cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 21.07.2018
Executado por Maple Bear (administrador) em DESKTOP-4L82HJ4 (25-07-2018 11:43:36)
Executando a partir de C:\Users\Maple Bear\Desktop
Perfis Carregados: Maple Bear (Perfis Disponíveis: Maple Bear)
Platform: Windows 10 Home Single Language Versão 1803 17134.81 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Edge)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(MDL Forum, mod by Ratiborus) C:\ProgramData\KMSAutoS\bin\KMSSS.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\ProgramData\Logic Cramble\set.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
() C:\ProgramData\PrefsSecure\Nettrans.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\ColorEngine\ColorEngine.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(BLJO) C:\Program Files (x86)\c4e5i2idlbs\OOBC5V8XNIXC5DE.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(BLJO) C:\Program Files\NTFAJC7CK1\UW3WJF3WE.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Gobm ) C:\Users\Maple Bear\AppData\Roaming\fuhvesj40b5\q3xcuyv5arf.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Maple Bear\AppData\Local\Temp\is-TR7N1.tmp\q3xcuyv5arf.tmp
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\Maple Bear\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIMRE.EXE
(BLJO) C:\Program Files\A949NS6C3O\A949NS6C3.exe
(Gobm ) C:\Users\Maple Bear\AppData\Roaming\cls4bkk0nhm\0gxe04bloba.exe
(BLJO) C:\Program Files (x86)\c4e5i2idlbs\NF0EX.exe
(BLJO) C:\Program Files\V1OBNIOUTS\V1OBNIOUT.exe
(BLJO) C:\Program Files\K7BMDM64GL\K7BMDM64G.exe
(Gobm ) C:\Users\Maple Bear\AppData\Roaming\24rdlfd0zir\tzja4yvdwjd.exe
(Gobm ) C:\Users\Maple Bear\AppData\Roaming\2ltuu2jza0t\2ftovy5o1l2.exe
() C:\Users\Maple Bear\AppData\Local\Temp\is-NEHDJ.tmp\0gxe04bloba.tmp
(Gobm ) C:\Users\Maple Bear\AppData\Roaming\k4mm4u3gy20\2ri0gursg3e.exe
(BLJO) C:\Program Files\ZISY2WDKFX\MTLJUW7JF.exe
() C:\Users\Maple Bear\AppData\Local\Temp\is-6B0Q2.tmp\tzja4yvdwjd.tmp
() C:\Users\Maple Bear\AppData\Local\Temp\is-39QHF.tmp\2ftovy5o1l2.tmp
(Gobm ) C:\Users\Maple Bear\AppData\Roaming\odo1acbzw4o\5vc1e2cenqa.exe
(BLJO) C:\Program Files\1QGDTP0T64\O19YLPUS7.exe
(BLJO) C:\Program Files\NTFAJC7CK1\UW3WJF3WE.exe
(Gobm ) C:\Users\Maple Bear\AppData\Roaming\fuhvesj40b5\q3xcuyv5arf.exe
() C:\Users\Maple Bear\AppData\Local\Temp\is-EB7CN.tmp\2ri0gursg3e.tmp
() C:\Users\Maple Bear\AppData\Local\Temp\is-L7G6H.tmp\q3xcuyv5arf.tmp
() C:\Users\Maple Bear\AppData\Local\Temp\is-V581P.tmp\5vc1e2cenqa.tmp
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Multitimer\Multitimer.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3251408 2015-09-23] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [653280 2017-11-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [862176 2017-11-01] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [Multitimer] => C:\Program Files (x86)\Multitimer\Multitimer.exe [281600 2017-12-12] ()
HKLM\...\RunOnce: [OMEWPRODUCT_4RRFH] => C:\Program Files (x86)\c4e5i2idlbs\OOBC5V8XNIXC5DE.exe [193536 2018-07-25] (BLJO) <==== ATENÇÃO
HKLM\...\RunOnce: [zdkvpsyzhf3] => C:\Program Files (x86)\PMLO\3483853.exe [664576 2018-07-25] ()
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [Spotify Web Helper] => C:\Users\Maple Bear\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-08] (Spotify Ltd)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [Spotify] => C:\Users\Maple Bear\AppData\Roaming\Spotify\Spotify.exe [15866480 2017-08-08] (Spotify Ltd)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [Free Download Manager] => "C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe" --minimized
