[SOLVED] [8.1 x64] 0x1000007e (WppRecorder.sys). Asus X450LD

vjb89 · May 8, 2018

Hi, i had a bluetooth mouse that i used before but after some time i stopped using it and bought a wired mouse. The problem is that this last mouse started double clicking and because of that i decided to use that bluetooth mouse again. But when i turn on bluetooth and try to connect it, i see this bluescreen with the message on title. I can fix it by doing a system restore but i still want to use that bluetooth mouse...

Image attached showing the bluescreen...

I'm creating this topic because i was told to do so as it could be a malware. Here: https://www.sysnative.com/forums/bsod-crashes-kernel-debugging/25247-8-1-x64-0x1000007e-wpprecorder-sys-asus-x450ld.html#post217857

FRST

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 06.05.2018 01
Executado por Victor (administrador) em ASUS-PC (08-05-2018 15:46:17)
Executando a partir de C:\Users\Victor\Desktop
Perfis Carregados: Victor (Perfis Disponíveis: Victor)
Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(hxxp://winaero.com) C:\Users\Victor\Desktop\Miniaturas - Barras laterais\wcbk_[winaero.com]_135\WinaeroCharmsBarKiller.exe
(RaMMicHaeL) C:\Users\Victor\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
() C:\Windows\SysWOW64\ReSent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BlueStack Systems, Inc.) C:\ProgramData\BlueStacks\Client\Bluestacks.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Player.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Bluestack System Inc. ) C:\Program Files (x86)\BlueStacks\BstkSVC.exe
(BlueStack Systems, Inc.) C:\ProgramData\BlueStacks\Client\Bluestacks.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\Pub\PubMonitor.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [111488 2015-11-20] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804360 2016-04-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM-x32\...\Run: [ReSent] => c:\windows\SysWOW64\resent.exe [176640 2016-10-08] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-29] (Atheros Communications)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-18] (Disc Soft Ltd)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-06-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Run: [CharmsBarKiller] => C:\Users\Victor\Desktop\Miniaturas - Barras laterais\wcbk_[winaero.com]_135\WinaeroCharmsBarKiller.exe [349184 2013-11-23] (hxxp://winaero.com)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Run: [PCLink] => C:\Program Files (x86)\ASUS\PC Link\PCLink.exe [640272 2015-10-29] (ASUSTek Computer Inc.)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [17074688 2018-03-06] (Piriform Ltd)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Run: [7 Taskbar Tweaker] => C:\Users\Victor\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [424960 2017-10-19] (RaMMicHaeL)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Run: [f.lux] => C:\Users\Victor\AppData\Local\FluxSoftware\Flux\flux.exe [1682936 2018-01-17] (f.lux Software LLC)
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {021bdfa6-3f13-11e8-865e-10c37bc2c9b2} - "F:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {65a81ed1-22f0-11e8-862d-10c37bc2c9b2} - "F:\Setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {7130a44a-8f2c-11e5-825c-10c37bc2c9b2} - "F:\setup.exe"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\MountPoints2: {c2d774e3-efb7-11e7-85ca-5cc9d3f4fc4c} - "F:\Setup.exe"
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 189.7.72.49 189.7.72.38
Tcpip\..\Interfaces\{57E59905-8E39-4E95-83A9-F9EF2A0F2B8F}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{57E59905-8E39-4E95-83A9-F9EF2A0F2B8F}: [DhcpNameServer] 189.7.72.49 189.7.72.38
Tcpip\..\Interfaces\{9A03BE3B-6ECC-47C8-B6B1-A49A2E6510AF}: [DhcpNameServer] 192.168.31.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
SearchScopes: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-03-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-01-29] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-01-29] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-03-13] (Microsoft Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-10-28] (FreeDownloadManager.ORG)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-03-13] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-03-13] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-03-13] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-03-13] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: jsbri4ua.default
FF ProfilePath: C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\jsbri4ua.default [2018-05-03]
FF Homepage: Mozilla\Firefox\Profiles\jsbri4ua.default -> about:home
FF Extension: (AdBlock) - C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\jsbri4ua.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2018-03-09]
FF Extension: (iMacros for Firefox) - C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\jsbri4ua.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-09-08] [Legacy]
FF Extension: (Video DownloadHelper) - C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\jsbri4ua.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-24]
FF ProfilePath: C:\Users\Victor\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\xrswxjqm.default [2018-04-06]
FF Extension: (leethax.net extension) - C:\Users\Victor\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\xrswxjqm.default\Extensions\leethax@leethax.net.xpi [2016-07-03] [Legacy]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a)
FF HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13
FF Extension: (Free Download Manager extension) - C:\ProgramData\Free Download Manager\Firefox\Extensions\2.1.13 [2016-10-02] [Legacy]
FF HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => não encontrado (a)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_140.dll [2018-04-10] ()
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-01-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-01-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_140.dll [2018-04-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-10-18] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-03-13] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-3928538914-1254491160-1078913021-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Victor\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-01-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-3928538914-1254491160-1078913021-1001: @tools.coowon.com/Coowon Update;version=3 -> C:\Users\Victor\AppData\Local\Coowon\Update\1.3.33.0\npCoowonUpdate3.dll [2016-02-20] (Coowon.)
FF Plugin HKU\S-1-5-21-3928538914-1254491160-1078913021-1001: @tools.coowon.com/Coowon Update;version=9 -> C:\Users\Victor\AppData\Local\Coowon\Update\1.3.33.0\npCoowonUpdate3.dll [2016-02-20] (Coowon.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-05-08]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://www.google.com.br/"
CHR Profile: C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default [2018-05-08]
CHR Extension: (Google Drive) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-04]
CHR Extension: (YouTube) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-04]
CHR Extension: (imgur Community Extension) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2018-02-06]
CHR Extension: (PanicButton) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2017-11-04]
CHR Extension: (Vigie AQUI - por Reclame AQUI) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppgcbpmlfplbgmpcdlhjjniojgblded [2017-11-04]
CHR Extension: (Documentos Google off-line) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-05]
CHR Extension: (AdBlock) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-05-04]
CHR Extension: (Desprotetor de Links) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei [2018-04-15] [UpdateUrl: hxxps://desprotetor.com.br/firefox_update.json] <==== ATENÇÃO
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Seguro contra Spoilers Previsul) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\odcihdpbbpmlngjmihejhleafmigidfl [2017-11-04]
CHR Extension: (ScriptSafe) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-12-12]
CHR Extension: (No BBB) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pffipagakjgfndljjpkbdpoimojmgjca [2017-11-04]
CHR Extension: (SiteBlock) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2017-11-04]
CHR Extension: (Gmail) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-04]
CHR Extension: (Chrome Media Router) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-29]
CHR Profile: C:\Users\Victor\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-07]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <não encontrado (a)>

