 2018-03-22 17:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-11 15:25 - 2018-03-22 17:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-11 15:25 - 2018-03-22 17:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-11 15:25 - 2018-03-22 17:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-11 15:25 - 2018-03-22 17:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-11 15:25 - 2018-03-22 17:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-11 15:25 - 2018-03-22 17:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-11 15:25 - 2018-03-22 17:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-11 15:25 - 2018-03-22 17:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-11 15:25 - 2018-03-22 17:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-11 15:25 - 2018-03-22 17:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-11 15:25 - 2018-03-22 17:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-11 15:25 - 2018-03-22 17:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-11 15:25 - 2018-03-22 17:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-11 15:25 - 2018-03-22 17:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-11 15:25 - 2018-03-22 17:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-11 15:25 - 2018-03-22 17:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-11 15:25 - 2018-03-22 17:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-11 15:25 - 2018-03-22 17:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-11 15:25 - 2018-03-22 17:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-11 15:25 - 2018-03-22 17:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-11 15:25 - 2018-03-22 17:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-11 15:25 - 2018-03-22 17:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-11 15:25 - 2018-03-22 17:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-11 15:25 - 2018-03-22 17:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-11 15:25 - 2018-03-22 16:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-11 15:25 - 2018-03-22 16:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-11 15:25 - 2018-03-22 16:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-11 15:25 - 2018-03-22 16:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-11 15:25 - 2018-03-10 14:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-11 15:25 - 2018-03-09 15:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-11 15:25 - 2018-03-09 15:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-11 15:25 - 2018-03-09 15:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-11 15:25 - 2018-03-09 15:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-11 15:25 - 2018-03-09 15:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-11 15:25 - 2018-03-09 15:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-11 15:25 - 2018-03-09 15:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-11 15:25 - 2018-03-09 15:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-11 15:25 - 2018-03-09 15:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-11 15:25 - 2018-03-09 15:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-11 15:25 - 2018-03-09 15:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-11 15:25 - 2018-03-09 14:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-11 15:25 - 2018-03-06 15:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-11 15:25 - 2018-03-06 15:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-11 15:25 - 2018-03-06 15:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-11 15:25 - 2018-03-06 15:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-11 15:25 - 2018-03-06 15:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-11 15:25 - 2018-03-06 15:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-11 15:25 - 2018-02-22 00:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-04-11 15:25 - 2018-02-22 00:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-04-11 15:25 - 2018-02-10 15:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-11 15:25 - 2018-02-10 15:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-11 15:25 - 2018-02-10 15:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-04-11 15:25 - 2018-02-10 15:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-04-11 15:25 - 2018-02-10 15:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-04-11 15:25 - 2018-02-10 15:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-04-11 15:25 - 2018-02-10 15:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
2018-04-11 15:25 - 2018-02-10 15:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-11 15:25 - 2018-02-10 15:11 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-11 15:25 - 2018-02-10 15:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-04-11 15:25 - 2018-02-10 15:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-04-11 15:25 - 2018-02-10 14:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
2018-04-11 15:25 - 2018-02-10 14:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
2018-04-11 15:25 - 2018-02-10 14:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2018-04-11 15:25 - 2018-02-10 14:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-11 15:25 - 2018-02-10 14:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-04-11 15:25 - 2018-02-10 14:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-04-11 15:25 - 2018-02-10 14:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-04-11 15:25 - 2018-02-10 14:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-04-11 15:25 - 2018-02-02 15:40 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-11 15:25 - 2018-02-02 15:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-04-11 15:25 - 2018-02-02 15:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-04-11 15:25 - 2018-02-02 15:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-04-11 15:25 - 2018-02-02 15:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-04-11 15:25 - 2018-02-02 15:16 - 003246080 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-11 15:25 - 2018-02-02 15:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-04-11 15:25 - 2018-02-02 15:16 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-04-11 15:25 - 2018-02-02 15:14 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-11 15:25 - 2018-02-02 15:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-04-11 15:25 - 2018-02-02 14:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-04-11 15:25 - 2018-02-02 14:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-04-11 15:25 - 2018-01-25 11:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-11 15:25 - 2018-01-15 16:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-11 15:25 - 2018-01-15 16:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-04-11 15:25 - 2018-01-12 13:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-11 15:25 - 2018-01-12 13:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-04-11 15:09 - 2018-03-14 14:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-11 15:09 - 2018-03-14 14:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-11 15:09 - 2018-03-14 10:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-06 03:26 - 2018-04-06 03:26 - 001823146 _____ C:\Users\Scarlet\Downloads\Trabalho Folder.ai
2018-04-04 23:17 - 2018-04-04 23:17 - 001373947 _____ C:\Users\Scarlet\Downloads\e-book-5dicas-eudesenho.pdf
2018-04-01 21:27 - 2018-02-18 18:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
 