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMRE.EXE [298560 2014-03-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [820BKYM9V8OASAZ] => C:\Program Files\A949NS6C3O\A949NS6C3.exe [807936 2018-07-25] (BLJO)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [429699] => C:\Users\Maple Bear\AppData\Roaming\cls4bkk0nhm\0gxe04bloba.exe [537110 2018-07-25] (Gobm )
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [M0D7OJRDPF3F6NY] => C:\Program Files (x86)\c4e5i2idlbs\NF0EX.exe [807936 2018-07-25] (BLJO)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [VC1FWU7Y5L7D8BJ] => C:\Program Files\V1OBNIOUTS\V1OBNIOUT.exe [807936 2018-07-25] (BLJO)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [UEALPTNUMJEH081] => C:\Program Files\K7BMDM64GL\K7BMDM64G.exe [807936 2018-07-25] (BLJO)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [302225] => C:\Users\Maple Bear\AppData\Roaming\24rdlfd0zir\tzja4yvdwjd.exe [537110 2018-07-25] (Gobm )
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [5481861] => C:\Users\Maple Bear\AppData\Roaming\2ltuu2jza0t\2ftovy5o1l2.exe [537110 2018-07-25] (Gobm )
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [1675006] => C:\Users\Maple Bear\AppData\Roaming\k4mm4u3gy20\2ri0gursg3e.exe [537110 2018-07-25] (Gobm )
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [CH84B2JIHH5X4SC] => C:\Program Files\ZISY2WDKFX\MTLJUW7JF.exe [807936 2018-07-25] (BLJO)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [1258538] => C:\Users\Maple Bear\AppData\Roaming\odo1acbzw4o\5vc1e2cenqa.exe [537110 2018-07-25] (Gobm )
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [BQLVFXD9T03PGIF] => C:\Program Files\1QGDTP0T64\O19YLPUS7.exe [807936 2018-07-25] (BLJO)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [J57LKTND4O41WEU] => C:\Program Files\NTFAJC7CK1\UW3WJF3WE.exe [807936 2018-07-25] (BLJO)
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\...\Run: [6177928] => C:\Users\Maple Bear\AppData\Roaming\fuhvesj40b5\q3xcuyv5arf.exe [537110 2018-07-25] (Gobm )
AppInit_DLLs: C:\ProgramData\Voyasollam\Sumtom.dll => Nenhum Arquivo
AppInit_DLLs-x32: C:\ProgramData\Voyasollam\Ranloting.dll => Nenhum Arquivo
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 179.232.0.31 179.232.0.36 201.6.4.116
Tcpip\..\Interfaces\{565b56e1-4cb6-491a-9502-5bc051972339}: [DhcpNameServer] 192.168.25.1
Tcpip\..\Interfaces\{e31b5f51-1d5b-4fb3-8c6c-f0154f10d3bc}: [DhcpNameServer] 179.232.0.31 179.232.0.36 201.6.4.116

Internet Explorer:
==================
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW6wAq_3G5aRco9xrGZxVyM2GZowPWLCnrE5-o3T5PvCiWBNp7C365g29QHzrQ_-Q6i6SMeSurTM_DlqpsmQW-vgJ-s5jnpv1WFmjBqtjya1W23S7WHC-Kg3Npq-3_weHm1OPiPYTC1ZIReyP9n5FUImu5Wf0A,,&q={searchTerms}
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW6wAq_3G5aRco9xrGZxVyM2GZowPWLCnrE5-o3T5PvCiWBNp7C365g29QHzrQ_-Q6i2FbbulbtMY_yhObfZdyUfOkI7kD0ZA0LYE6wMhUmU5eiW6pFIWauP8C0c831GHhjlFuXbHmEibJBW4nmFSdVyH_qDWg,,
HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung17win10.msn.com/?pc=SMTE
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW6wAq_3G5aRco9xrGZxVyM2GZowPWLCnrE5-o3T5PvCiWBNp7C365g29QHzrQ_-Q6i6SMeSurTM_DlqpsmQW-vgJ-s5jnpv1WFmjBqtjya1W23S7WHC-Kg3Npq-3_weHm1OPiPYTC1ZIReyP9n5FUImu5Wf0A,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4216877997-3920459586-2356809368-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW6wAq_3G5aRco9xrGZxVyM2GZowPWLCnrE5-o3T5PvCiWBNp7C365g29QHzrQ_-Q6i6SMeSurTM_DlqpsmQW-vgJ-s5jnpv1WFmjBqtjya1W23S7WHC-Kg3Npq-3_weHm1OPiPYTC1ZIReyP9n5FUImu5Wf0A,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4216877997-3920459586-2356809368-1001 -> {72B10185-4FDD-4808-B788-0FF5F4CD5EE6} URL =
SearchScopes: HKU\S-1-5-21-4216877997-3920459586-2356809368-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW6wAq_3G5aRco9xrGZxVyM2GZowPWLCnrE5-o3T5PvCiWBNp7C365g29QHzrQ_-Q6i6SMeSurTM_DlqpsmQW-vgJ-s5jnpv1WFmjBqtjya1W23S7WHC-Kg3Npq-3_weHm1OPiPYTC1ZIReyP9n5FUImu5Wf0A,,&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-25] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-02] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll [2018-06-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll [2018-06-07] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-25] (Microsoft Corporation)