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-29] (Windows (R) Win 7 DDK provider) [Arquivo não assinado]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369432 2015-11-18] (Disc Soft Ltd)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2015-11-20] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2015-11-20] (Intel Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1419424 2017-08-17] (Intel Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-06-30] (Freemake) [Arquivo não assinado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [Arquivo não assinado]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-06-14] (Sandboxie Holdings, LLC)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-04-09] (Reason Software Company Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-12-14] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-29] (Atheros) [Arquivo não assinado]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4307192 2016-10-12] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2015-11-20] (ASUS Corporation)
R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-02-23] (Bluestack System Inc. )
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-29] (Qualcomm Atheros)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [53776 2016-06-14] (IVT Corporation.)
S3 BthMtpEnum; C:\Windows\system32\DRIVERS\BthMtpEnum.sys [62976 2013-08-22] (Microsoft Corporation)
S3 dc3d; C:\Windows\System32\drivers\dc3d.sys [47616 2011-05-18] (Microsoft Corporation) [Arquivo não assinado]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)
S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2015-11-20] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52208 2017-08-17] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-11-19] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47160 2015-11-19] (Disc Soft Ltd)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [260080 2017-08-17] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [32840 2017-06-16] (ELAN Microelectronic Corp.)
S3 GunBod; C:\Windows\system32\gunbod64.sys [84384 2016-12-19] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-03] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [112864 2018-05-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [44768 2018-05-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [102112 2018-05-08] (Malwarebytes)
R2 memudrv; D:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2016-07-10] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106120 2016-07-10] (McAfee, Inc.)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows (R) Win 7 DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [18768 2016-03-27] () [Arquivo não assinado]
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-02-25] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxDrv; C:\Windows\SysWOW64\DRIVERS\VBoxDrv.sys [254240 2014-05-16] (Oracle Corporation)
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2016-12-19] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2018-05-08] (GAS Tecnologia)
R1 wsddntf; C:\Windows\system32\DRIVERS\wsddntf.sys [36984 2016-11-11] (GAS Tecnologia)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [43608 2017-12-14] (GAS Tecnologia)
S1 HWiNFO32; \??\C:\Users\Victor\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATENÇÃO
S2 svcp; \??\C:\Windows\system32\Drivers\svcp64.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-05-08 15:46 - 2018-05-08 15:47 - 000028104 _____ C:\Users\Victor\Desktop\FRST.txt
2018-05-08 15:45 - 2018-05-08 15:46 - 000000000 ____D C:\FRST
2018-05-08 15:40 - 2018-05-08 15:40 - 002406912 _____ (Farbar) C:\Users\Victor\Desktop\FRST64.exe
2018-05-08 10:00 - 2018-05-08 10:00 - 000100706 _____ C:\Users\Victor\Desktop\Motta - venda de passagens on line.pdf
2018-05-07 12:04 - 2018-05-07 12:04 - 000135876 _____ C:\Users\Victor\Desktop\Description.jpeg
2018-05-07 11:30 - 2018-05-07 11:30 - 000163005 _____ C:\Users\Victor\Desktop\WhatsApp Image 2018-05-05 at 10.05.02.jpeg
2018-04-27 13:57 - 2018-04-27 13:58 - 032378947 _____ C:\Users\Victor\Desktop\ae577b14346ca377ed6d9c100753775c.mp4
2018-04-25 08:41 - 2018-05-08 13:59 - 000102112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-04-21 14:45 - 2018-04-21 14:46 - 069732167 _____ C:\Users\Victor\Desktop\WWW.DOWNVIDS.NET-OS MELHORES MEMES DA SAM SOUTH AMÉRICA MEMES .mp4
2018-04-21 13:54 - 2018-04-21 13:54 - 000000000 ____D C:\Users\Victor\AppData\Roaming\BluestacksCN
2018-04-21 12:04 - 2018-04-21 12:04 - 001221430 _____ C:\Users\Victor\Documents\SysnativeFileCollectionApp.zip
2018-04-19 11:22 - 2018-04-19 11:25 - 000000000 ____D C:\Users\Victor\Documents\SysnativeFileCollectionApp
2018-04-19 10:35 - 2018-04-19 10:35 - 000158720 _____ (Sysnative) C:\Users\Victor\Documents\SysnativeBSODCollectionApp.exe
2018-04-19 10:28 - 2018-04-19 10:29 - 000313560 _____ C:\Windows\Minidump\041918-21484-01.dmp
2018-04-14 09:40 - 2018-03-23 09:50 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-04-14 09:40 - 2018-03-22 19:00 - 025742336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-04-14 09:40 - 2018-03-22 17:26 - 020287488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-04-14 09:40 - 2018-03-22 17:17 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-04-14 09:40 - 2018-03-22 17:15 - 005780480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-04-14 09:40 - 2018-03-22 17:06 - 000794112 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-04-14 09:40 - 2018-03-22 16:52 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-04-14 09:40 - 2018-03-22 16:42 - 000661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-04-14 09:40 - 2018-03-22 16:37 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-04-14 09:40 - 2018-03-22 16:29 - 015282688 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-04-14 09:40 - 2018-03-22 16:29 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-04-14 09:40 - 2018-03-22 16:29 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-04-14 09:40 - 2018-03-22 16:29 - 000381440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-04-14 09:40 - 2018-03-22 16:27 - 002135552 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-04-14 09:40 - 2018-03-22 16:21 - 004496896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-04-14 09:40 - 2018-03-22 16:20 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-04-14 09:40 - 2018-03-22 16:20 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-04-14 09:40 - 2018-03-22 16:15 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-04-14 09:40 - 2018-03-22 16:15 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-04-14 09:40 - 2018-03-22 16:15 - 000333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-04-14 09:40 - 2018-03-22 16:14 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-04-14 09:40 - 2018-03-22 16:04 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-04-14 09:40 - 2018-03-22 15:55 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-04-14 09:40 - 2018-03-22 15:53 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-04-14 09:40 - 2018-03-22 15:52 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-04-14 09:40 - 2018-03-22 15:51 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-04-14 09:40 - 2018-03-10 13:50 - 000083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-04-14 09:40 - 2018-03-09 20:16 - 001549136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-04-14 09:40 - 2018-03-09 20:16 - 000388440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2018-04-14 09:40 - 2018-03-09 17:20 - 007405392 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-04-14 09:40 - 2018-03-09 17:20 - 001737592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-04-14 09:40 - 2018-03-09 17:20 - 001676056 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-04-14 09:40 - 2018-03-09 17:20 - 001536112 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-04-14 09:40 - 2018-03-09 17:20 - 001500424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-04-14 09:40 - 2018-03-09 17:20 - 001371344 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2018-04-14 09:40 - 2018-03-09 17:20 - 000418640 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-04-14 09:40 - 2018-03-09 15:59 - 000121168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2018-04-14 09:40 - 2018-03-09 10:52 - 000148992 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2018-04-14 09:40 - 2018-03-09 10:52 - 000113664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2018-04-14 09:40 - 2018-03-09 10:52 - 000096768 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-04-14 09:40 - 2018-03-09 10:52 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-04-14 09:40 - 2018-03-08 14:15 - 000005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-04-14 09:40 - 2018-03-08 14:14 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-04-14 09:40 - 2018-03-08 10:21 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2018-04-14 09:40 - 2018-03-07 19:46 - 000202576 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2018-04-14 09:40 - 2018-03-07 19:42 - 000174928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-04-14 09:40 - 2018-03-07 15:28 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\wsnmp32.dll
2018-04-14 09:40 - 2018-03-07 14:26 - 000053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsnmp32.dll
2018-04-14 09:40 - 2018-03-03 13:44 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2018-04-14 09:40 - 2018-03-03 13:04 - 000252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-04-14 09:40 - 2018-02-16 11:51 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-04-14 09:40 - 2018-02-16 11:51 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-04-14 09:40 - 2018-02-16 11:28 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2018-04-14 09:40 - 2018-02-16 11:24 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-04-14 09:40 - 2018-02-16 11:24 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-04-14 09:40 - 2018-02-16 10:37 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-04-14 09:40 - 2018-02-16 10:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-04-14 09:40 - 2018-02-10 16:24 - 000178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-04-14 09:40 - 2018-02-10 15:29 - 000274272 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-04-14 09:40 - 2018-02-10 15:29 - 000124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-04-14 09:40 - 2018-02-10 15:29 - 000065888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-04-14 09:40 - 2018-02-10 15:29 - 000062304 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-04-14 09:40 - 2018-02-10 15:29 - 000021856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-04-14 09:40 - 2018-02-10 15:29 - 000017240 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-04-14 09:40 - 2018-02-10 15:25 - 000533856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-04-14 09:40 - 2018-02-10 15:08 - 001307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-04-14 09:40 - 2018-02-10 15:06 - 000356184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-04-14 09:40 - 2018-02-10 13:50 - 000401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-04-14 09:40 - 2018-02-10 13:40 - 002901504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-04-14 09:40 - 2018-02-10 13:26 - 000440832 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-04-14 09:40 - 2018-02-10 13:20 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-04-14 09:40 - 2018-02-10 13:09 - 003757056 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-04-14 09:40 - 2018-02-10 13:06 - 002295296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-04-14 09:40 - 2018-02-10 13:03 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2018-04-14 09:40 - 2018-02-10 13:01 - 000617472 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-04-14 09:40 - 2018-02-10 12:59 - 000404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-04-14 09:40 - 2018-02-10 12:54 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-04-14 09:40 - 2018-02-10 12:52 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-04-14 09:40 - 2018-02-10 12:48 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-04-14 09:40 - 2018-02-10 12:46 - 002412544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-04-14 09:40 - 2018-02-10 12:44 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-04-14 09:40 - 2018-02-10 12:43 - 000109056 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-04-14 09:40 - 2018-02-10 12:35 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-04-14 09:40 - 2018-02-10 12:33 - 000747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-04-14 09:40 - 2018-02-10 12:30 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-04-14 09:40 - 2018-02-10 12:29 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-04-14 09:40 - 2018-02-09 21:29 - 000531632 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2018-04-14 09:40 - 2018-02-09 21:25 - 001137872 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-04-14 09:40 - 2018-02-09 13:44 - 000276304 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2018-04-14 09:40 - 2018-02-09 13:21 - 000862208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-04-14 09:40 - 2018-02-08 14:53 - 000309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2018-04-14 09:40 - 2018-02-08 14:22 - 000477696 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2018-04-14 09:40 - 2018-02-08 14:18 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2018-04-14 09:40 - 2018-02-08 14:03 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2018-04-14 09:40 - 2018-02-08 13:49 - 000289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2018-04-14 09:40 - 2018-02-08 13:42 - 001001984 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2018-04-14 09:40 - 2018-02-08 13:42 - 000192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2018-04-14 09:40 - 2018-02-08 13:40 - 001096192 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2018-04-14 09:40 - 2018-02-08 13:38 - 000866304 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2018-04-14 09:40 - 2018-02-08 13:37 - 002779648 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-04-14 09:40 - 2018-02-08 13:27 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2018-04-14 09:40 - 2018-02-08 13:24 - 000199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2018-04-14 09:40 - 2018-02-08 13:03 - 000664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2018-04-14 09:40 - 2018-02-08 13:03 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2018-04-14 09:40 - 2018-02-08 12:57 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-04-14 09:40 - 2018-02-02 16:42 - 003320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-04-14 09:40 - 2018-02-02 15:24 - 003610112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-04-14 09:40 - 2018-01-26 15:04 - 001115648 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2018-04-14 09:40 - 2018-01-25 10:19 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2018-04-14 09:40 - 2018-01-25 10:14 - 000922944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-04-14 09:40 - 2018-01-12 14:18 - 000538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-04-14 09:40 - 2018-01-12 13:26 - 000393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-04-14 09:40 - 2018-01-11 14:39 - 000163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2018-04-14 09:40 - 2018-01-11 14:39 - 000114688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2018-04-14 09:40 - 2018-01-11 14:34 - 000311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2018-04-14 09:40 - 2018-01-11 14:28 - 001562624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2018-04-14 09:40 - 2018-01-11 14:19 - 002364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2018-04-14 09:40 - 2018-01-11 14:10 - 000202752 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2018-04-14 09:40 - 2018-01-11 14:10 - 000128000 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2018-04-14 09:40 - 2018-01-11 14:04 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2018-04-14 09:40 - 2018-01-11 13:55 - 002003456 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2018-04-14 09:40 - 2018-01-11 13:42 - 002923520 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2018-04-14 09:40 - 2018-01-11 13:13 - 001695744 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2018-04-14 09:40 - 2018-01-10 10:48 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2018-04-14 09:40 - 2018-01-09 02:06 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2018-04-14 09:40 - 2018-01-09 01:32 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2018-04-14 09:40 - 2018-01-09 01:19 - 001292288 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2018-04-14 09:40 - 2018-01-09 00:59 - 001060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2018-04-14 09:20 - 2018-03-16 14:51 - 000144000 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-04-14 09:20 - 2018-03-14 09:23 - 001993728 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-04-14 09:20 - 2018-03-14 09:23 - 001559552 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-04-14 09:20 - 2018-03-14 09:23 - 000739840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-04-14 09:20 - 2018-03-14 09:23 - 000656384 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-04-14 09:20 - 2018-03-14 09:23 - 000599552 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-04-14 09:20 - 2018-03-14 09:23 - 000450048 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-04-14 09:20 - 2018-03-14 09:23 - 000414720 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-04-14 09:20 - 2018-03-14 09:23 - 000291840 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-04-14 09:20 - 2018-03-14 09:23 - 000237056 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-04-11 16:45 - 2018-04-11 10:16 - 015084262 _____ C:\Users\Victor\Desktop\diploma.pdf