==================== Um Mês Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2018-04-28 22:08 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2018-04-28 22:08 - 2017-09-27 21:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-04-28 13:24 - 2014-06-18 15:32 - 000000000 ____D C:\Qoobox
2018-04-28 13:24 - 2009-07-14 02:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-04-28 13:18 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-28 13:18 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-28 13:12 - 2005-01-01 00:16 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
2018-04-28 13:12 - 2005-01-01 00:16 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-28 13:11 - 2012-12-03 21:05 - 000001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2018-04-28 13:11 - 2009-07-13 23:34 - 000000215 _____ C:\Windows\system.ini
2018-04-28 13:10 - 2017-05-03 23:45 - 000000000 ____D C:\Users\Scarlet\AppData\Roaming\WTablet
2018-04-28 13:09 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-28 13:08 - 2009-07-13 23:34 - 129236992 _____ C:\Windows\system32\config\software.bak
2018-04-28 13:08 - 2009-07-13 23:34 - 027262976 _____ C:\Windows\system32\config\system.bak
2018-04-28 13:08 - 2009-07-13 23:34 - 005242880 _____ C:\Windows\system32\config\default.bak
2018-04-28 13:08 - 2009-07-13 23:34 - 000262144 _____ C:\Windows\system32\config\security.bak
2018-04-28 13:08 - 2009-07-13 23:34 - 000262144 _____ C:\Windows\system32\config\sam.bak
2018-04-28 13:06 - 2014-06-18 15:32 - 000000000 ____D C:\Windows\erdnt
2018-04-28 12:06 - 2017-06-14 17:48 - 000000000 ____D C:\Users\Todos os Usuários\Temp
2018-04-28 12:06 - 2017-06-14 17:48 - 000000000 ____D C:\ProgramData\Temp
2018-04-28 11:57 - 2017-06-07 04:08 - 000000000 ____D C:\Users\Scarlet\Documents\Alice jog
2018-04-28 11:55 - 2014-04-17 12:49 - 000000000 ____D C:\Users\Scarlet\Documents\Dolphin Emulator
2018-04-28 11:47 - 2013-02-07 16:48 - 000000000 ____D C:\Users\Scarlet\AppData\Local\Adobe
2018-04-27 23:36 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2018-04-27 23:02 - 2012-11-27 19:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-27 23:01 - 2014-06-23 17:33 - 000000000 ____D C:\Users\Todos os Usuários\Dell
2018-04-27 23:01 - 2014-06-23 17:33 - 000000000 ____D C:\ProgramData\Dell
2018-04-27 22:46 - 2009-07-14 00:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-27 22:40 - 2017-04-16 22:46 - 000000000 ____D C:\Program Files\Dell
2018-04-27 22:40 - 2014-06-22 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-04-27 22:32 - 2017-06-23 19:06 - 000000000 ____D C:\Users\Todos os Usuários\SupportAssist
2018-04-27 22:32 - 2017-06-23 19:06 - 000000000 ____D C:\ProgramData\SupportAssist
2018-04-27 21:54 - 2012-11-27 19:45 - 000000000 ____D C:\Users\Usuário Padrão\AppData\Local\SoftThinks
2018-04-27 21:54 - 2012-11-27 19:45 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-04-27 21:54 - 2012-11-27 19:45 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-04-27 21:49 - 2017-04-16 01:38 - 000000000 ____D C:\AdwCleaner
2018-04-27 21:05 - 2012-12-03 21:02 - 000000000 ____D C:\Users\Scarlet\AppData\Roaming\Adobe
2018-04-27 17:34 - 2012-12-15 15:26 - 000000000 ____D C:\Users\Scarlet\AppData\Roaming\uTorrent
2018-04-27 11:35 - 2017-12-20 00:12 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-04-26 03:14 - 2011-02-12 08:51 - 001600448 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-04-26 03:14 - 2010-11-21 06:37 - 000705880 _____ C:\Windows\system32\prfh0416.dat
2018-04-26 03:14 - 2010-11-21 06:37 - 000147684 _____ C:\Windows\system32\prfc0416.dat
2018-04-26 03:14 - 2009-07-14 02:13 - 001600448 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-26 02:53 - 2012-12-03 20:58 - 000000000 ____D C:\Users\Scarlet
2018-04-26 01:42 - 2017-06-28 04:42 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-04-26 01:16 - 2012-11-27 19:36 - 000000000 ____D C:\Program Files (x86)\Roxio
2018-04-26 00:53 - 2013-06-01 21:00 - 000000000 ____D C:\Users\Todos os Usuários\Intel
2018-04-26 00:53 - 2013-06-01 21:00 - 000000000 ____D C:\ProgramData\Intel
2018-04-26 00:40 - 2017-05-15 12:15 - 000000000 ____D C:\Users\Scarlet\Documents\Adobe
2018-04-26 00:30 - 2013-02-07 16:21 - 000000000 ____D C:\Users\Todos os Usuários\Adobe
2018-04-26 00:30 - 2013-02-07 16:21 - 000000000 ____D C:\ProgramData\Adobe
2018-04-26 00:24 - 2018-03-10 02:45 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-04-26 00:23 - 2018-03-10 02:43 - 000000000 ____D C:\Program Files\Adobe
2018-04-25 22:25 - 2015-08-05 00:58 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-25 22:17 - 2018-03-21 06:02 - 000000000 ____D C:\Users\Scarlet\Desktop\VOLUNTEER
2018-04-25 20:33 - 2017-04-14 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2018-04-24 09:03 - 2017-05-15 11:21 - 000000033 _____ C:\Users\Scarlet\AppData\Roaming\AdobeWLCMCache.dat
2018-04-18 16:05 - 2009-07-14 02:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-15 23:28 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\rescache
2018-04-11 18:44 - 2014-12-11 11:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-11 17:21 - 2013-07-16 19:08 - 000000000 ____D C:\Windows\system32\MRT
2018-04-11 17:15 - 2017-10-11 03:03 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-11 17:15 - 2012-12-17 18:23 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-11 00:49 - 2012-12-03 22:20 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2018-04-10 20:38 - 2018-03-14 19:37 - 000004542 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 20:38 - 2012-11-27 19:12 - 000804864 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 20:38 - 2012-11-27 19:12 - 000144896 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 20:38 - 2012-11-27 19:12 - 000004384 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 20:38 - 2012-11-27 19:12 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-10 20:37 - 2012-11-27 19:12 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-05 21:25 - 2016-11-09 19:02 - 000000000 ____D C:\Users\Scarlet\Desktop\ucb 2-2015
 
==================== Arquivos na raiz de alguns diretórios =======
 
2017-05-15 11:21 - 2018-04-24 09:03 - 000000033 _____ () C:\Users\Scarlet\AppData\Roaming\AdobeWLCMCache.dat
2017-04-16 02:13 - 2017-06-02 18:23 - 000007630 _____ () C:\Users\Scarlet\AppData\Local\Resmon.ResmonCfg
 
Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\{84F6E16C-0320-48E4-83D8-D1321FC00EDF}.job
C:\Windows\Tasks\{EAB7340E-130C-4746-BCA1-F9FB003ADD03}.job
 
 
==================== Bamital & volsnap ======================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
 
LastRegBack: 2018-04-28 01:20
 
==================== Fim de FRST.txt ============================

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 AM

Posted 29 April 2018 - 08:03 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
Task: {174A7BF6-B7DC-4BF8-87F2-C159F76CE0D1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {174A7BF6-B7DC-4BF8-87F2-C159F76CE0D1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {2A85F8C0-15BE-4A02-BDB4-96B1321268CF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {2A85F8C0-15BE-4A02-BDB4-96B1321268CF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {5C633D07-4DE6-4540-9172-3089B2A6C220} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {771B798F-4968-4BA8-906C-7D650CFD2233} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {CA1A5DF8-F1BB-46CB-8972-F94AEABF9BC5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {F816E779-B768-4A3E-8F62-62846BCAC685} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe
FirewallRules: [{230D2C0E-875B-4C39-B2B4-983B84F7C69B}] => (Allow) C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe

