Ir para conteúdo
Entre para seguir isso  
dubio

Solicitação de análise de logs

Mensagem Recomendada

Aborte a execução..

Desative temporariamente seu Antivírus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu Desktop (Área de Trabalho).

Dê um duplo clique no seu ícone no Desktop.

Marque "YES, I accept the Terms of Use." Clique em Start.

Aceite qualquer Aviso de Segurança de seu Navegador

Marque as Opções abaixo:

Enable detection of potencially unwanted applications.

Clique em Hide advanced settings e marque:

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology 

Clique Change e marque também a caixa Computador.

Clique em Start.

Ele vai atualizar por conta própria, e escanear o Computador. Tenha paciência, o processo pode demorar horas. Quando o Scan terminar, clique em List Threats.

Clique em Export to text file e salve o Log na sua Área de Trabalho.

Copie e cole o conteúdo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum Log será gerado.

Clique em Back.

Clique em Finish.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

Segue o log do Eset:

C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\2001978e\segundavia01012016 (1).zip    VBS/DNSChanger.U trojan    deleted
C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\2001978e\segundavia01012016 (2).zip    VBS/DNSChanger.U trojan    deleted
C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\2001978e\segundavia01012016 (3).zip    VBS/DNSChanger.U trojan    deleted
C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\2001978e\segundavia01012016.zip    VBS/DNSChanger.U trojan    deleted
C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\20053003\Transaction_Apple_Case (1).pdf    PDF/Phishing.A.Gen trojan    cleaned by deleting
C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\20053003\Transaction_Apple_Case (2).pdf    PDF/Phishing.A.Gen trojan    cleaned by deleting
C:\Users\Eduardo\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\ce0008ef24b6a242\120712-0049\Att\20053003\Transaction_Apple_Case.pdf    PDF/Phishing.A.Gen trojan    cleaned by deleting
C:\Users\Eduardo\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/OpenCandy.G potentially unsafe application    deleted
C:\Users\Eduardo\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe    a variant of Win32/OpenCandy.G potentially unsafe application    deleted
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

Embora ainda permaneça certa lentidão, o PC teve uma melhora significativa! Já consigo utilizá-lo.

Algumas coisas que observei: embora tenha tentado desinstalar o McAfee (durante a desinstalação o PC travou, reiniciei e depois não consegui desinstalar nem pelo painel de controle nem pelo CCleaner) ele continua constando na lista de programas em execução no gerenciador de tarefas. Além disso, aquele processo Wondershare que não sei para que serve, continua inicializando com o PC e usando um monte de memória. Toda vez que inicio preciso finalizá-lo para que o PC não vá ficando lento. 

 

gerenciador1.jpg

gerenciador2.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

Primeiramente siga estas instruções:

1. Faça download do OTL (OldTimer) e salve-o na sua Área de Trabalho (desktop)

2. Feche todas as janelas e execute-o

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do OTL.exe e selecione  executar-como-administrador.png

3. Habilite estas opções do OTL:

 1  Padrão
 2  90 dias
 3  Usar WhiteList para Nomes de Companhias
 4  Ignorar Arquivos Microsoft
 5  Verificar Lop
 6  Verificar Purity

otl.png

4. Agora selecione as linhas abaixo em vermelho e copie-as (CTRL C)

CREATERESTOREPOINT
netsvcs
%systemroot%\system32\drivers\*.* /90
%systemdrive%\drivers\*.exe
%SYSTEMDRIVE%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
C:\windows\system32\Tasks\*.* /s
C:\windows\system32\Tasks\*.* /s /64
%windir%\tasks\*.* /s
%systemroot%\*.scr
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
\SpecialAccounts\UserList
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService
net user /c
/md5start
termsrv.dll
termsrv.dll.bak
/md5stop
%systemdrive%\$Recycle.Bin|@;true;true;true /fp[/color]

5. Volte ao programa, clique com o botão direito do mouse dentro da área Exames Personalizados/Correções e escolha Colar

otl-exames-personalizados.png

6. Agora clique em Verificar para o OTL iniciar a varredura do seu computador:

otl-verificar.PNG

Não modifique nenhuma outra configuração a menos que você tenha sido orientado a fazer isso.

A análise do OTL demora um pouco, então tenha paciência. Quando a análise finalizar, serão criados dois arquivos: OTL.txt e Extras.txt. Eles estarão na mesma pasta aonde o arquivo OTL.exe foi salvona sua Área de Trabalho (Desktop).

7. Por fim, copie todo o conteúdo do arquivo OTL.txt (selecione todo o texto e tecle CTRL C) e poste na sua próxima resposta.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite!

Segue o conteúdo do arquivo OTL.txt. Fiquei em dúvida se também deveria enviar o conteúdo do arquivo Extras.txt. Caso seja necessário, envio na próxima resposta.