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-05-08 12:00 - 2018-02-08 11:40 - 000003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2018-05-08 12:00 - 2016-09-05 17:49 - 000003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2018-05-08 10:10 - 2013-12-18 13:57 - 001789752 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-08 10:10 - 2013-12-18 00:10 - 000770378 _____ C:\Windows\system32\prfh0416.dat
2018-05-08 10:10 - 2013-12-18 00:10 - 000156146 _____ C:\Windows\system32\prfc0416.dat
2018-05-08 10:10 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2018-05-08 08:41 - 2017-08-08 13:56 - 000000000 ____D C:\Program Files\Opera
2018-05-08 08:13 - 2016-11-27 09:19 - 000002886 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (Victor)
2018-05-08 07:52 - 2015-11-19 21:31 - 000000074 _____ C:\Users\Victor\AppData\Roaming\sp_data.sys
2018-05-08 07:51 - 2018-04-03 13:19 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-05-08 07:51 - 2018-04-03 13:19 - 000112864 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-05-08 07:51 - 2018-04-03 13:19 - 000044768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-05-08 07:51 - 2017-01-05 13:05 - 000028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2018-05-08 07:51 - 2016-07-20 16:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-08 07:51 - 2015-11-24 22:58 - 000000000 ____D C:\Users\Victor\AppData\Local\CrashDumps
2018-05-08 07:50 - 2016-03-23 18:20 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-08 07:50 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-04 01:21 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2018-05-03 17:52 - 2018-03-12 08:57 - 000000000 ____D C:\Users\Victor\Desktop\Processos
2018-05-03 14:48 - 2017-09-30 09:45 - 000000758 _____ C:\Users\Victor\Desktop\dupla de treino.txt
2018-05-02 11:19 - 2018-03-17 18:29 - 000000116 _____ C:\Users\Victor\Desktop\conta gmail.txt
2018-05-02 10:45 - 2016-05-12 07:31 - 000000000 ____D C:\Users\Victor\Desktop\DBZDK
2018-04-30 10:07 - 2016-11-27 09:19 - 000000000 ____D C:\ProgramData\ProductData
2018-04-29 23:55 - 2017-05-21 20:54 - 000000000 ____D C:\Users\Victor\AppData\Roaming\qBittorrent
2018-04-29 16:44 - 2013-08-22 10:44 - 000515384 _____ C:\Windows\system32\FNTCACHE.DAT
2018-04-29 15:29 - 2015-11-19 21:34 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3928538914-1254491160-1078913021-1001
2018-04-29 11:39 - 2018-02-03 22:43 - 000000000 ____D C:\Users\Victor\.MemuHyperv
2018-04-27 23:43 - 2017-11-04 22:30 - 000002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-27 23:43 - 2017-11-04 22:30 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-22 13:36 - 2016-11-16 08:59 - 000000000 ____D C:\Users\Victor\AppData\LocalLow\Mozilla
2018-04-20 13:28 - 2016-05-03 09:52 - 000000000 ____D C:\Users\Victor\Downloads\MEmu Download
2018-04-19 14:26 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-19 14:21 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\registration
2018-04-19 10:29 - 2015-11-19 21:28 - 000000000 ____D C:\Users\Victor
2018-04-19 10:28 - 2018-04-03 00:34 - 506109552 _____ C:\Windows\MEMORY.DMP
2018-04-19 10:28 - 2015-11-20 13:50 - 000000000 ____D C:\Windows\Minidump
2018-04-19 10:15 - 2015-11-19 21:30 - 000000000 ____D C:\Users\Victor\Documents\Bluetooth Folder
2018-04-16 11:47 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2018-04-15 00:55 - 2015-11-21 14:54 - 000000000 ____D C:\Windows\system32\appraiser
2018-04-15 00:54 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2018-04-14 10:18 - 2015-11-20 12:52 - 000000000 ____D C:\Windows\system32\MRT
2018-04-14 10:08 - 2017-10-25 16:53 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-04-14 10:08 - 2015-11-20 12:52 - 136971704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-04-14 10:07 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2018-04-14 09:58 - 2013-08-22 09:25 - 000000199 _____ C:\Windows\win.ini
2018-04-13 17:55 - 2016-12-19 16:50 - 000000000 ____D C:\Users\Victor\AppData\Local\Nox
2018-04-13 12:58 - 2017-07-04 15:54 - 000000000 ____D C:\Users\Victor\Desktop\Fotos e vídeos celular
2018-04-13 12:15 - 2018-03-08 08:05 - 000000000 ____D C:\Users\Victor\.android
2018-04-13 12:14 - 2016-12-19 16:52 - 000000000 ____D C:\Users\Victor\vmlogs
2018-04-12 00:34 - 2018-04-06 22:45 - 000000000 ____D C:\Users\Victor\Desktop\BSTweaker4
2018-04-10 18:34 - 2018-01-07 12:51 - 000000415 _____ C:\Users\Victor\Desktop\Contas.txt
2018-04-10 12:30 - 2017-04-04 11:20 - 000004396 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-04-10 12:30 - 2017-02-28 20:32 - 000004498 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-04-10 12:30 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-04-10 12:30 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2018-04-10 11:30 - 2018-03-13 18:30 - 000004534 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-04-09 09:39 - 2015-11-20 12:54 - 000000000 ____D C:\Users\Victor\Desktop\FILMES
2018-04-08 17:51 - 2018-03-12 13:54 - 000000027 _____ C:\Users\Victor\Desktop\Id - código jp.txt
2018-04-08 10:47 - 2015-11-19 21:28 - 000000000 ____D C:\Users\Victor\AppData\Local\Packages