Edge:
======
Edge Extension: (Sem Nome) -> EdgeExtension_PinterestPinItButton_xnkra2w3aecd0 => C:\Program Files\WindowsApps\Pinterest.PinItButton_1.39.5.0_neutral__xnkra2w3aecd0 [2017-03-23]
Edge Extension: (Mouse Gestures) -> MouseGestures_MicrosoftMouseGestures_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.MouseGestures_0.6.17136.0_neutral__8wekyb3d8bbwe [2017-05-17]

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\dtplugin\npDeployJava1.dll [2018-06-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.171.2 -> C:\Program Files (x86)\Java\jre1.8.0_171\bin\plugin2\npjp2.dll [2018-06-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-02] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)

Chrome:
=======
CHR NewTab: Default -> "active" : true,
"entry" : "chrome-extension://pbdpajcdgknpendpmecafmopknefafha/index.html"


CHR Profile: C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default [2018-07-25]
CHR Extension: (Docs) - C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-10]
CHR Extension: (Google Drive) - C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-07]
CHR Extension: (YouTube) - C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-07]
CHR Extension: (Google Docs Offline) - C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-07]
CHR Extension: (Sem Nome) - C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-19]
CHR Extension: (Sem Nome) - C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2018-07-25]
CHR Extension: (Gmail) - C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-07]
CHR Extension: (Sem Nome) - C:\Users\Maple Bear\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-04]
CHR HKU\S-1-5-21-4216877997-3920459586-2356809368-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-11-18] (Windows (R) Win 7 DDK provider) [Arquivo não assinado]
R2 backlh; C:\ProgramData\Logic Cramble\set.exe [3780096 2018-07-24] () [Arquivo não assinado] <==== ATENÇÃO
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-07-13] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [139984 2015-09-23] (ELAN Microelectronics Corp.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-25] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-21] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-10-15] (Intel Corporation)
R2 KMSEmulator; C:\ProgramData\KMSAutoS\bin\KMSSS.exe [301056 2015-07-24] (MDL Forum, mod by Ratiborus) [Arquivo não assinado]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [Arquivo não assinado]
R2 Nettrans; C:\ProgramData\PrefsSecure\Nettrans.exe [43520 2018-07-25] () [Arquivo não assinado] <==== ATENÇÃO
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [Arquivo não assinado]
R2 SecPowerCtrlService; C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlService.exe [1702112 2016-07-17] (Samsung Electronics Co., Ltd.)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1784616 2016-07-20] (Samsung Electronics Co., Ltd.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3293032 2016-07-18] (Samsung Electronics Co., Ltd.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-12-14] (GAS Tecnologia LTDA)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-07-25] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-07-25] (Microsoft Corporation)
R2 MDNhY; rundll32.exe C:\WINDOWS\ijfiwwindwrxeliq.ijfiw BsiBBdOkXe [X]
S2 Razer Chroma SDK Server; "C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe" [X]
S2 Razer Chroma SDK Service; "C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe" [X]

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN Microelectronic Corp.)