OTL logfile created on: 24/09/2017 18:27:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eduardo\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18793)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
5,89 Gb Total Physical Memory | 3,97 Gb Available Physical Memory | 67,37% Memory free
11,89 Gb Paging File | 9,53 Gb Available in Paging File | 80,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 67,38 Gb Free Space | 36,17% Space Free | Partition Type: NTFS
Drive D: | 258,35 Gb Total Space | 135,12 Gb Free Space | 52,30% Space Free | Partition Type: NTFS
 
Computer Name: EDUARDO | User Name: Eduardo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2017/09/24 18:24:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
PRC - [2017/08/31 17:18:54 | 040,257,336 | ---- | M] () -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2017/08/21 04:34:44 | 003,410,384 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2017/04/29 10:05:49 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
PRC - [2016/09/22 22:25:23 | 000,631,520 | ---- | M] (GAS Tecnologia) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe
PRC - [2016/08/01 10:35:42 | 002,779,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2016/04/01 02:16:12 | 000,931,864 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2014/05/26 14:47:22 | 000,303,928 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2014/05/15 20:23:42 | 000,406,328 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2014/05/08 15:56:44 | 000,209,720 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2014/04/02 19:46:10 | 000,058,440 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2014/03/27 18:00:12 | 019,723,888 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2014/03/26 20:24:44 | 000,115,512 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2014/02/26 02:50:24 | 000,323,584 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2014/01/20 08:57:42 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/01/20 08:57:08 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/11/08 21:08:52 | 000,227,936 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2013/10/23 18:45:30 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/10/23 18:44:48 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013/10/23 18:44:48 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/05/28 15:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2011/11/21 19:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2017/09/24 10:08:42 | 001,177,088 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._core_.pyd
MOD - [2017/09/24 10:08:42 | 001,067,520 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._controls_.pyd
MOD - [2017/09/24 10:08:42 | 000,816,640 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._windows_.pyd
MOD - [2017/09/24 10:08:42 | 000,806,912 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._gdi_.pyd
MOD - [2017/09/24 10:08:42 | 000,733,696 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._misc_.pyd
MOD - [2017/09/24 10:08:42 | 000,088,576 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows.volumes.pyd
MOD - [2017/09/24 10:08:42 | 000,077,824 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._html2.pyd
MOD - [2017/09/24 10:08:42 | 000,058,880 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows.device_monitor.pyd
MOD - [2017/09/24 10:08:42 | 000,017,408 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows.winwrap.pyd
MOD - [2017/09/24 10:08:41 | 000,736,256 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pysqlite2._sqlite.pyd
MOD - [2017/09/24 10:08:41 | 000,686,080 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\unicodedata.pyd
MOD - [2017/09/24 10:08:41 | 000,524,248 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows._lib_cacheinvalidation.pyd
MOD - [2017/09/24 10:08:41 | 000,364,544 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pythoncom27.dll
MOD - [2017/09/24 10:08:41 | 000,320,512 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32com.shell.shell.pyd
MOD - [2017/09/24 10:08:41 | 000,167,936 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32gui.pyd
MOD - [2017/09/24 10:08:41 | 000,127,488 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pyexpat.pyd
MOD - [2017/09/24 10:08:41 | 000,119,808 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32file.pyd
MOD - [2017/09/24 10:08:41 | 000,110,080 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pywintypes27.dll
MOD - [2017/09/24 10:08:41 | 000,108,544 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32security.pyd
MOD - [2017/09/24 10:08:41 | 000,098,816 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32api.pyd
MOD - [2017/09/24 10:08:41 | 000,082,432 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\usb_ext.pyd
MOD - [2017/09/24 10:08:41 | 000,038,912 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32inet.pyd
MOD - [2017/09/24 10:08:41 | 000,035,840 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32process.pyd
MOD - [2017/09/24 10:08:41 | 000,025,600 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32pdh.pyd
MOD - [2017/09/24 10:08:41 | 000,024,064 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32pipe.pyd
MOD - [2017/09/24 10:08:41 | 000,022,528 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32ts.pyd
MOD - [2017/09/24 10:08:41 | 000,020,480 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_yappi.pyd
MOD - [2017/09/24 10:08:41 | 000,018,432 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32event.pyd
MOD - [2017/09/24 10:08:41 | 000,017,920 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\thumbnails_ext.pyd
MOD - [2017/09/24 10:08:41 | 000,017,408 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32profile.pyd
MOD - [2017/09/24 10:08:41 | 000,013,824 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\common.time34.pyd
MOD - [2017/09/24 10:08:41 | 000,011,264 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32crypt.pyd
MOD - [2017/09/24 10:08:41 | 000,010,240 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\select.pyd
MOD - [2017/09/24 10:08:41 | 000,007,168 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\hashobjs_ext.pyd
MOD - [2017/09/24 10:08:40 | 001,309,696 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_ssl.pyd
MOD - [2017/09/24 10:08:40 | 000,918,528 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_hashlib.pyd