==================== Arquivos na raiz de alguns diretórios =======

2017-08-17 10:18 - 2017-08-17 10:18 - 000000098 _____ () C:\Users\Victor\IP_Log_Data.js
2017-09-18 07:23 - 2017-09-18 07:23 - 002887552 _____ () C:\Users\Victor\ZHPCleaner.exe
2015-12-13 06:32 - 2015-12-13 06:32 - 002516288 _____ (IObit) C:\Program Files (x86)\BigUpgrade.exe
2017-04-20 14:06 - 2017-04-20 14:06 - 000000069 _____ () C:\Users\Victor\AppData\Roaming\Camdata.ini
2017-04-20 14:06 - 2017-04-20 14:06 - 000000408 _____ () C:\Users\Victor\AppData\Roaming\CamLayout.ini
2017-04-20 14:06 - 2017-04-20 14:06 - 000000408 _____ () C:\Users\Victor\AppData\Roaming\CamShapes.ini
2017-04-20 14:06 - 2017-04-20 14:06 - 000004561 _____ () C:\Users\Victor\AppData\Roaming\CamStudio.cfg
2015-12-29 22:36 - 2015-12-29 22:44 - 000002633 _____ () C:\Users\Victor\AppData\Roaming\droid4xinstaller.log
2017-08-17 10:21 - 2017-08-17 10:21 - 000000013 _____ () C:\Users\Victor\AppData\Roaming\Network Meter_Usage.ini
2017-08-17 10:21 - 2017-08-17 10:21 - 000000119 _____ () C:\Users\Victor\AppData\Roaming\Network Monitor II_#0_Traffic.ini
2015-11-19 21:31 - 2018-05-08 07:52 - 000000074 _____ () C:\Users\Victor\AppData\Roaming\sp_data.sys
2017-04-20 14:01 - 2017-04-20 14:01 - 000000096 _____ () C:\Users\Victor\AppData\Roaming\version2.xml
2018-02-08 07:54 - 2018-02-08 07:54 - 000000000 _____ () C:\Users\Victor\AppData\Local\{0C20A5A5-0325-448F-85B4-680E94CD3679}

Alguns arquivos em TEMP:
====================
2018-04-06 20:17 - 2018-02-22 05:48 - 000976416 _____ (BlueStack Systems, Inc.) C:\Users\Victor\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2018-04-06 20:17 - 2018-02-22 05:48 - 000421368 _____ (CodeTitans) C:\Users\Victor\AppData\Local\Temp\JSON.dll
2018-03-11 20:55 - 2018-04-29 11:40 - 000492544 _____ () C:\Users\Victor\AppData\Local\Temp\s3.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2018-05-06 18:42

==================== Fim de FRST.txt ============================

Addition

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 06.05.2018 01
Executado por Victor (08-05-2018 15:49:25)
Executando a partir de C:\Users\Victor\Desktop
Windows 8.1 Single Language (Update) (X64) (2015-11-20 01:28:27)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

Administrador (S-1-5-21-3928538914-1254491160-1078913021-500 - Administrator - Disabled)
Convidado (S-1-5-21-3928538914-1254491160-1078913021-501 - Limited - Disabled)
Victor (S-1-5-21-3928538914-1254491160-1078913021-1001 - Administrator - Enabled) => C:\Users\Victor

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

7+ Taskbar Tweaker v5.4 (HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\7 Taskbar Tweaker) (Version: 5.4 - RaMMicHaeL)
8GadgetPack (HKLM-x32\...\{D0BD6EC7-ADBC-4127-815A-77E2336873EA}) (Version: 17.0.0 - Helmut Buhler)
Abex Document Converter Pro 4.0 (HKLM-x32\...\Abex Document Converter Pro_is1) (Version: - Abexsoft, Inc.)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.5.0 - Sereby Corporation)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS PC Link (HKLM-x32\...\{52AE8601-EA55-456E-80A9-7FB48E82CF81}_is1) (Version: 3.0.22.1029 - ASUSTEK)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Atualizações da NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Audiggle version 3.0.0.1 (HKLM-x32\...\{FCAD9ED0-C00F-45FA-91DB-F89140EFAB3A}_is1) (Version: 3.0.0.1 - Audiggle LTD)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.5.510 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Biblioteca de Autenticação do Active Directory para SQL Server (HKLM\...\{06A09B8C-502A-4253-A179-5649D102AA06}) (Version: 14.0.500.272 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 3.56.76.1867 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version: - Cheat Engine)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.52.56 - Conexant)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd)
Designer XAML para Microsoft Visual Studio 2015 - PTB (HKLM-x32\...\{E8BB4557-1F0F-354D-953C-344B866B5EB9}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Dicionário eletrônico Houaiss 1.0 (HKLM-x32\...\Dicionário eletrônico Houaiss da língua portuguesa_is1) (Version: - Editora Objetiva)
Driver Booster 5 (HKLM-x32\...\Driver Booster_is1) (Version: 5.3.0 - IObit)
EVEREST Ultimate Edition v5.02 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.02 - Lavalys, Inc.)
f.lux (HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\Flux) (Version: - f.lux Software LLC)
FormatFactory 3.9.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.9.5.0 - Free Time)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.0.0 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.0.0.29935 - Foxit Software Inc.)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Freemake Video Converter versão 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GunboundPS (HKLM-x32\...\GunboundPS_is1) (Version: - Softnyx co.,Ltd.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{55669453-883A-4F15-9D3B-BC990F5C9A32}) (Version: 6.0.6 - Intel Corporation)
Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Jurídico e Concursos versão 1.0.0 (HKLM-x32\...\{8C3C47C1-39A4-4E10-9DDF-67FB9A917E51}_is1) (Version: 1.0.0 - Editora Rideel)
K-Lite Mega Codec Pack 13.3.3 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.3.3 - KLCP)
Malwarebytes versão 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 2.9.6.1 - Microvirt)
Microsoft .NET Framework 4.5.1 SDK (ENU) (HKLM-x32\...\{8EBF82FA-BD9E-4154-94DB-0946B48C346B}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{82f2609e-68ba-408d-963f-530ad8809435}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{577ff5ba-39aa-4d8c-a3a9-f95012763438}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{d6f233bd-3f8c-43f6-878b-07bd0568d595}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{cb7c3049-21de-415b-bd85-b65c14e547df}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minhateca.com.br Box (HKLM-x32\...\{D90C133D-3B6A-44A9-96CA-ADD8B3F49506}) (Version: 2.0.8.1 - Minhateca.com.br)
MiPony 2.5.4 (HKLM-x32\...\MiPony) (Version: 2.5.4 - )
Mouse Recorder Pro 2.0.7.6 (HKLM-x32\...\{889E44CE-435C-4D37-B302-A7E43339E5FA}_is1) (Version: - Nemex Studios)
Mozilla Firefox 58.0.2 (x64 pt-BR) (HKLM\...\Mozilla Firefox 58.0.2 (x64 pt-BR)) (Version: 58.0.2 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NCS WinVisible (HKLM-x32\...\{1111E82E-8C9E-40A0-9C53-96434A1BAAF8}) (Version: 1.1.0.7 - Neptune Century Studios)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Nuclear Coffee - VideoGet (HKLM\...\VideoGet_is1) (Version: 2014 - Nuclear Coffee)
NVIDIA Driver de gráficos 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Opera Stable 51.0.2830.55 (HKLM-x32\...\Opera 51.0.2830.55) (Version: 51.0.2830.55 - Opera Software)
Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Pacote de Idiomas do Microsoft Help Viewer 2.2 - PTB (HKLM-x32\...\{D537A557-8ED0-33EF-8FA4-F733521B2A07}) (Version: 2.2.23107 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Help Viewer 2.2 - PTB (HKLM-x32\...\Pacote de Idiomas do Microsoft Help Viewer 2.2 - PTB) (Version: 2.2.23107 - Microsoft Corporation)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Pacote de Idiomas do Shell do Microsoft Visual Studio 2015 (Isolado) - PTB (HKLM-x32\...\{6cb2a869-a3fd-46e4-9bce-f2f9ce573f98}) (Version: 14.0.23107.10 - Microsoft Corporation)
Painel de controle da NVIDIA 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 376.54 - NVIDIA Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Playboy - The Mansion (HKLM-x32\...\{58D4AE57-ACDE-4A07-9BBD-34B15D54526C}) (Version: 1.00.0000 - Cyberlore Studios)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