R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2015-06-14] (Intel Corporation)
R1 MpKsl45c1375e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0B11CB5E-80FC-4955-B08D-BB5155547B5F}\MpKsl45c1375e.sys [58120 2018-07-25] (Microsoft Corporation)
R1 powzip; C:\WINDOWS\System32\drivers\powzip.sys [193128 2018-07-25] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-22] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [434560 2016-10-04] (Realsil Semiconductor Corporation)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [55904 2016-01-08] (QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [33376 2016-01-08] (DEVGURU Co., LTD.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-07-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-07-25] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-07-25] (Microsoft Corporation)
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2018-07-25] (GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia)
S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia)
R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [43608 2017-12-14] (GAS Tecnologia)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-07-25 11:39 - 2018-07-25 11:43 - 000056344 _____ C:\Users\Maple Bear\Desktop\Addition.txt
2018-07-25 11:37 - 2018-07-25 11:44 - 000025540 _____ C:\Users\Maple Bear\Desktop\FRST.txt
2018-07-25 11:37 - 2018-07-25 11:43 - 000000000 ____D C:\FRST
2018-07-25 11:36 - 2018-07-25 11:36 - 002412544 _____ (Farbar) C:\Users\Maple Bear\Desktop\FRST64.exe
2018-07-25 11:00 - 2018-07-25 11:00 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-25 11:00 - 2018-07-25 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office
2018-07-25 10:50 - 2018-07-25 10:50 - 000000000 ____D C:\Users\Maple Bear\AppData\Roaming\fuhvesj40b5
2018-07-25 10:50 - 2018-07-25 10:50 - 000000000 ____D C:\Program Files\NTFAJC7CK1
2018-07-25 10:46 - 2018-07-25 10:46 - 000000286 __RSH C:\Users\Todos os Usuários\ntuser.pol
2018-07-25 10:46 - 2018-07-25 10:46 - 000000286 __RSH C:\ProgramData\ntuser.pol
2018-07-25 10:43 - 2018-07-25 11:01 - 000690636 _____ C:\WINDOWS\Minidump\072518-38531-01.dmp
2018-07-25 10:43 - 2018-07-25 10:43 - 522991935 _____ C:\WINDOWS\MEMORY.DMP
2018-07-25 10:43 - 2018-07-25 10:43 - 000000000 ____D C:\WINDOWS\Minidump
2018-07-25 10:38 - 2018-07-25 10:38 - 000000000 ____D C:\Users\Maple Bear\AppData\Roaming\ChemTable Software
2018-07-25 10:37 - 2018-07-25 10:38 - 000000000 ____D C:\Users\Maple Bear\AppData\Local\ChemTable Software
2018-07-25 10:37 - 2018-07-25 10:37 - 000001257 _____ C:\Users\Public\Desktop\Reg Organizer.lnk
2018-07-25 10:37 - 2018-07-25 10:37 - 000000000 ____D C:\Users\Todos os Usuários\Chemtable Software
2018-07-25 10:37 - 2018-07-25 10:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reg Organizer
2018-07-25 10:37 - 2018-07-25 10:37 - 000000000 ____D C:\ProgramData\Chemtable Software
2018-07-25 10:37 - 2018-07-25 10:37 - 000000000 ____D C:\Program Files (x86)\Reg Organizer