MOD - [2017/09/24 10:08:40 | 000,218,624 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\PIL._imaging.pyd
MOD - [2017/09/24 10:08:40 | 000,129,536 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_elementtree.pyd
MOD - [2017/09/24 10:08:40 | 000,088,064 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_ctypes.pyd
MOD - [2017/09/24 10:08:40 | 000,046,080 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_socket.pyd
MOD - [2017/09/24 10:08:40 | 000,036,864 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_psutil_windows.pyd
MOD - [2017/09/24 10:08:40 | 000,027,648 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_multiprocessing.pyd
MOD - [2017/09/18 22:18:09 | 007,577,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fd1b666835e77e2661323dac7e0587e1\System.Xml.ni.dll
MOD - [2017/09/18 22:18:05 | 002,031,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f2c7f2963e05fa02657aa1c2fbb9c306\System.Xaml.ni.dll
MOD - [2017/09/18 22:18:04 | 013,563,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7d9d077eb4ded37dea277f695ba62a9f\System.Windows.Forms.ni.dll
MOD - [2017/09/18 22:17:41 | 001,645,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9942224b2cb962890f5e8608a70a5de0\System.Drawing.ni.dll
MOD - [2017/09/18 22:17:35 | 000,993,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\9dd4356e776f5ed068d649145fd7c5e6\System.Configuration.ni.dll
MOD - [2017/09/18 22:17:34 | 019,825,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2dd3ed728ffeaa38583744a6321d0dd5\PresentationFramework.ni.dll
MOD - [2017/09/18 22:17:34 | 000,536,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eedc58de041994b8b94c590b744fee00\PresentationFramework.Aero2.ni.dll
MOD - [2017/09/18 22:17:23 | 012,184,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\d1f1c17c0842a41c91c33567f458ba82\PresentationCore.ni.dll
MOD - [2017/09/18 22:17:16 | 004,110,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dbc8949492c79af28c43ccfa13d172ff\WindowsBase.ni.dll
MOD - [2017/09/18 22:17:12 | 007,684,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\47535d8f572ae7406856caade371353b\System.Core.ni.dll
MOD - [2017/09/18 22:17:06 | 010,336,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\18abf3307fdc21471c4c68baced31c69\System.ni.dll
MOD - [2017/08/31 17:18:54 | 040,257,336 | ---- | M] () -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
MOD - [2017/08/30 03:04:22 | 020,518,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5a63cba6fca9851d84db4a2860bf633a\mscorlib.ni.dll
MOD - [2014/04/02 19:46:10 | 000,117,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
MOD - [2014/04/02 19:46:10 | 000,037,936 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
MOD - [2014/04/02 19:46:10 | 000,020,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
MOD - [2014/04/02 19:46:10 | 000,018,992 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
MOD - [2013/04/27 10:24:12 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2017/08/07 19:27:36 | 000,993,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe -- (McAPExe)
SRV:64bit: - [2017/08/07 10:25:08 | 006,058,960 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe -- (MBAMService)
SRV:64bit: - [2017/07/07 12:16:30 | 001,056,304 | ---- | M] (GAS Tecnologia LTDA) [Auto | Running] -- C:\Program Files\Diebold\Warsaw\core.exe -- (Warsaw Technology)
SRV:64bit: - [2017/06/21 17:19:44 | 000,394,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe -- (mfemms)
SRV:64bit: - [2017/06/21 17:10:38 | 000,350,160 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2017/06/21 17:06:34 | 000,242,640 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2017/05/30 22:21:26 | 002,139,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe -- (mccspsvc)
SRV:64bit: - [2017/04/16 05:37:33 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2017/02/22 10:35:46 | 000,641,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2017/02/22 10:35:46 | 000,641,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2017/02/22 10:35:46 | 000,641,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McBootDelayStartSvc)
SRV:64bit: - [2017/02/22 10:35:46 | 000,641,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2017/01/12 13:51:17 | 000,361,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2017/01/12 13:51:17 | 000,119,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2017/01/10 18:06:07 | 000,840,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2016/12/24 20:39:34 | 000,133,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2016/08/22 10:34:40 | 001,628,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016/06/07 17:32:07 | 002,988,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2016/02/08 13:53:04 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2016/02/03 12:11:56 | 001,673,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2015/07/16 15:58:34 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/05/30 16:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/05/12 10:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/05/07 12:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2015/02/20 20:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/10/29 00:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/10/28 23:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/10/28 23:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/10/28 23:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/10/28 23:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/10/28 23:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/10/28 22:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/28 22:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/10/28 22:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/10/28 22:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/10/28 22:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/10/28 22:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/10/28 22:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/10/28 22:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/10/28 22:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/10/28 22:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/10/28 22:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/10/28 22:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/10/28 22:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/10/28 22:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/10/28 21:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 00:10:44 | 000,282,072 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2013/10/17 23:24:42 | 000,148,160 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService)