qBittorrent 3.3.13 (HKLM-x32\...\qBittorrent) (Version: 3.3.13 - The qBittorrent project)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Recursos de Shell do Microsoft Visual Studio 2015 (Isolado) (HKLM-x32\...\{7F190460-E750-3EAB-8A3B-28E7ACEE8D3E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Recursos do Shell do Microsoft Visual Studio 2015 (Mínimo) (HKLM-x32\...\{69F4C53A-D33D-3B18-9383-52971A2CE8C8}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{94E7DFAD-A92E-3389-83EB-8E206F543CA5}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Sandboxie 5.12 (64-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Suporte a Idiomas do Microsoft Visual Studio Tools for Applications 2015 - Pacote de Idiomas PTB (HKLM-x32\...\{9F265A84-384C-32C5-949A-70DB13F18A67}) (Version: 14.0.23107.20 - Microsoft Corporation) Hidden
Suporte a Idiomas do Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{c853d714-e08a-4757-9abc-9310afe5d221}) (Version: 14.0.23107.20 - Microsoft Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2016 (KB4018323) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C611D846-95F7-482D-A1DD-35E805BC82A6}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4018323) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{C611D846-95F7-482D-A1DD-35E805BC82A6}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB4018323) 64-Bit Edition (HKLM\...\{90160000-012B-0416-1000-0000000FF1CE}_Office16.PROPLUS_{C611D846-95F7-482D-A1DD-35E805BC82A6}) (Version: - Microsoft)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Warsaw 2.3.0.83 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.3.0.83 - GAS Tecnologia)
WhatsApp (HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\WhatsApp) (Version: 0.2.5371 - WhatsApp)
Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001_Classes\CLSID\{F0D5B8DF-FA50-4AC1-B644-6DD3DABA2DC0}\InprocServer32 -> 42494E41525953545245414D0300000003000000591248CE8BE38A631FB24E0033D1BD35475DB327E7A9CAA293834BF04FC6 => Nenhum Arquivo
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [2013-10-29] (Qualcomm®Atheros®)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-03] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-03] (Alexander Roshal)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-10-29] (Qualcomm®Atheros®)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-11-24] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-20] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-03] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-03] (Alexander Roshal)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {0733DFCE-387D-4406-84E5-AC66BB4562EC} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
Task: {0E05CB2D-9589-4F2D-9E61-E9AFF59483F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {176238B8-A5D4-410C-A2A7-CD1594D54A28} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {19FA7168-8B44-404C-BC49-43CC5A01B845} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\5.3.0\Scheduler.exe [2018-01-26] (IObit)
Task: {2B753519-698B-45FC-AAB9-E95D512BA62E} - System32\Tasks\Driver Booster SkipUAC (Victor) => C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DriverBooster.exe [2018-03-22] (IObit)
Task: {356ABA25-9708-4984-91F8-E48CEFD26858} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {455CD62E-C6BE-40F3-98FE-CA1F687C535C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {5E60084B-A440-4A51-8DB6-42F012EB8D70} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {6BA359BA-9B71-4408-BEBC-A1E3E56AF246} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {6E87E92C-8CCD-4DDD-9F3B-FD30F1ED22D1} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {73C888B2-5A42-4E89-8DB0-317BA331EC35} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {741E7972-199B-4E61-9F74-3231FC4145C2} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {82E98676-3AE2-47D7-B5AD-5EFC3A4A0DCA} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
Task: {83FDD472-68E4-401D-9A84-577254269FB5} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {8F9A5EDB-0D8F-48AC-A035-04823EF28AD2} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-02-11] ()
Task: {921E8EB3-1460-4C04-9CEC-DDD12EAA9FCD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-04] (Google Inc.)
Task: {9AB5642C-3CBC-4FD9-A125-7DC3ED241B4F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-11] (ASUS)
Task: {9B06BC60-BB81-4994-998D-809B926F4C4D} - System32\Tasks\Opera scheduled Autoupdate 1502215019 => C:\Program Files\Opera\launcher.exe [2018-03-08] (Opera Software)
Task: {A84C5E5E-C467-46D1-A628-BD9A41EC844C} - System32\Tasks\{08E04683-6356-4661-9D48-EA4DEC01C217} => C:\Windows\system32\pcalua.exe -a C:\bankerfix.exe -d C:\
Task: {ABE5BA06-3D8D-4C6D-9A49-5F3A182B95E5} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_Plugin.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {AF23D4FB-420F-445F-9BBA-D7A04389FEA0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-10] (Adobe Systems Incorporated)
Task: {BD51CB16-D59A-4087-9F2F-E0848A2B24F3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-04] (Google Inc.)
Task: {C325FFC8-485B-42C1-8EE6-9119ECACA908} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {CF098527-E9E7-485A-AA06-115E645C17AE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {D095A0EE-672B-4989-AAD4-D9E33FDCBB4F} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {E198324D-09C7-4219-AF45-324648BD1A78} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2017-07-07] ()
Task: {E419D8C3-8B12-4C3F-A3FB-13ECAB23B479} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2016-09-28 03:53 - 2016-09-28 03:53 - 000031248 _____ () C:\Windows\System32\ssm4mlm.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 000020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2017-06-18 17:44 - 2017-06-18 17:44 - 000230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2014-02-11 20:08 - 2014-02-11 20:08 - 000031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-02-11 20:08 - 2014-02-11 20:08 - 000028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2016-03-23 18:20 - 2016-12-29 09:16 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-03 13:19 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-03 13:19 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-10-29 21:22 - 2013-10-29 21:22 - 000011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-29 21:19 - 2013-10-29 21:19 - 000086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-29 21:26 - 2013-10-29 21:26 - 000012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2016-10-08 22:43 - 2016-10-08 22:43 - 000176640 _____ () C:\Windows\SysWOW64\ReSent.exe
2018-04-06 20:28 - 2018-03-24 04:25 - 004238432 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
2018-04-27 23:43 - 2018-04-25 23:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-04-27 23:43 - 2018-04-25 23:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
2018-04-10 12:30 - 2018-04-10 12:30 - 031256576 _____ () C:\Windows\system32\Macromed\Flash\pepflashplayer64_29_0_0_140.dll
2013-09-09 21:23 - 2013-09-09 21:23 - 000162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-10-08 23:41 - 2013-10-08 23:41 - 000037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-07-10 17:30 - 2013-10-23 16:44 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2018-04-06 20:26 - 2018-03-24 04:43 - 048935936 _____ () C:\ProgramData\BlueStacks\CefData\libcef.dll
2013-04-27 09:24 - 2013-04-27 09:24 - 000071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KNet => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\svcp => ""="Driver"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)