HKU\S-1-5-21-4072864123-3423228628-2200760-1000\...\Policies\system: [DisableLockWorkstation] 0
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Nenhum Arquivo]
U3 aqi8jsuf; C:\Windows\System32\Drivers\aqi8jsuf.sys [0 ] (Advanced Micro Devices) <==== ATENÇÃO (zero byte Arquivo/Pasta)
S3 Beat; \??\P:\SoftnyxGame\LoveRitmoPS\avital\lbeat64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R1 MpKsl553bb7e6; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51A78D28-3854-4CFB-9065-E8923C8C31CA}\MpKsl553bb7e6.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20150713.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20150713.004\EX64.SYS [X]
S3 npkcusb; \??\P:\Ragnarök\npkcusb.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\EVGA\PrecisionX 16\WinRing0\WinRing0x64.sys [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X][/B]
C:\Windows\System32\Drivers\aqi8jsuf.sys
C:\ProgramData\Microsoft\Windows\GPR

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please let me know of any issues with this computer.

#6 Kyuketsuki

Kyuketsuki
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 29 April 2018 - 05:04 PM

Hello, nasdaq!
 

I can't really say if there are issues related to the infection besides the deletion of SpyBot files which happened before, as I state above. Actually, it took a while for me to notice my PC was infected, even though Security Essencials and Kaspersky had already quarentined some files related to the... umm...  :pirate: downloads I had made. You know, that "activation" crap. They say to disable your antivirus and/or ignore if it consider some file a threat. I did see TROJAN names, but I restored the files and kept trying to install the damn program. I downloaded from three different sources and the three went wrong. Only in the third I noticed something off. This dialog box asked if I wanted to install a bunch of garbage plus the one I was installing, I managed to find the boxes to untick and did so. But, the process went wrong again and this PandaViewer bleep appeared installed. Which I am sure I unchecked the box! I uninstalled it the Control Panel way and got rid of all the trash I had downloaded. At least I thought so. I restarted my computer, for I don't remember what reason, and a message popped out: "PandaViewer could not be initialized", or something like it. And that's when I tried to install SpyBot and the malware prevented me to.
Hope that helps...

Now, the fixlog:
 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25.04.2018
Executado por Scarlet (29-04-2018 17:44:17) Run:1
Executando a partir de C:\Users\Scarlet\Desktop\FRST
Perfis Carregados: Scarlet (Perfis Disponíveis: Scarlet)
Modo da Inicialização: Normal
==============================================
 
fixlist Conteúdo:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
Task: {174A7BF6-B7DC-4BF8-87F2-C159F76CE0D1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {174A7BF6-B7DC-4BF8-87F2-C159F76CE0D1} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {2A85F8C0-15BE-4A02-BDB4-96B1321268CF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {2A85F8C0-15BE-4A02-BDB4-96B1321268CF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe
Task: {5C633D07-4DE6-4540-9172-3089B2A6C220} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {771B798F-4968-4BA8-906C-7D650CFD2233} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe
Task: {CA1A5DF8-F1BB-46CB-8972-F94AEABF9BC5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe
Task: {F816E779-B768-4A3E-8F62-62846BCAC685} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe
FirewallRules: [{230D2C0E-875B-4C39-B2B4-983B84F7C69B}] => (Allow) C:\ProgramData\Microsoft\Windows\GPR\network\svcnetwk.exe
 
HKU\S-1-5-21-4072864123-3423228628-2200760-1000\...\Policies\system: [DisableLockWorkstation] 0
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [Nenhum Arquivo]
U3 aqi8jsuf; C:\Windows\System32\Drivers\aqi8jsuf.sys [0 ] (Advanced Micro Devices) <==== ATEN��O (zero byte Arquivo/Pasta)
S3 Beat; \??\P:\SoftnyxGame\LoveRitmoPS\avital\lbeat64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R1 MpKsl553bb7e6; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51A78D28-3854-4CFB-9065-E8923C8C31CA}\MpKsl553bb7e6.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20150713.004\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.0.2.17\Definitions\VirusDefs\20150713.004\EX64.SYS [X]
S3 npkcusb; \??\P:\Ragnar�k\npkcusb.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\EVGA\PrecisionX 16\WinRing0\WinRing0x64.sys [X]
S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X][/B]
C:\Windows\System32\Drivers\aqi8jsuf.sys
C:\ProgramData\Microsoft\Windows\GPR
 
End
*****************
 
Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => não encontrado (a)
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast" => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => não encontrado (a)
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{174A7BF6-B7DC-4BF8-87F2-C159F76CE0D1}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{174A7BF6-B7DC-4BF8-87F2-C159F76CE0D1}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{174A7BF6-B7DC-4BF8-87F2-C159F76CE0D1} => Não pode ser removido. Acesso Negado.
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => não encontrado (a)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Não pode ser removido. Acesso Negado.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A85F8C0-15BE-4A02-BDB4-96B1321268CF}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A85F8C0-15BE-4A02-BDB4-96B1321268CF}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A85F8C0-15BE-4A02-BDB4-96B1321268CF} => Não pode ser removido. Acesso Negado.
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => não encontrado (a)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Não pode ser removido. Acesso Negado.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C633D07-4DE6-4540-9172-3089B2A6C220}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C633D07-4DE6-4540-9172-3089B2A6C220}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\runappraiser" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{771B798F-4968-4BA8-906C-7D650CFD2233}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{771B798F-4968-4BA8-906C-7D650CFD2233}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA1A5DF8-F1BB-46CB-8972-F94AEABF9BC5}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA1A5DF8-F1BB-46CB-8972-F94AEABF9BC5}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F816E779-B768-4A3E-8F62-62846BCAC685}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F816E779-B768-4A3E-8F62-62846BCAC685}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{230D2C0E-875B-4C39-B2B4-983B84F7C69B}" => removido (a) com sucesso.
"HKU\S-1-5-21-4072864123-3423228628-2200760-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation" => removido (a) com sucesso.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => removido (a) com sucesso.
aqi8jsuf => serviço não encontrado (a).
"HKLM\System\CurrentControlSet\Services\Beat" => removido (a) com sucesso.
Beat => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\catchme" => removido (a) com sucesso.
catchme => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\EagleX64" => removido (a) com sucesso.
EagleX64 => serviço removido (a) com sucesso.
MpKsl553bb7e6 => serviço não encontrado (a).
"HKLM\System\CurrentControlSet\Services\NAVENG" => removido (a) com sucesso.
NAVENG => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\NAVEX15" => removido (a) com sucesso.
NAVEX15 => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\npkcusb" => removido (a) com sucesso.
npkcusb => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\WinRing0_1_2_0" => removido (a) com sucesso.
WinRing0_1_2_0 => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\X6va062" => removido (a) com sucesso.
X6va062 => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\xhunter1" => removido (a) com sucesso.
xhunter1 => serviço removido (a) com sucesso.
"C:\Windows\System32\Drivers\aqi8jsuf.sys" => não encontrado (a)
C:\ProgramData\Microsoft\Windows\GPR => movido com sucesso
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43948742 B
Java, Flash, Steam htmlcache => 592 B
Windows/system/drivers => 1725931 B
Edge => 0 B
Chrome => 346258938 B
Firefox => 2070882 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33125 B
systemprofile32 => 39001 B
LocalService => 0 B
NetworkService => 14300822 B
Scarlet => 10229989 B
 