2018-07-25 10:35 - 2018-07-25 10:35 - 000015610 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-07-25 10:35 - 2018-07-25 10:35 - 000003350 _____ C:\WINDOWS\System32\Tasks\psv_Dentophase
2018-07-25 10:35 - 2018-07-25 10:35 - 000003346 _____ C:\WINDOWS\System32\Tasks\psv_ZerSonlab
2018-07-25 10:35 - 2018-07-25 10:35 - 000003338 _____ C:\WINDOWS\System32\Tasks\psv_EcoDontex
2018-07-25 10:35 - 2018-07-25 10:35 - 000000000 ____D C:\Users\Todos os Usuários\Logic Cramble
2018-07-25 10:35 - 2018-07-25 10:35 - 000000000 ____D C:\Users\Maple Bear\AppData\Roaming\Mozilla
2018-07-25 10:35 - 2018-07-25 10:35 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-07-25 10:35 - 2018-07-25 10:35 - 000000000 ____D C:\Program Files (x86)\Multitimer
2018-07-25 10:34 - 2018-07-25 10:35 - 000000000 ____D C:\Users\Todos os Usuários\Voyasollams
2018-07-25 10:34 - 2018-07-25 10:35 - 000000000 ____D C:\ProgramData\Voyasollams
2018-07-25 10:34 - 2018-07-25 10:34 - 001895384 _____ C:\Users\Maple Bear\AppData\Local\Nimtax.bin
2018-07-25 10:34 - 2018-07-25 10:34 - 000003354 _____ C:\WINDOWS\System32\Tasks\psv_Lightron
2018-07-25 10:34 - 2018-07-25 10:34 - 000003334 _____ C:\WINDOWS\System32\Tasks\psv_Toughdox
2018-07-25 10:33 - 2018-07-25 10:33 - 000000000 ____D C:\Program Files (x86)\PMLO
2018-07-25 10:31 - 2018-07-25 10:31 - 007763456 _____ C:\Users\Maple Bear\AppData\Local\agent.dat
2018-07-25 10:31 - 2018-07-25 10:31 - 002019094 _____ C:\Users\Maple Bear\AppData\Local\Vaiadex.tst
2018-07-25 10:31 - 2018-07-25 10:31 - 000126464 _____ C:\Users\Maple Bear\AppData\Local\noah.dat
2018-07-25 10:31 - 2018-07-25 10:31 - 000070896 _____ C:\Users\Maple Bear\AppData\Local\Config.xml
2018-07-25 10:31 - 2018-07-25 10:31 - 000018432 _____ C:\Users\Maple Bear\AppData\Local\Main.dat
2018-07-25 10:31 - 2018-07-25 10:31 - 000005568 _____ C:\Users\Maple Bear\AppData\Local\md.xml
2018-07-25 10:31 - 2018-07-25 10:31 - 000001052 _____ C:\Users\Public\Desktop\Powzip.lnk
2018-07-25 10:31 - 2018-07-25 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Powzip
2018-07-25 10:31 - 2018-07-25 10:28 - 001811968 _____ (TODO: ) C:\Users\Maple Bear\AppData\Local\Vaiadex.exe
2018-07-25 10:30 - 2018-07-25 10:31 - 000000000 ____D C:\Users\Todos os Usuários\PrefsSecure
2018-07-25 10:30 - 2018-07-25 10:31 - 000000000 ____D C:\ProgramData\PrefsSecure
2018-07-25 10:30 - 2018-07-25 10:31 - 000000000 ____D C:\Program Files (x86)\Powzip
2018-07-25 10:30 - 2018-07-25 10:30 - 000278509 _____ C:\Users\Maple Bear\AppData\Local\AlphaRedtip.bin
2018-07-25 10:30 - 2018-07-25 10:30 - 000000000 ____D C:\Users\Todos os Usuários\a1e1d860-46b7-1
2018-07-25 10:30 - 2018-07-25 10:30 - 000000000 ____D C:\Users\Todos os Usuários\a1e1d860-3303-0
2018-07-25 10:30 - 2018-07-25 10:30 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-07-25 10:30 - 2018-07-25 10:30 - 000000000 ____D C:\ProgramData\a1e1d860-46b7-1
2018-07-25 10:30 - 2018-07-25 10:30 - 000000000 ____D C:\ProgramData\a1e1d860-3303-0
2018-07-25 10:29 - 2018-07-25 10:29 - 000000000 ____D C:\Users\Maple Bear\AppData\Roaming\odo1acbzw4o