==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\.DEFAULT\...\bancobrasil.com.br -> hxxps://www14.bancobrasil.com.br
IE trusted site: HKU\.DEFAULT\...\bb.com.br -> hxxps://seg.bb.com.br
IE trusted site: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\bb.com.br -> aapj.bb.com.br
IE trusted site: HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\gastecnologia.com.br -> cloud.gastecnologia.com.br

==================== Hosts Conteúdo: ==========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2013-08-22 09:25 - 2018-05-08 07:50 - 000003287 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 ssl.bandisoft.com
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

HKLM\...\StartupApproved\StartupFolder: => "Kaspersky Software Updater Beta.lnk"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "vmware-tray.exe"
HKLM\...\StartupApproved\Run32: => "KurupiraNet"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\StartupFolder: => "Sidebar29.lnk"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\Run: => "KurupiraNet"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\Run: => "KSS"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\Run: => "PCLink"
HKU\S-1-5-21-3928538914-1254491160-1078913021-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{953DE35F-BECE-4BB7-8217-D3252C19E7BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7BF8211E-4C4D-4A81-9CF2-FF52A29DEC6B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{118C8E36-678B-4508-BBDD-918BDA956A53}C:\users\victor\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => (Block) C:\users\victor\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [TCP Query User{01CCB349-668F-40F5-A4D1-624D03BAA57D}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme
FirewallRules: [UDP Query User{B465938F-602A-4DA8-9C56-342326D3C1E3}C:\game\softnyxgame\gunboundps\gunbound.gme] => (Allow) C:\game\softnyxgame\gunboundps\gunbound.gme
FirewallRules: [{3EAFBB8E-CB0B-4E97-9DD3-D5C92CD061F4}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{04508175-A0AD-4D9B-A238-E8DEDA68A62A}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{4B15E16E-48BF-4827-B414-27592E675A78}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [TCP Query User{8F2E8765-10FC-4B8B-9294-764CFF41A457}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{93AC01A6-C254-4B67-8061-B24B07BA09F8}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{839AB33B-A054-4BFF-8B90-6656EC71CCD7}] => (Allow) C:\Program Files (x86)\ASUS\PC Link\PCLinkService.exe
FirewallRules: [{4D81072F-6A98-489B-99CD-D03CC60B9553}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9FD092D3-0024-485F-8DE9-FAB7D2E945BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CA169AC3-E005-427A-828A-8BF49F0E163D}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{56580336-311A-4FE8-A495-D8B1C6D3239C}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{3211E805-53D3-47BA-A9E5-FB75390B6C98}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4649105E-9284-4875-9055-E802ECDCD6B6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{93E2A486-BF93-4392-AC7C-19FA42887617}C:\users\victor\desktop\victor\programas\ratiomaster-1.9.1\rm.exe] => (Allow) C:\users\victor\desktop\victor\programas\ratiomaster-1.9.1\rm.exe
FirewallRules: [UDP Query User{16FFCE4F-2BAF-473B-A842-BEF000E50D05}C:\users\victor\desktop\victor\programas\ratiomaster-1.9.1\rm.exe] => (Allow) C:\users\victor\desktop\victor\programas\ratiomaster-1.9.1\rm.exe
FirewallRules: [{BB512B63-20E7-4214-9358-91BC1CFF119B}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{32580DDB-9A61-452E-B5B4-B5C0B4ACB16D}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{347E82AB-A89C-402F-8841-CCE91B92B130}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{A6663430-8222-4F07-9D4C-3F36F030F7F3}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{88BB050A-7CA4-463A-AC56-982C58AAE01E}C:\users\victor\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Block) C:\users\victor\appdata\roaming\utorrent\updates\3.4.9_43295.exe
FirewallRules: [UDP Query User{F6C9C77E-DC54-4EED-B087-4D1EE2C3011F}C:\users\victor\appdata\roaming\utorrent\updates\3.4.9_43295.exe] => (Block) C:\users\victor\appdata\roaming\utorrent\updates\3.4.9_43295.exe
FirewallRules: [{954D91E5-F19C-47F9-BA89-82C7424B097A}] => (Block) LPort=445
FirewallRules: [{FC67AB1A-E66D-49A0-BADE-6D4091290933}] => (Block) LPort=445
FirewallRules: [{48025BFB-97B3-4CB8-8B2B-AAB51390282F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{7E5759AE-08F2-44EE-8208-58EE9ADC221E}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{949C8AE4-B322-49A1-917A-5BD734FF6F10}C:\program files\java\jdk1.8.0_131\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_131\bin\jmc.exe
FirewallRules: [UDP Query User{D258D11B-A796-4157-9489-0F984D486AF9}C:\program files\java\jdk1.8.0_131\bin\jmc.exe] => (Block) C:\program files\java\jdk1.8.0_131\bin\jmc.exe
FirewallRules: [{42892592-8A7D-4F51-B41D-A4C31706185F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{30587F5D-41B2-46AC-BEA3-FB69B4BAD39F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FE9B9AFF-C753-4633-BA44-608AE793BAFD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E479F47E-AD02-4B52-A479-59D20B93592B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{EE7D2A5C-5668-40E0-AD11-865C2CBAB1FB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5569E451-0701-4120-80E8-A5D8F6BEF683}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B49BEA98-3700-44E8-9151-9857227CBBAB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D134A7B2-5476-4D59-B5D3-A3B127DF1D96}] => (Allow) D:\Program Files\Microvirt\MEmu\MEmu.exe
FirewallRules: [{C8240C0A-2923-4B29-8085-8F8A8E97CF5E}] => (Allow) D:\Program Files\Microvirt\MEmu\MEmu.exe
FirewallRules: [{2011F0CE-DEFB-46F7-97D9-B7D5C64F4BA2}] => (Allow) C:\Program Files\Opera\51.0.2830.40\opera.exe
FirewallRules: [TCP Query User{B8F0A294-E864-4C2C-9ABB-B9A263EBE038}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{728F8E4A-8674-4476-AF77-30F656BB3CB7}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [{6519A450-F6C3-4B36-BF25-FFD756E9C8E1}] => (Allow) C:\Program Files\Opera\51.0.2830.55\opera.exe
FirewallRules: [{C232FF54-9D0B-4B5C-92B7-A1F70EA6F18D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DriverBooster.exe
FirewallRules: [{66267027-F55E-4077-AB4B-AD15CC2B75A7}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DriverBooster.exe
FirewallRules: [{7CD6272C-1D74-4464-95DF-A00C25B0B578}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DBDownloader.exe
FirewallRules: [{8471B9F5-C05F-4BDC-B61B-5FC15783BE5D}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\DBDownloader.exe
FirewallRules: [{0F592A71-6F9E-4C56-AAC7-EFFAA5493509}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\AutoUpdate.exe
FirewallRules: [{2FCDB781-5119-4983-B62C-C3624071A0F3}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\5.3.0\AutoUpdate.exe
FirewallRules: [{E4E6BE45-5801-472E-8206-70B043CD7D2E}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe
FirewallRules: [{6C82BA79-476F-48A0-ABA6-E44084AA22F1}] => (Allow) D:\Program Files\Nox\bin\Nox.exe
FirewallRules: [{94154027-AB17-41DD-A9EE-28D23A39BFB9}] => (Allow) C:\Program Files (x86)\Bignox\BigNoxVM\RT\NoxVMHandle.exe
FirewallRules: [{8BCCE364-BEED-4811-8262-FFC476A32E2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Pontos de Restauração =========================

27-04-2018 11:41:37 Ponto de Verificação Agendado
06-05-2018 18:48:20 Ponto de Verificação Agendado

==================== Dispositivos Apresentando Falhas No Gerenciador =============

==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (05/08/2018 02:55:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado.

Error: (05/08/2018 01:55:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado.

Error: (05/08/2018 12:55:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado.

Error: (05/08/2018 11:55:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado.

Error: (05/08/2018 10:55:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado.

Error: (05/08/2018 09:55:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado.

Error: (05/08/2018 09:48:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado.

Error: (05/08/2018 09:10:38 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Falha ao adicionar certificado ao repositório de Autoridades de Certificação de Raiz de Terceiros com erro: Acesso negado.

Erros de Sistema:
=============
Error: (05/08/2018 07:50:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço svcp devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (05/07/2018 07:50:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço svcp devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (05/06/2018 06:43:00 PM) (Source: DCOM) (EventID: 10010) (User: ASUS-PC)
Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não se registrou no DCOM dentro do tempo limite necessário.

Error: (05/06/2018 06:42:30 PM) (Source: DCOM) (EventID: 10010) (User: ASUS-PC)
Description: O servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} não se registrou no DCOM dentro do tempo limite necessário.

Error: (05/06/2018 06:22:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço svcp devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (05/05/2018 06:29:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço svcp devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Error: (05/04/2018 11:17:21 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço MBAMService.

Error: (05/04/2018 07:52:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço svcp devido ao seguinte erro:
O sistema não pode encontrar o arquivo especificado.

Windows Defender:
===================================
Date: 2017-11-23 07:28:25.508
Description:
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {4FB2AE7E-D344-43BA-883B-1833D8B51F1A}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-11-21 10:07:08.061
Description:
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {13091665-B49C-403E-9706-11130162A35B}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-11-20 19:56:50.518
Description:
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {214ED0A2-CC13-4B93-93A3-D8831748EF0D}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-11-17 17:33:08.571
Description:
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {D358F898-94E2-406A-88BC-A81275649F5E}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-11-17 13:46:04.830
Description:
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {15089AA8-4970-49B6-8835-CD73CD131F88}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-10-01 17:39:05.549
Description:
O recurso de Proteção em Tempo Real do Windows Defender encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x80004005
Descrição do erro: Erro não especificado
Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos.

Date: 2017-10-01 17:39:05.549
Description:
O recurso de Proteção em Tempo Real do Windows Defender encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x80004005
Descrição do erro: Erro não especificado
Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos.

Date: 2017-10-01 17:39:05.549
Description:
O recurso de Proteção em Tempo Real do Windows Defender encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x80004005
Descrição do erro: Erro não especificado
Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos.

Date: 2017-10-01 17:39:05.549
Description:
O recurso de Proteção em Tempo Real do Windows Defender encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x80004005
Descrição do erro: Erro não especificado
Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos.

Date: 2016-12-12 08:11:42.433
Description:
O recurso de Proteção em Tempo Real do Windows Defender encontrou um erro e falhou.
Recurso: Monitoramento do Comportamento
Código do Erro: 0x80501002
Descrição do erro: O programa não pode localizar arquivos de definição que ajudam a detectar software indesejado. Verifique se há atualizações de arquivos de definição e tente novamente. Para obter informações sobre como instalar atualizações, consulte Ajuda e Suporte.
Motivo: A proteção antimalware parou de funcionar por um motivo desconhecido. Em alguns casos, reiniciar o serviço pode resolver o problema.

CodeIntegrity:
===================================

Date: 2018-04-10 01:18:00.376
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Diebold\Warsaw\wslbscr64.dll that did not meet the Windows signing level requirements.

Date: 2017-11-23 07:29:22.236
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-23 07:29:21.158
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-22 11:03:58.129
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-22 11:03:57.060
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-21 10:10:27.338
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-21 10:10:25.050
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-11-20 19:00:00.422
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Informações da Memória ===========================

Processador: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentagem de memória em uso: 70%
RAM física total: 8075.06 MB
RAM física disponível: 2401.57 MB
Virtual Total: 16267.06 MB
Virtual disponível: 9976.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:41 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]
Drive d: (Data) (Fixed) (Total:258.35 GB) (Free:53.45 GB) NTFS

\\?\Volume{8b3e3fe5-e8f9-447a-856a-321c3f646676}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.59 GB) NTFS
\\?\Volume{6cc5e1bd-145c-465e-965f-b470a1a11a64}\ (Restore) (Fixed) (Total:20.01 GB) (Free:10.47 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 42A3A21B)

Partition: GPT.

==================== Fim de Addition.txt ============================

Corrine · May 8, 2018

Hi, vjb89.

1. Security updates were released for Adobe Flash Player today. You can get the latest update for Firefox here: Flash Player for Firefox/Pale Moon - NPAPI.

2. Speaking of Firefox, you have Mozilla Firefox 58.0.2 which is also out of date, as the current version (today) is 59.0.3. However, according to the release schedule, version 60.0 is due to be released tomorrow (9May2018) so you could wait. However, keep in mind that the updates have included critical security updates to please don't wait too long.

3. You also have outdated versions of Java installed:

Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)

Since very few programs need Java any longer, I strongly suggest you consider uninstalling both outdated installs. If you decide to keep it, you need to updated it to the latest version: Download link: Java SE 8u171. Be sure to UNcheck any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

4. You also have an out of date version of Opera installed. If you are no longer using it, I suggest you uninstall it. Otherwise, it need to be updated to the current version 52.0.2871.99.