RecycleBin => 0 B
EmptyTemp: => 407.2 MB de dados temporários Removidos.
 
================================
 
Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 29-04-2018 17:53:38)
 
 
Resultado dos registros marcados para excluir será exibido após a reinicialização:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{174A7BF6-B7DC-4BF8-87F2-C159F76CE0D1} => Não pode ser removido. Acesso Negado.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Não pode ser removido. Acesso Negado.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A85F8C0-15BE-4A02-BDB4-96B1321268CF} => Não pode ser removido. Acesso Negado.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Não pode ser removido. Acesso Negado.
 
==== Fim de Fixlog 17:53:38 ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 AM

Posted 30 April 2018 - 08:37 AM

Please run the Farbar program normally.

Post a Fresh FRST.txt and Addition.txt logs for my review.

When running Farbar make sure that the box to create an Addition.txt file is checked.

Post the logs.

#8 Kyuketsuki

Kyuketsuki
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 01 May 2018 - 08:54 PM

Hi!

Here are the new logs. Addition is attached, like before.

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25.04.2018
Executado por Scarlet (administrador) em SCARLET-PC (01-05-2018 22:44:53)
Executando a partir de C:\Users\Scarlet\Desktop\FRST
Perfis Carregados: Scarlet (Perfis Disponíveis: Scarlet)
Platform: Windows 7 Home Basic Service Pack 1 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
 
==================== Processos (Whitelisted) =================
 
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(The OpenVPN Project) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\openvpn.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
 
==================== Registro (Whitelisted) ===========================
 
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [309376 2011-03-03] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [519296 2011-02-25] (Conexant Systems, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{15936ADF-C50B-4C8A-90DA-94B87701B82C}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{15936ADF-C50B-4C8A-90DA-94B87701B82C}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{A8E990D4-308C-4CFC-A755-458FC33C32A2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{A8E990D4-308C-4CFC-A755-458FC33C32A2}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{ACF58238-8641-4D63-B2DE-D0B201910954}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{B16E7021-8920-46F0-BD26-31658053983C}: [DhcpNameServer] 192.168.25.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4072864123-3423228628-2200760-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4072864123-3423228628-2200760-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/USSMB/5
SearchScopes: HKLM -> DefaultScope {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4072864123-3423228628-2200760-1000 -> DefaultScope {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = 
SearchScopes: HKU\S-1-5-21-4072864123-3423228628-2200760-1000 -> {160F70A7-407D-4C72-861C-DEAB31F5FF00} URL = 
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2017-09-27] (AO Kaspersky Lab)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2017-09-27] (AO Kaspersky Lab)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2017-09-27] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {4853DF44-7D6B-48E9-9258-D800EEE54AF6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2017-09-27] (AO Kaspersky Lab)
 
FireFox:
========
FF ProfilePath: C:\Users\Scarlet\AppData\Roaming\Mozilla\Firefox\Profiles\e0a339az.default-1512010723818 [2018-04-29]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-12-14]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default [2018-05-01]
CHR Extension: (Google Drive) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-02-04]
CHR Extension: (Documentos Google off-line) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Kaspersky Protection) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2017-09-27]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (BlazBlue) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadeikoddihcngdcndofjdknecdbmolp [2013-01-24]
CHR Extension: (Gmail) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-25]
CHR Profile: C:\Users\Scarlet\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-04-29]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKU\S-1-5-21-4072864123-3423228628-2200760-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Serviços (Whitelisted) ====================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-06-27] (EasyAntiCheat Ltd)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2017-09-27] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S2 nebula; C:\Program Files\Logitech\Collaboration\Services\Video\ServiceLayer.exe [4384376 2018-02-13] (Logitech)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3473120 2015-08-10] (INCA Internet Co., Ltd.) [Arquivo não assinado]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [Arquivo não assinado]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [692680 2017-06-28] (Wacom Technology, Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-02-06] (Atheros) [Arquivo não assinado]
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ======================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATENÇÃO (não ServiceDLL)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [41608 2017-12-14] (Dell Inc.)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [41208 2017-12-14] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2015-09-04] (Echobit, LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-06-14] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-14] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [119496 2018-02-22] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [206040 2017-10-16] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [350944 2017-10-16] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1072840 2018-02-22] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57024 2018-02-22] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [57568 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [50672 2017-06-23] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [81904 2017-06-23] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [140000 2017-12-14] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-12-14] (AO Kaspersky Lab)
S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-04-28] (Malwarebytes)
S3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [44768 2018-04-28] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-04-27] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [93816 2018-04-28] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-06-27] (Duplex Secure Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [122512 2017-04-28] (Wacom Technology)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
U3 ao7om1md; C:\Windows\System32\Drivers\ao7om1md.sys [0 ] (Advanced Micro Devices) <==== ATENÇÃO (zero byte Arquivo/Pasta)
 