2018-07-25 10:29 - 2018-07-25 10:29 - 000000000 ____D C:\Program Files\ZISY2WDKFX
2018-07-25 10:29 - 2018-07-25 10:29 - 000000000 ____D C:\Program Files\1QGDTP0T64
2018-07-25 10:28 - 2018-07-25 10:59 - 000930816 _____ C:\Users\Maple Bear\AppData\Local\sham.db
2018-07-25 10:28 - 2018-07-25 10:30 - 000016080 _____ C:\Users\Maple Bear\AppData\Local\InstallationConfiguration.xml
2018-07-25 10:28 - 2018-07-25 10:28 - 000140800 _____ C:\Users\Maple Bear\AppData\Local\installer.dat
2018-07-25 10:28 - 2018-07-25 10:28 - 000000000 ____D C:\Users\Maple Bear\AppData\Roaming\k4mm4u3gy20
2018-07-25 10:28 - 2018-07-25 10:28 - 000000000 ____D C:\Users\Maple Bear\AppData\Roaming\2ltuu2jza0t
2018-07-25 10:27 - 2018-07-25 11:00 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2018-07-25 10:27 - 2018-07-25 10:27 - 000001116 _____ C:\Users\Maple Bear\Desktop\publicHotsp.lnk
2018-07-25 10:27 - 2018-07-25 10:27 - 000000000 ____D C:\Users\Maple Bear\AppData\Roaming\24rdlfd0zir
2018-07-25 10:27 - 2018-07-25 10:27 - 000000000 ____D C:\Program Files\V1OBNIOUTS
2018-07-25 10:27 - 2018-07-25 10:27 - 000000000 ____D C:\Program Files\K7BMDM64GL
2018-07-25 10:27 - 2018-07-25 10:27 - 000000000 ____D C:\Program Files\A949NS6C3O
2018-07-25 10:26 - 2018-07-25 11:03 - 000000000 ____D C:\Users\Maple Bear\AppData\Local\WhiteClick
2018-07-25 10:26 - 2018-07-25 10:27 - 000000000 ____D C:\Program Files (x86)\publicHotsp
2018-07-25 10:26 - 2018-07-25 10:27 - 000000000 ____D C:\Program Files (x86)\c4e5i2idlbs
2018-07-25 10:26 - 2018-07-25 10:26 - 000828928 _____ C:\WINDOWS\ijfiwwindwrxeliq.ijfiw
2018-07-25 10:26 - 2018-07-25 10:26 - 000000000 ____D C:\Users\Maple Bear\AppData\Roaming\cls4bkk0nhm
2018-07-25 10:25 - 2018-07-25 10:25 - 000003790 _____ C:\WINDOWS\System32\Tasks\{FBD16DD0-EB44-7F4E-2BEA-1FF08A4F1139}
2018-07-25 10:25 - 2018-07-25 10:25 - 000003622 _____ C:\WINDOWS\System32\Tasks\{FF6B6294-00AF-3858-5866-5500412C12CF}
2018-07-25 10:24 - 2018-07-25 10:24 - 000001052 _____ C:\Users\Maple Bear\Desktop\Win iPhone X.lnk
2018-07-25 10:24 - 2018-07-25 10:24 - 000000003 _____ C:\Users\Maple Bear\AppData\Local\wbem.ini
2018-07-25 10:23 - 2018-07-25 10:23 - 000001060 _____ C:\Users\Maple Bear\Desktop\Adult Dating.lnk
2018-07-25 10:23 - 2018-07-25 10:23 - 000001056 _____ C:\Users\Maple Bear\Desktop\Play Warframe.lnk
2018-07-25 10:23 - 2018-07-25 10:23 - 000001056 _____ C:\Users\Maple Bear\Desktop\Play Crossout.lnk
2018-07-25 10:22 - 2018-07-25 10:22 - 002321128 _____ C:\Users\Maple Bear\Downloads\Ativador_Office_2016_PERMANENTE_DEFINITIVO_SENHA_123.zip
2018-07-25 06:14 - 2018-07-25 06:14 - 000000000 ____D C:\Users\Maple Bear\AppData\LocalLow\uTorrent
2018-07-25 00:06 - 2018-07-25 00:06 - 000193128 _____ C:\WINDOWS\system32\Drivers\powzip.sys
2018-07-23 16:06 - 2018-07-23 16:06 - 001891328 _____ C:\WINDOWS\ZTEwNmYyNDc2NWY5ZDF.exe
2018-07-23 16:06 - 2018-07-23 16:06 - 000098212 _____ C:\WINDOWS\uninstaller.dat