5. Please do a scan with ESET Online Scanner

Temporarily disable your AntiVirus and AntiSpyware protection - instructions here.

Please visit the ESET Online Scanner website
Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
Double click esetonlinescanner_enu.exe. Accept the Terms of Use
Select Enable detection of potentially unwanted applications
In Advanced Settings: make sure that Clean threats automatically is unchecked
And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
Click Scan
The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
When completed, the program will begin to scan. This may take several hours. Please, be patient.
Do not do anything on your machine as it may interrupt the scan.
When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Don't forget to re-enable previously switched-off protection software!

vjb89 · May 9, 2018

I have updated everything you said and tried to uninstall Opera through add and remove programs but it's not uninstalling. Here's the ESET log:

C:\AdwCleaner\quarantine\files\mabsrxxzckfchkldryredivdfpgagvyc\{746AB259-6474-4111-8966-1C62F9A6E063}\setup.msi a variant of Win32/UwS.SlimDrivers.A application
C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe a variant of Win32/FusionCore.I potentially unwanted application
C:\Users\Victor\Desktop\Victor\PROGRAMAS\CClPro 5.23.5880.rar Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Victor\Desktop\Victor\PROGRAMAS\EXX5XXBRXXHADES.rar MSIL/RiskWare.HackAV.A application
C:\Users\Victor\Desktop\Victor\PROGRAMAS\sHaRewbb_cts851.rar Win32/Keygen.ACQ potentially unsafe application
C:\Users\Victor\Desktop\Victor\PROGRAMAS\DRIVER BOOSTER 4 + KEY (INFINITY TUTORS)\DRIVER BOOSTER 4 + KEY (INFINITY TUTORS)\disable_check_activation.cmd BAT/HostsChanger.A potentially unsafe application

Corrine · May 9, 2018

Hi, vjb89.

The ESET results have identified Freemake as a potentially unwanted program and DRIVER BOOSTER as a potentially unsafe application. It is your computer so your choice if you wish to keep them. Personally, if it were my computer, I would uninstall both.

Let me know if you wish to keep them. If you elect to uninstall them, please provide fresh FRST logs so I can see if there are any leftovers. Do the following to provide fresh FRST logs:

Right click to run as administrator. When the tool opens click Yes to disclaimer.
Note: After FRST completes updating and the tool appears, check the box next to Addition.txt under the "Optional Scan" section
Press Scan button.
Please copy/paste both logs in your reply.

vjb89 · May 9, 2018

Corrine said:
Hi, vjb89.

The ESET results have identified Freemake as a potentially unwanted program and DRIVER BOOSTER as a potentially unsafe application. It is your computer so your choice if you wish to keep them. Personally, if it were my computer, I would uninstall both.

Let me know if you wish to keep them. If you elect to uninstall them, please provide fresh FRST logs so I can see if there are any leftovers. Do the following to provide fresh FRST logs:

Right click to run as administrator. When the tool opens click Yes to disclaimer.

Note: After FRST completes updating and the tool appears, check the box next to Addition.txt under the "Optional Scan" section

Press Scan button.

Please copy/paste both logs in your reply.

Well, i've downloaded both on their respective websites so i don't think they can harm my computer. I'd like to keep them but what about the rest?

Corrine · May 9, 2018

If you continue getting BSOD's then you may find it necessary to uninstall them.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ".

Code:

Start::
CreateRestorePoint:
CloseProcesses:
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a)
CHR Extension: (Desprotetor de Links) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei [2018-04-15] [UpdateUrl: hxxps://desprotetor.com.br/firefox_update.json] <==== ATENÇÃO
CHR Extension: (Desprotetor de Links) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei [2018-04-15] [UpdateUrl: hxxps://desprotetor.com.br/firefox_update.json] <==== ATENÇÃO
S1 HWiNFO32; \??\C:\Users\Victor\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATENÇÃO
S2 svcp; \??\C:\Windows\system32\Drivers\svcp64.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
2018-05-08 08:41 - 2017-08-08 13:56 - 000000000 ____D C:\Program Files\Opera
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KNet => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\svcp => ""="Driver"
EmptyTemp:
End::

Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
Please post the log in your next reply.

vjb89 · May 10, 2018

Corrine said:
If you continue getting BSOD's then you may find it necessary to uninstall them.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ".

Code:

Start:: CreateRestorePoint: CloseProcesses: FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a) CHR Extension: (Desprotetor de Links) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei [2018-04-15] [UpdateUrl: hxxps://desprotetor.com.br/firefox_update.json] <==== ATENÇÃO CHR Extension: (Desprotetor de Links) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei [2018-04-15] [UpdateUrl: hxxps://desprotetor.com.br/firefox_update.json] <==== ATENÇÃO S1 HWiNFO32; \??\C:\Users\Victor\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATENÇÃO S2 svcp; \??\C:\Windows\system32\Drivers\svcp64.sys [X] S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X] 2018-05-08 08:41 - 2017-08-08 13:56 - 000000000 ____D C:\Program Files\Opera AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KNet => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\svcp => ""="Driver" EmptyTemp: End::

Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.

Press the Fix button once and wait.

FRST will process fixlist.txt

When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe

Please post the log in your next reply.

Where do i paste that code?

Corrine · May 10, 2018

You don't need to paste the code anywhere. After you have copied the code, it will be on the clipboard. When you right-click on FRST, it will grab the code from the clipboard and go to work.

vjb89 · May 10, 2018

How can Freemake and driver booster cause BSOD?

Here's the log:

Fixlog.txt

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 10.05.2018
Executado por Victor (10-05-2018 19:46:06) Run:1
Executando a partir de C:\Users\Victor\Desktop
Perfis Carregados: Victor (Perfis Disponíveis: Victor)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => não encontrado (a)
CHR Extension: (Desprotetor de Links) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei [2018-04-15] [UpdateUrl: hxxps://desprotetor.com.br/firefox_update.json] <==== ATENÇÃO
CHR Extension: (Desprotetor de Links) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei [2018-04-15] [UpdateUrl: hxxps://desprotetor.com.br/firefox_update.json] <==== ATENÇÃO
S1 HWiNFO32; \??\C:\Users\Victor\AppData\Local\Temp\HWiNFO64A.SYS [X] <==== ATENÇÃO
S2 svcp; \??\C:\Windows\system32\Drivers\svcp64.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
2018-05-08 08:41 - 2017-08-08 13:56 - 000000000 ____D C:\Program Files\Opera
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KNet => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\svcp => ""="Driver"
EmptyTemp:

*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com" => removido (a) com sucesso.
CHR Extension: (Desprotetor de Links) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei [2018-04-15] [UpdateUrl: hxxps://desprotetor.com.br/firefox_update.json] <==== ATENÇÃO => Erro: Nenhuma correção automática foi encontrada para esta entrada.
CHR Extension: (Desprotetor de Links) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei [2018-04-15] [UpdateUrl: hxxps://desprotetor.com.br/firefox_update.json] <==== ATENÇÃO => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"HKLM\System\CurrentControlSet\Services\HWiNFO32" => removido (a) com sucesso.
HWiNFO32 => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\svcp" => removido (a) com sucesso.
svcp => serviço removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Services\VMnetAdapter" => removido (a) com sucesso.
VMnetAdapter => serviço removido (a) com sucesso.
C:\Program Files\Opera => movido com sucesso
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\KNet" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mfevtp" => removido (a) com sucesso.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\svcp" => removido (a) com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 48825274 B
Java, Flash, Steam htmlcache => 111402577 B
Windows/system/drivers => 1696688742 B
Edge => 0 B
Chrome => 551808614 B
Firefox => 83536684 B
Opera => 26440223 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile32 => 745 B
LocalService => 163478 B
NetworkService => 2122 B
Victor => 140461695 B

RecycleBin => 578718488 B
EmptyTemp: => 3 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 19:49:03 ====

Corrine · May 11, 2018

As noted in the ESET scan results for Driver Booster, "A potentially unsafe application". This is because programs that claim to update your drivers can and do install either the wrong or corrupted drivers as well as unsigned drivers. Adding that to IOBit's past practices, although from some years ago, I wouldn't run it on my computer. See the following for additional information:
-- IOBit Steals Malwarebytes' Intellectual Property
-- IOBit’s Denial of Theft Unconvincing
-- IOBit Theft Conclusion

Looking back through your topic, I realize that I neglected to include the findings from the ESET scan that were not related to Freemake and Driver Booster. As a result, I'd like you to run FRST again.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Please select the entire contents of the code box below, from the "Start::" line to "End", including both lines. Right-click and select "Copy ".