==================== NetSvcs (Whitelisted) ===================
 
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
 
 
==================== Um Mês Criados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2018-04-30 02:34 - 2018-04-30 06:58 - 000000688 _____ C:\Users\Scarlet\Desktop\diy encantinho.txt
2018-04-29 22:28 - 2018-04-29 22:28 - 000000000 ____D C:\Users\Scarlet\AppData\Roaming\NVIDIA
2018-04-28 23:18 - 2018-05-01 22:44 - 000000000 ____D C:\FRST
2018-04-28 23:10 - 2018-05-01 22:44 - 000000000 ____D C:\Users\Scarlet\Desktop\FRST
2018-04-28 20:09 - 2018-04-28 20:09 - 000232028 _____ C:\Users\Scarlet\Desktop\shiftboard SPJA Volunteer Handbook.pdf
2018-04-28 18:10 - 2018-04-28 23:04 - 000000000 ____D C:\Users\Scarlet\Desktop\CMQ comp
2018-04-28 16:15 - 2018-04-28 16:15 - 000079870 _____ C:\Users\Scarlet\Desktop\pexels-photo-900103.jpeg
2018-04-28 16:09 - 2018-04-28 16:09 - 000084528 _____ C:\Users\Scarlet\Desktop\pexels-photo-938962.jpeg
2018-04-28 13:55 - 2018-04-28 13:55 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-04-28 13:55 - 2018-04-28 13:55 - 000093816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-28 13:55 - 2018-04-28 13:55 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-04-28 13:34 - 2018-04-28 13:34 - 000028321 _____ C:\Users\Scarlet\Desktop\ComboFix Log 28-04-2018.txt
2018-04-28 13:23 - 2018-04-28 13:23 - 000028321 _____ C:\ComboFix.txt
2018-04-28 12:30 - 2018-04-28 12:31 - 005659794 ____R (Swearware) C:\Users\Scarlet\Desktop\ComboFix.exe
2018-04-28 00:08 - 2018-04-28 12:08 - 000000000 ____D C:\Users\Scarlet\Desktop\Drive
2018-04-27 23:03 - 2018-04-27 23:12 - 000000000 ____D C:\Windows\system32\nn-NO
2018-04-27 23:03 - 2018-04-27 23:03 - 000000000 ____D C:\Windows\Options
2018-04-27 23:03 - 2018-04-27 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
2018-04-27 23:03 - 2018-04-27 23:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net
2018-04-27 23:03 - 2013-02-06 03:41 - 000008841 ____N C:\Windows\system32\athrextx.cat
2018-04-27 23:03 - 2013-02-03 18:42 - 000060416 ____N (Atheros) C:\Windows\system32\athihvui.dll
2018-04-27 23:03 - 2013-02-03 18:41 - 000440320 ____N (Atheros) C:\Windows\system32\athihvs.dll
2018-04-27 23:03 - 2013-01-22 19:19 - 003851776 ____N (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\athrx.sys
2018-04-27 23:03 - 2013-01-22 19:19 - 003851776 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2018-04-27 23:02 - 2018-04-27 23:24 - 000000000 ____D C:\Program Files (x86)\Dell Wireless
2018-04-27 23:02 - 2018-04-27 23:02 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-04-27 21:54 - 2018-04-27 21:54 - 000094552 _____ C:\Users\Scarlet\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-27 21:52 - 2018-04-27 21:52 - 000362992 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-27 21:17 - 2018-04-27 21:17 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-04-27 21:16 - 2018-04-28 23:10 - 000001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-27 21:16 - 2018-04-27 21:16 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2018-04-27 21:16 - 2018-04-27 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-04-27 21:16 - 2018-04-27 21:16 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-27 21:16 - 2018-04-27 21:16 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-27 21:16 - 2018-03-19 12:57 - 000076192 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-04-27 12:24 - 2018-04-26 00:58 - 000000378 _____ C:\Windows\system32\Drivers\etc\hosts.20180427-122428.backup
2018-04-27 11:59 - 2018-04-27 11:59 - 000000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2018-04-26 03:31 - 2018-04-26 03:31 - 000000000 ____D C:\Users\Scarlet\AppData\Local\CEF
2018-04-26 03:26 - 2018-04-26 03:26 - 000000000 ____D C:\Users\Scarlet\AppData\Local\VirtualStore
2018-04-26 03:11 - 2018-04-26 03:11 - 000001224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-04-26 03:11 - 2018-04-26 03:11 - 000001212 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-04-26 03:03 - 2018-04-27 12:11 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2018-04-26 03:03 - 2018-04-27 12:11 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-26 00:42 - 2018-04-26 00:42 - 000003510 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-Scarlet-PC-Scarlet
2018-04-26 00:40 - 2018-04-26 00:40 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2018.lnk
2018-04-26 00:20 - 2018-05-01 22:44 - 000000000 ___RD C:\Users\Scarlet\Creative Cloud Files
2018-04-25 23:51 - 2018-04-27 21:52 - 000000000 ____D C:\Windows\nv
2018-04-25 23:51 - 2018-04-27 21:17 - 000000000 ____D C:\Windows\wdf
2018-04-25 23:51 - 2018-04-25 23:51 - 000003290 _____ C:\Windows\System32\Tasks\{8CD8FFDB-990C-4086-A98D-62F71C31ECB8}
2018-04-25 22:57 - 2018-04-25 22:57 - 000000000 ____D C:\Users\Scarlet\AppData\LocalLow\uTorrent
2018-04-25 22:13 - 2018-04-25 22:35 - 000000000 ____D C:\Users\Scarlet\Desktop\Projetos e talz
2018-04-25 22:07 - 2018-04-25 22:16 - 000000000 ____D C:\Users\Scarlet\Desktop\GRACOM
2018-04-23 22:28 - 2018-04-23 22:28 - 001741381 _____ C:\Users\Scarlet\Downloads\TUTORIALGUIADEBUSCASatualizacao308122017Modulo1.pdf
2018-04-21 12:46 - 2018-04-21 12:46 - 000090560 _____ C:\Users\Scarlet\Downloads\persona.pdf
2018-04-21 01:28 - 2018-04-21 01:28 - 002163180 _____ C:\Users\Scarlet\Downloads\Manual de Marca - Scarlet (INCOMPLETÍSSIMO).ai
2018-04-11 15:25 - 2018-03-30 23:09 - 005583040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-11 15:25 - 2018-03-30 23:09 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-11 15:25 - 2018-03-30 23:09 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-11 15:25 - 2018-03-30 23:09 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-11 15:25 - 2018-03-30 23:09 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-04-11 15:25 - 2018-03-30 22:45 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-11 15:25 - 2018-03-30 22:39 - 004046528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-04-11 15:25 - 2018-03-30 22:39 - 003958464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-04-11 15:25 - 2018-03-30 22:38 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:12 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 22:06 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-04-11 15:25 - 2018-03-30 22:06 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-04-11 15:25 - 2018-03-30 22:06 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-11 15:25 - 2018-03-30 22:06 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-04-11 15:25 - 2018-03-30 22:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-04-11 15:25 - 2018-03-30 22:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-04-11 15:25 - 2018-03-30 22:02 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-04-11 15:25 - 2018-03-30 21:59 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-11 15:25 - 2018-03-30 21:58 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-04-11 15:25 - 2018-03-30 21:58 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-04-11 15:25 - 2018-03-30 21:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-04-11 15:25 - 2018-03-30 21:58 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-04-11 15:25 - 2018-03-30 21:51 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-04-11 15:25 - 2018-03-30 21:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-04-11 15:25 - 2018-03-30 21:47 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-04-11 15:25 - 2018-03-30 21:47 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-04-11 15:25 - 2018-03-30 21:47 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-04-11 15:25 - 2018-03-28 04:30 - 003225600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-11 15:25 - 2018-03-23 15:50 - 000396952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-11 15:25 - 2018-03-23 14:59 - 000348824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-11 15:25 - 2018-03-22 20:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-11 15:25 - 2018-03-22 18:32 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-04-11 15:25 - 2018-03-22 18:32 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-04-11 15:25 - 2018-03-22 18:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-11 15:25 - 2018-03-22 18:19 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-11 15:25 - 2018-03-22 18:18 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-04-11 15:25 - 2018-03-22 18:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-11 15:25 - 2018-03-22 18:17 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-04-11 15:25 - 2018-03-22 18:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-11 15:25 - 2018-03-22 18:17 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-04-11 15:25 - 2018-03-22 18:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-11 15:25 - 2018-03-22 18:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-04-11 15:25 - 2018-03-22 18:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-04-11 15:25 - 2018-03-22 18:07 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-04-11 15:25 - 2018-03-22 18:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-11 15:25 - 2018-03-22 18:06 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-04-11 15:25 - 2018-03-22 18:06 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-04-11 15:25 - 2018-03-22 18:05 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-04-11 15:25 - 2018-03-22 18:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-04-11 15:25 - 2018-03-22 17:58 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-04-11 15:25 - 2018-03-22 17:55 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-04-11 15:25 - 2018-03-22 17:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-11 15:25 - 2018-03-22 17:52 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-04-11 15:25 - 2018-03-22 17:51 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-04-11 15:25 - 2018-03-22 17:51 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-04-11 15:25 - 2018-03-22 17:50 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-11 