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-07-25 11:33 - 2018-04-11 20:38 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2018-07-25 11:33 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-25 11:10 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-25 11:10 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-25 11:05 - 2018-06-05 11:46 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-25 11:01 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-25 11:00 - 2017-03-15 08:31 - 000002536 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-07-25 11:00 - 2017-03-15 08:31 - 000002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-25 11:00 - 2017-03-15 08:31 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-25 11:00 - 2017-03-15 08:31 - 000002474 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-25 11:00 - 2017-03-15 08:31 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-25 11:00 - 2017-03-15 08:31 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-25 11:00 - 2017-03-15 08:31 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-25 10:59 - 2018-01-24 08:32 - 000000000 ____D C:\Users\Maple Bear\AppData\Local\Packages
2018-07-25 10:58 - 2017-03-15 08:28 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-25 10:55 - 2018-02-22 15:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-07-25 10:54 - 2017-03-28 14:24 - 000000000 ___RD C:\Users\Maple Bear\Google Drive
2018-07-25 10:49 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-25 10:46 - 2017-09-01 10:20 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-25 10:46 - 2017-03-03 12:21 - 000000000 __SHD C:\Users\Maple Bear\IntelGraphicsProfiles
2018-07-25 10:46 - 2015-10-30 04:24 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-07-25 10:45 - 2018-06-05 11:29 - 000000000 ____D C:\Users\Maple Bear
2018-07-25 10:43 - 2018-06-05 11:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-25 10:43 - 2018-06-05 11:22 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-25 10:43 - 2017-03-15 12:23 - 000028376 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2018-07-25 10:37 - 2017-03-03 12:54 - 000002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-25 06:42 - 2017-03-07 14:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-25 06:41 - 2017-03-07 14:45 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-25 06:23 - 2017-03-03 13:05 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-25 06:14 - 2017-03-13 07:06 - 000000000 ____D C:\Users\Maple Bear\AppData\Roaming\uTorrent
2018-06-28 22:13 - 2018-04-11 20:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-28 22:13 - 2018-04-11 20:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Arquivos na raiz de alguns diretórios =======

1601-01-03 21:33 - 1601-01-03 21:33 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\OQAjU.exe
2018-07-25 10:31 - 2018-07-25 10:31 - 007763456 _____ () C:\Users\Maple Bear\AppData\Local\agent.dat
2018-07-25 10:30 - 2018-07-25 10:30 - 000278509 _____ () C:\Users\Maple Bear\AppData\Local\AlphaRedtip.bin