Code:

Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\Victor\Desktop\Victor\PROGRAMAS\CClPro 5.23.5880.rar Win32/Bundled.Toolbar.Google.D potentially unsafe application 
C:\Users\Victor\Desktop\Victor\PROGRAMAS\EXX5XXBRXXHADES.rar MSIL/RiskWare.HackAV.A application
C:\Users\Victor\Desktop\Victor\PROGRAMAS\sHaRewbb_cts851.rar Win32/Keygen.ACQ potentially unsafe application 
EmptyTemp:
End::

Please right-click on FRST/FRST64 to run as administrator. When the tool opens, click "yes" to the disclaimer.
Press the Fix button once and wait.
FRST will process fixlist.txt
When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
Please post the log in your next reply.

vjb89 · May 11, 2018

Ok, you convinced me with driver booster. Do you know any other application like that? I don't know how to download drivers manually. Btw, what about freemake? It's shown as a unwanted app because of the others apps it offers. But i always unchecky those boxes offering other applications.

Here's the log:

Fixlog.txt

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 10.05.2018
Executado por Victor (11-05-2018 18:10:56) Run:2
Executando a partir de C:\Users\Victor\Desktop
Perfis Carregados: Victor (Perfis Disponíveis: Victor)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\Victor\Desktop\Victor\PROGRAMAS\CClPro 5.23.5880.rar Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Victor\Desktop\Victor\PROGRAMAS\EXX5XXBRXXHADES.rar MSIL/RiskWare.HackAV.A application
C:\Users\Victor\Desktop\Victor\PROGRAMAS\sHaRewbb_cts851.rar Win32/Keygen.ACQ potentially unsafe application
EmptyTemp:

*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"C:\Users\Victor\Desktop\Victor\PROGRAMAS\CClPro 5.23.5880.rar Win32/Bundled.Toolbar.Google.D potentially unsafe application" => não encontrado (a)
"C:\Users\Victor\Desktop\Victor\PROGRAMAS\EXX5XXBRXXHADES.rar MSIL/RiskWare.HackAV.A application" => não encontrado (a)
"C:\Users\Victor\Desktop\Victor\PROGRAMAS\sHaRewbb_cts851.rar Win32/Keygen.ACQ potentially unsafe application" => não encontrado (a)

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9525923 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 518752 B
Edge => 0 B
Chrome => 374830554 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile32 => 128 B
LocalService => 3306 B
NetworkService => 0 B
Victor => 6854 B

RecycleBin => 101250 B
EmptyTemp: => 375.2 MB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 18:13:04 ====

Corrine · May 11, 2018

Drivers seldom need updating. Intel did recently due to the recent "Meltdown" vulnerability. However, updates for the Intel chips would be through ASUS, not Intel. Additional protection was from Windows Update (Protecting your device against chip-related security vulnerabilities - Windows Help).

nVidia occasionally needs updates but that too is easily handled via nVidia GeForce Experience (available at Download GeForce Experience | NVIDIA | GeForce). nVidia is on this old (2008) laptop and I've found it simple to use.

Note that FRST did not find the three other files detected by ESET. The easiest thing for you would be to rescan with ESET and allow the removal of those three files.

Unchecky is a great tool and certainly does help when installing software. Security programs vary in identifying PUPs (Potentially Unwanted Programs). Generally, a PUP is a program that includes spyware/adware, although a more indepth description is here: How to avoid potentially unwanted programs - Malwarebytes Labs | Malwarebytes Labs. Since you have Malwarebytes installed, has it Freemaker shown up in a scan?

Since you originally came to Sysnative due to having BSOD's, have they stopped or are you still experiencing BSOD's?

If the BSODs

vjb89 · May 11, 2018

Corrine said:
Drivers seldom need updating. Intel did recently due to the recent "Meltdown" vulnerability. However, updates for the Intel chips would be through ASUS, not Intel. Additional protection was from Windows Update (Protecting your device against chip-related security vulnerabilities - Windows Help).

nVidia occasionally needs updates but that too is easily handled via nVidia GeForce Experience (available at Download GeForce Experience | NVIDIA | GeForce). nVidia is on this old (2008) laptop and I've found it simple to use.

Note that FRST did not find the three other files detected by ESET. The easiest thing for you would be to rescan with ESET and allow the removal of those three files.

Unchecky is a great tool and certainly does help when installing software. Security programs vary in identifying PUPs (Potentially Unwanted Programs). Generally, a PUP is a program that includes spyware/adware, although a more indepth description is here: How to avoid potentially unwanted programs - Malwarebytes Labs | Malwarebytes Labs. Since you have Malwarebytes installed, has it Freemaker shown up in a scan?

Since you originally came to Sysnative due to having BSOD's, have they stopped or are you still experiencing BSOD's?

If the BSODs

Can't i just remove those files for myself? ESET scan will probably take a long time to complete. About the BSOD, i said before it occurs when i connect a bluetooth mouse to my notebook. So i'll have to try again to see if it'll happen...

Edit: i use unchecky already

vjb89 · May 11, 2018

Oh, and freemake never showed up on a MBAM scan

Sysnative Windows Update · May 11, 2018

Hi!

Yes, you can. If the BSOD happens again, I'd advise you to post in our BSOD forum: https://www.sysnative.com/forums/bsod-crashes-kernel-debugging/

Or get a mouse that is compatible with the system (in case you're certain that the mouse is causing issues).

vjb89 · May 11, 2018

softwaremaniac said:
Hi!

Yes, you can. If the BSOD happens again, I'd advise you to post in our BSOD forum: https://www.sysnative.com/forums/bsod-crashes-kernel-debugging/

Or get a mouse that is compatible with the system (in case you're certain that the mouse is causing issues).

Actually i created a thread in that area first but i was told to post about it here because it could be a malware. And this mouse is compatible because i already used it before

Corrine · May 12, 2018

Yes, I saw that you already use Unchecky, which between it and you watching for pre-checked options prevented any unwanted additions included in the installation. It is more likely that ESET detected it due to pre-checked options included at installation and, thus, identified it as potentially unwanted.

Nothing particularly serious was in the logs and, certainly, nothing related to the mouse you use, although that isn't to say that there isn't a problem with the Qualcomm Atheros Bluetooth Suite or that an updated driver (yes, I know, but no, please use "official sources"). It is possible that ASUS has an updated driver or the software for replacement. You can check here: Download Center | Official Support | ASUS USA. If not successful, explaining in your BSOD thread[/rl] that you need assistance updating/replacing the driver for your bluetooth software may be helpful.

Please do the following to uninstall FRST:

Navigate to where you saved FRST and right-click Frst.exe or Frst64.exe
Select "rename" and change the name to Uninstall.exe
With the computer booted into Normal Mode run the renamed FRST, "Uninstall.exe".

The computer will reboot, and on boot up will delete %systemdrive%\FRST and from the directory from which FRST is run, it will delete ...

FRST.txt
Addition.txt
Search.txt
Fixlog.txt
The tool itself

vjb89 · May 22, 2018

Corrine said:
Yes, I saw that you already use Unchecky, which between it and you watching for pre-checked options prevented any unwanted additions included in the installation. It is more likely that ESET detected it due to pre-checked options included at installation and, thus, identified it as potentially unwanted.

Nothing particularly serious was in the logs and, certainly, nothing related to the mouse you use, although that isn't to say that there isn't a problem with the Qualcomm Atheros Bluetooth Suite or that an updated driver (yes, I know, but no, please use "official sources"). It is possible that ASUS has an updated driver or the software for replacement. You can check here: Download Center | Official Support | ASUS USA. If not successful, explaining in your BSOD thread[/rl] that you need assistance updating/replacing the driver for your bluetooth software may be helpful.

Please do the following to uninstall FRST:

Navigate to where you saved FRST and right-click Frst.exe or Frst64.exe

Select "rename" and change the name to Uninstall.exe

With the computer booted into Normal Mode run the renamed FRST, "Uninstall.exe".

The computer will reboot, and on boot up will delete %systemdrive%\FRST and from the directory from which FRST is run, it will delete ...

FRST.txt

Addition.txt

Search.txt

Fixlog.txt

The tool itself

Hi there, sorry for taking too long to answer. I already did as you said and tried to connect that bluetooth mouse again to see if the BSOD would occur again. Fortunately, and i dont' know why, it didn't happen again. Thanks for your time and your help :)

Corrine · May 22, 2018

You've very welcome, vjb89. I'm glad to hear that your bluetooth mouse is back working correctly.

[SOLVED] [8.1 x64] 0x1000007e (WppRecorder.sys). Asus X450LD

vjb89

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

vjb89

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

vjb89

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

vjb89

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

vjb89

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

vjb89

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

vjb89

Well-known member

vjb89

Well-known member

Sysnative Windows Update

Inactive

vjb89

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

vjb89

Well-known member

Corrine

Administrator,
Microsoft MVP,
Security Analyst

[SOLVED] [8.1 x64] 0x1000007e (WppRecorder.sys). Asus X450LD

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Well-known member

Inactive

Well-known member

Administrator, Microsoft MVP, Security Analyst

Well-known member

Administrator, Microsoft MVP, Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst

Administrator,
Microsoft MVP,
Security Analyst