15:25 - 2018-03-22 17:49 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-04-11 15:25 - 2018-03-22 17:48 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-11 15:25 - 2018-03-22 17:48 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-04-11 15:25 - 2018-03-22 17:48 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-04-11 15:25 - 2018-03-22 17:45 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-04-11 15:25 - 2018-03-22 17:45 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-04-11 15:25 - 2018-03-22 17:45 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-04-11 15:25 - 2018-03-22 17:44 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-11 15:25 - 2018-03-22 17:43 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-04-11 15:25 - 2018-03-22 17:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-11 15:25 - 2018-03-22 17:42 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-11 15:25 - 2018-03-22 17:42 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-04-11 15:25 - 2018-03-22 17:41 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-04-11 15:25 - 2018-03-22 17:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-04-11 15:25 - 2018-03-22 17:33 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-04-11 15:25 - 2018-03-22 17:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-11 15:25 - 2018-03-22 17:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-11 15:25 - 2018-03-22 17:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-11 15:25 - 2018-03-22 17:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-11 15:25 - 2018-03-22 17:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-11 15:25 - 2018-03-22 17:28 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-04-11 15:25 - 2018-03-22 17:28 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-04-11 15:25 - 2018-03-22 17:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-11 15:25 - 2018-03-22 17:27 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-04-11 15:25 - 2018-03-22 17:25 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-04-11 15:25 - 2018-03-22 17:25 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-11 15:25 - 2018-03-22 17:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-11 15:25 - 2018-03-22 17:22 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-04-11 15:25 - 2018-03-22 17:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-11 15:25 - 2018-03-22 17:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-11 15:25 - 2018-03-22 17:17 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-11 15:25 - 2018-03-22 17:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-11 15:25 - 2018-03-22 17:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-11 15:25 - 2018-03-22 17:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-11 15:25 - 2018-03-22 17:14 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-04-11 15:25 - 2018-03-22 17:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-11 15:25 - 2018-03-22 16:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-11 15:25 - 2018-03-22 16:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-11 15:25 - 2018-03-22 16:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-11 15:25 - 2018-03-22 16:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-11 15:25 - 2018-03-10 14:11 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-11 15:25 - 2018-03-09 15:18 - 000309440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-04-11 15:25 - 2018-03-09 15:12 - 000383680 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-04-11 15:25 - 2018-03-09 15:12 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-11 15:25 - 2018-03-09 15:12 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-11 15:25 - 2018-03-09 15:12 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-04-11 15:25 - 2018-03-09 15:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-04-11 15:25 - 2018-03-09 15:07 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-11 15:25 - 2018-03-09 15:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-11 15:25 - 2018-03-09 15:07 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-04-11 15:25 - 2018-03-09 15:06 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-04-11 15:25 - 2018-03-09 15:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-04-11 15:25 - 2018-03-09 14:31 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-04-11 15:25 - 2018-03-06 15:13 - 000148160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-11 15:25 - 2018-03-06 15:11 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-11 15:25 - 2018-03-06 15:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-11 15:25 - 2018-03-06 15:10 - 000170176 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-11 15:25 - 2018-03-06 15:07 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-11 15:25 - 2018-03-06 15:07 - 000067072 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-11 15:25 - 2018-02-22 00:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-04-11 15:25 - 2018-02-22 00:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-04-11 15:25 - 2018-02-10 15:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-11 15:25 - 2018-02-10 15:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-11 15:25 - 2018-02-10 15:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-04-11 15:25 - 2018-02-10 15:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-11 15:25 - 2018-02-10 15:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-04-11 15:25 - 2018-02-10 15:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-04-11 15:25 - 2018-02-10 15:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-04-11 15:25 - 2018-02-10 15:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
2018-04-11 15:25 - 2018-02-10 15:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-11 15:25 - 2018-02-10 15:11 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-11 15:25 - 2018-02-10 15:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-04-11 15:25 - 2018-02-10 15:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-04-11 15:25 - 2018-02-10 14:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
2018-04-11 15:25 - 2018-02-10 14:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
2018-04-11 15:25 - 2018-02-10 14:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2018-04-11 15:25 - 2018-02-10 14:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-11 15:25 - 2018-02-10 14:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-04-11 15:25 - 2018-02-10 14:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-04-11 15:25 - 2018-02-10 14:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-04-11 15:25 - 2018-02-10 14:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-04-11 15:25 - 2018-02-02 15:40 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-04-11 15:25 - 2018-02-02 15:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-04-11 15:25 - 2018-02-02 15:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-04-11 15:25 - 2018-02-02 15:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-04-11 15:25 - 2018-02-02 15:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-04-11 15:25 - 2018-02-02 15:16 - 003246080 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-11 15:25 - 2018-02-02 15:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-04-11 15:25 - 2018-02-02 15:16 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-04-11 15:25 - 2018-02-02 15:14 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-11 15:25 - 2018-02-02 15:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-04-11 15:25 - 2018-02-02 14:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-04-11 15:25 - 2018-02-02 14:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-04-11 15:25 - 2018-01-25 11:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000063832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000020824 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000019800 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000017752 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000016216 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000015704 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000014168 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000013656 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012632 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000012120 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:05 - 000011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000066392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000019800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000017752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000016216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000015704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000014168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000013656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000012120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2018-04-11 15:25 - 2018-01-25 11:04 - 000011608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2018-04-11 15:25 - 2018-01-15 16:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-04-11 15:25 - 2018-01-15 16:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-04-11 15:25 - 2018-01-12 13:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-11 15:25 - 2018-01-12 13:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-04-11 15:09 - 2018-03-14 14:14 - 000135360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-11 15:09 - 2018-03-14 14:09 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-11 15:09 - 2018-03-14 10:05 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-11 15:09 - 2018-03-14 10:05 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-06 03:26 - 2018-04-06 03:26 - 001823146 _____ C:\Users\Scarlet\Downloads\Trabalho Folder.ai
2018-04-04 23:17 - 2018-04-04 23:17 - 001373947 _____ C:\Users\Scarlet\Downloads\e-book-5dicas-eudesenho.pdf
2018-04-01 21:27 - 2018-02-18 18:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
 