2018-07-25 10:31 - 2018-07-25 10:31 - 000070896 _____ () C:\Users\Maple Bear\AppData\Local\Config.xml
2018-07-25 10:28 - 2018-07-25 10:30 - 000016080 _____ () C:\Users\Maple Bear\AppData\Local\InstallationConfiguration.xml
2018-07-25 10:28 - 2018-07-25 10:28 - 000140800 _____ () C:\Users\Maple Bear\AppData\Local\installer.dat
2018-07-25 10:31 - 2018-07-25 10:31 - 000018432 _____ () C:\Users\Maple Bear\AppData\Local\Main.dat
2018-07-25 10:31 - 2018-07-25 10:31 - 000005568 _____ () C:\Users\Maple Bear\AppData\Local\md.xml
2018-07-25 10:34 - 2018-07-25 10:34 - 001895384 _____ () C:\Users\Maple Bear\AppData\Local\Nimtax.bin
2018-07-25 10:31 - 2018-07-25 10:31 - 000126464 _____ () C:\Users\Maple Bear\AppData\Local\noah.dat
2018-07-25 10:28 - 2018-07-25 10:59 - 000930816 _____ () C:\Users\Maple Bear\AppData\Local\sham.db
2018-07-25 10:35 - 2018-07-25 10:35 - 000032038 _____ () C:\Users\Maple Bear\AppData\Local\uninstall_temp.ico
2018-07-25 10:31 - 2018-07-25 10:28 - 001811968 _____ (TODO: ) C:\Users\Maple Bear\AppData\Local\Vaiadex.exe
2018-07-25 10:31 - 2018-07-25 10:31 - 002019094 _____ () C:\Users\Maple Bear\AppData\Local\Vaiadex.tst
2018-07-25 10:24 - 2018-07-25 10:24 - 000000003 _____ () C:\Users\Maple Bear\AppData\Local\wbem.ini

Arquivos para serem movidos ou deletados:
====================
C:\Program Files (x86)\c4e5i2idlbs\OOBC5V8XNIXC5DE.exe


Alguns arquivos em TEMP:
====================
2018-07-25 10:34 - 2018-07-25 10:34 - 000375522 _____ ( ) C:\Users\Maple Bear\AppData\Local\Temp\0sz253ohanr.exe
2018-07-25 10:23 - 2018-07-25 10:23 - 002971704 _____ (BitTorrent Inc.) C:\Users\Maple Bear\AppData\Local\Temp\Ativador_Office_2016_PERMANENTE_DEFINITIVO.exe
2013-12-08 19:39 - 2013-12-08 19:39 - 000052224 _____ () C:\Users\Maple Bear\AppData\Local\Temp\Ernestine.dll
2018-07-25 10:24 - 2018-07-25 10:24 - 000540672 _____ () C:\Users\Maple Bear\AppData\Local\Temp\installer_mi.exe
2018-07-25 10:24 - 2018-07-25 10:24 - 000820224 _____ () C:\Users\Maple Bear\AppData\Local\Temp\RegOrganizer.exe
2018-07-25 10:25 - 2018-07-25 10:37 - 015440200 _____ (ChemTable Software ) C:\Users\Maple Bear\AppData\Local\Temp\run.exe
2018-07-25 10:24 - 2018-07-25 10:24 - 008047387 _____ () C:\Users\Maple Bear\AppData\Local\Temp\s2s.exe
2018-07-25 10:24 - 2018-07-25 10:24 - 000667136 _____ () C:\Users\Maple Bear\AppData\Local\Temp\setup.exe
2018-07-25 10:24 - 2018-07-25 10:24 - 000688786 _____ ( ) C:\Users\Maple Bear\AppData\Local\Temp\setupGI.exe
2018-07-25 10:23 - 2018-07-25 10:23 - 000838656 _____ () C:\Users\Maple Bear\AppData\Local\Temp\TigerTrade.exe
2018-07-25 10:24 - 2018-07-25 10:24 - 000256674 _____ () C:\Users\Maple Bear\AppData\Local\Temp\veninstall.exe
2018-07-25 10:24 - 2018-07-25 10:24 - 001130527 _____ (Digital LLC ) C:\Users\Maple Bear\AppData\Local\Temp\whiteclick.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2018-06-05 11:22

==================== Fim de FRST.txt ============================

Publicité


Signaler le contenu de ce document

Publicité