==================== Um Mês Modificados arquivos e pastas ========
 
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
 
2018-05-01 22:44 - 2013-02-07 16:48 - 000000000 ____D C:\Users\Scarlet\AppData\Local\Adobe
2018-05-01 22:42 - 2017-09-27 21:42 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2018-05-01 22:42 - 2017-09-27 21:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-05-01 22:38 - 2017-05-03 23:45 - 000000000 ____D C:\Users\Scarlet\AppData\Roaming\WTablet
2018-05-01 22:38 - 2005-01-01 00:16 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
2018-05-01 22:38 - 2005-01-01 00:16 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-01 22:37 - 2012-12-03 21:05 - 000001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2018-05-01 22:37 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-30 03:58 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-30 03:58 - 2009-07-14 01:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-29 22:31 - 2012-12-03 21:02 - 000000000 ____D C:\Users\Scarlet\AppData\Roaming\Adobe
2018-04-28 13:24 - 2014-06-18 15:32 - 000000000 ____D C:\Qoobox
2018-04-28 13:24 - 2009-07-14 02:09 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-04-28 13:11 - 2009-07-13 23:34 - 000000215 _____ C:\Windows\system.ini
2018-04-28 13:08 - 2009-07-13 23:34 - 129236992 _____ C:\Windows\system32\config\software.bak
2018-04-28 13:08 - 2009-07-13 23:34 - 027262976 _____ C:\Windows\system32\config\system.bak
2018-04-28 13:08 - 2009-07-13 23:34 - 005242880 _____ C:\Windows\system32\config\default.bak
2018-04-28 13:08 - 2009-07-13 23:34 - 000262144 _____ C:\Windows\system32\config\security.bak
2018-04-28 13:08 - 2009-07-13 23:34 - 000262144 _____ C:\Windows\system32\config\sam.bak
2018-04-28 13:06 - 2014-06-18 15:32 - 000000000 ____D C:\Windows\erdnt
2018-04-28 12:06 - 2017-06-14 17:48 - 000000000 ____D C:\Users\Todos os Usuários\Temp
2018-04-28 12:06 - 2017-06-14 17:48 - 000000000 ____D C:\ProgramData\Temp
2018-04-28 11:57 - 2017-06-07 04:08 - 000000000 ____D C:\Users\Scarlet\Documents\Alice jog
2018-04-28 11:55 - 2014-04-17 12:49 - 000000000 ____D C:\Users\Scarlet\Documents\Dolphin Emulator
2018-04-27 23:36 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2018-04-27 23:02 - 2012-11-27 19:25 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-04-27 23:01 - 2014-06-23 17:33 - 000000000 ____D C:\Users\Todos os Usuários\Dell
2018-04-27 23:01 - 2014-06-23 17:33 - 000000000 ____D C:\ProgramData\Dell
2018-04-27 22:46 - 2009-07-14 00:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2018-04-27 22:40 - 2017-04-16 22:46 - 000000000 ____D C:\Program Files\Dell
2018-04-27 22:40 - 2014-06-22 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-04-27 22:32 - 2017-06-23 19:06 - 000000000 ____D C:\Users\Todos os Usuários\SupportAssist
2018-04-27 22:32 - 2017-06-23 19:06 - 000000000 ____D C:\ProgramData\SupportAssist
2018-04-27 21:54 - 2012-11-27 19:45 - 000000000 ____D C:\Users\Usuário Padrão\AppData\Local\SoftThinks
2018-04-27 21:54 - 2012-11-27 19:45 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-04-27 21:54 - 2012-11-27 19:45 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-04-27 21:49 - 2017-04-16 01:38 - 000000000 ____D C:\AdwCleaner
2018-04-27 17:34 - 2012-12-15 15:26 - 000000000 ____D C:\Users\Scarlet\AppData\Roaming\uTorrent
2018-04-27 11:35 - 2017-12-20 00:12 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-04-26 03:14 - 2011-02-12 08:51 - 001600448 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-04-26 03:14 - 2010-11-21 06:37 - 000705880 _____ C:\Windows\system32\prfh0416.dat
2018-04-26 03:14 - 2010-11-21 06:37 - 000147684 _____ C:\Windows\system32\prfc0416.dat
2018-04-26 03:14 - 2009-07-14 02:13 - 001600448 _____ C:\Windows\system32\PerfStringBackup.INI
2018-04-26 02:53 - 2012-12-03 20:58 - 000000000 ____D C:\Users\Scarlet
2018-04-26 01:42 - 2017-06-28 04:42 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-04-26 01:16 - 2012-11-27 19:36 - 000000000 ____D C:\Program Files (x86)\Roxio
2018-04-26 00:53 - 2013-06-01 21:00 - 000000000 ____D C:\Users\Todos os Usuários\Intel
2018-04-26 00:53 - 2013-06-01 21:00 - 000000000 ____D C:\ProgramData\Intel
2018-04-26 00:40 - 2017-05-15 12:15 - 000000000 ____D C:\Users\Scarlet\Documents\Adobe
2018-04-26 00:30 - 2013-02-07 16:21 - 000000000 ____D C:\Users\Todos os Usuários\Adobe
2018-04-26 00:30 - 2013-02-07 16:21 - 000000000 ____D C:\ProgramData\Adobe
2018-04-26 00:24 - 2018-03-10 02:45 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-04-26 00:23 - 2018-03-10 02:43 - 000000000 ____D C:\Program Files\Adobe
2018-04-25 22:25 - 2015-08-05 00:58 - 000000000 ____D C:\Program Files (x86)\Steam
2018-04-25 22:17 - 2018-03-21 06:02 - 000000000 ____D C:\Users\Scarlet\Desktop\VOLUNTEER
2018-04-25 20:33 - 2017-04-14 16:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2018-04-24 09:03 - 2017-05-15 11:21 - 000000033 _____ C:\Users\Scarlet\AppData\Roaming\AdobeWLCMCache.dat
2018-04-18 16:05 - 2009-07-14 02:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-15 23:28 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\rescache
2018-04-11 18:44 - 2014-12-11 11:46 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-11 17:21 - 2013-07-16 19:08 - 000000000 ____D C:\Windows\system32\MRT
2018-04-11 17:15 - 2017-10-11 03:03 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-11 17:15 - 2012-12-17 18:23 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-11 00:49 - 2012-12-03 22:20 - 000000000 ____D C:\Users\Todos os Usuários\Microsoft Help
2018-04-10 20:38 - 2018-03-14 19:37 - 000004542 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-10 20:38 - 2012-11-27 19:12 - 000804864 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-04-10 20:38 - 2012-11-27 19:12 - 000144896 ____N (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-10 20:38 - 2012-11-27 19:12 - 000004384 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 20:38 - 2012-11-27 19:12 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-10 20:37 - 2012-11-27 19:12 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-05 21:25 - 2016-11-09 19:02 - 000000000 ____D C:\Users\Scarlet\Desktop\ucb 2-2015
 
==================== Arquivos na raiz de alguns diretórios =======
 
2017-05-15 11:21 - 2018-04-24 09:03 - 000000033 _____ () C:\Users\Scarlet\AppData\Roaming\AdobeWLCMCache.dat
2017-04-16 02:13 - 2017-06-02 18:23 - 000007630 _____ () C:\Users\Scarlet\AppData\Local\Resmon.ResmonCfg
 
Arquivos para serem movidos ou deletados:
====================
C:\Windows\Tasks\{84F6E16C-0320-48E4-83D8-D1321FC00EDF}.job
C:\Windows\Tasks\{EAB7340E-130C-4746-BCA1-F9FB003ADD03}.job
 
 
==================== Bamital & volsnap ======================
 
(Não há correção automática para arquivos que não passaram na verificação.)
 
C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente
 
LastRegBack: 2018-04-28 01:20
 
==================== Fim de FRST.txt ============================

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 AM

Posted 02 May 2018 - 08:02 AM

Hi,

Firewall do Windows está desabilitado.
ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
<<<>>>

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

U3 ao7om1md; C:\Windows\System32\Drivers\ao7om1md.sys [0 ] (Advanced Micro Devices) <==== ATENÇÃO (zero byte Arquivo/Pasta)
C:\Windows\System32\Drivers\ao7om1md.sys

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#10 Kyuketsuki

Kyuketsuki
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 02 May 2018 - 02:56 PM

Hi, nasdaq.

 

I apologize for my cluelessness, but, System Restore? Is it some Windows Firewall tool?

I didn't find anything about it on the link you provided... Although I managed to activate Windows Firewall and did as you said with Farbar.

Here's the Fixlog:

 

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25.04.2018
Executado por Scarlet (02-05-2018 16:29:11) Run:2
Executando a partir de C:\Users\Scarlet\Desktop\FRST
Perfis Carregados: Scarlet (Perfis Disponíveis: Scarlet)
Modo da Inicialização: Normal
==============================================
 
fixlist Conteúdo:
*****************
Start
 
CreateRestorePoint:
CloseProcesses:
 
U3 ao7om1md; C:\Windows\System32\Drivers\ao7om1md.sys [0 ] (Advanced Micro Devices) <==== ATEN��O (zero byte Arquivo/Pasta)
C:\Windows\System32\Drivers\ao7om1md.sys
 
Reboot:
 
End
*****************
 
Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
ao7om1md => serviço não encontrado (a).
"C:\Windows\System32\Drivers\ao7om1md.sys" => não encontrado (a)
 
 
O sistema precisou ser reiniciado.
 
==== Fim de Fixlog 16:29:41 ====
 
 
As clueless as I am, I don't notice any more problems, the computer seems to be functioning normally.
Should I do anything else?


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:05 AM

Posted 03 May 2018 - 06:50 AM

Hi,

I apologize for my cluelessness, but, System Restore? Is it some Windows Firewall tool?


Yes it's part of the Microsoft Windows Operating System.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#12 Kyuketsuki

Kyuketsuki
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 03 May 2018 - 03:30 PM

Understood.

Thank you very much for your help, nasdaq!

 

Best regards.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users