SRV:64bit: - [2013/10/17 23:24:42 | 000,126,952 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV:64bit: - [2013/10/17 23:24:42 | 000,117,704 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2013/10/17 23:24:42 | 000,116,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2013/09/02 18:31:00 | 000,827,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV - [2016/12/15 08:33:56 | 000,440,832 | ---- | M] (Wondershare) [Auto | Stopped] -- C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe -- (WsAppService)
SRV - [2016/09/22 22:25:23 | 000,631,520 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2016/06/07 17:32:07 | 002,988,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/05/07 12:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/28 22:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 22:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/03/26 20:24:44 | 000,115,512 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2014/03/18 00:10:52 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/02/26 03:17:38 | 000,319,104 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2014/02/26 02:50:24 | 000,323,584 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2014/01/20 08:57:08 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/08 21:08:52 | 000,227,936 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2013/10/23 18:45:30 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/10/23 18:44:48 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/10/23 18:44:48 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2013/08/16 05:04:18 | 000,071,680 | ---- | M] (ASUS Cloud Corporation) [Auto | Running] -- C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe -- (Asus WebStorage Windows Service)
SRV - [2011/11/21 19:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/10/12 14:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2017/09/24 18:28:34 | 000,028,888 | ---- | M] (GAS Tecnologia) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gbpddfac64.sys -- (gbpddfac)
DRV:64bit: - [2017/09/24 10:08:20 | 000,101,824 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt)
DRV:64bit: - [2017/09/24 10:08:16 | 000,045,472 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:64bit: - [2017/09/24 10:08:12 | 000,253,888 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2017/09/24 10:07:27 | 000,028,376 | ---- | M] (GAS Tecnologia) [File_System | System | Running] -- C:\Windows\SysNative\drivers\wsddfac.sys -- (wsddfac)
DRV:64bit: - [2017/09/23 17:36:18 | 000,192,960 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MBAMChameleon.sys -- (MBAMChameleon)
DRV:64bit: - [2017/08/24 11:27:36 | 000,077,440 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mbae64.sys -- (ESProtectionDriver)
DRV:64bit: - [2017/07/08 17:14:22 | 000,376,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2017/07/08 00:16:36 | 000,086,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2017/06/26 09:25:56 | 000,933,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,506,352 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2017/06/26 09:25:56 | 000,487,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeaack.sys -- (mfeaack)
DRV:64bit: - [2017/06/26 09:25:56 | 000,355,312 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,253,424 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,116,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeplk.sys -- (mfeplk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,084,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,077,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2017/06/19 22:42:05 | 000,047,672 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtliteusbbus.sys -- (dtliteusbbus)
DRV:64bit: - [2017/06/19 22:41:55 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus)
DRV:64bit: - [2017/05/15 19:09:32 | 000,057,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2017/03/12 12:04:55 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2017/02/10 11:37:28 | 000,046,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2017/01/12 13:51:18 | 000,274,776 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2017/01/12 13:51:18 | 000,117,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2017/01/11 14:28:42 | 000,422,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2016/11/07 14:54:54 | 000,025,184 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wsddprm.sys -- (wsddprm)
DRV:64bit: - [2016/10/12 18:11:01 | 000,922,968 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2016/09/05 04:47:12 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2016/09/05 04:47:06 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2016/06/16 18:43:32 | 000,036,984 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wsddntf.sys -- (wsddntf)
DRV:64bit: - [2016/06/08 18:43:00 | 000,025,184 | ---- | M] (GAS Tecnologia) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\wsddpp.sys -- (wsddpp)
DRV:64bit: - [2016/03/28 11:41:34 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2016/02/22 23:45:57 | 000,230,712 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\droidcamvideo.sys -- (DroidCamVideo)
DRV:64bit: - [2016/02/22 23:45:56 | 000,033,592 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\droidcam.sys -- (DroidCam)
DRV:64bit: - [2016/01/26 16:15:40 | 000,072,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2015/10/11 03:34:30 | 000,468,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/09/29 09:24:42 | 000,155,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/04/16 03:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/03/19 22:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/03/13 01:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/03/08 23:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2014/11/10 15:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/10/29 00:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/10/29 00:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/28 23:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/10/28 23:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/10/28 23:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/10/28 23:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/10/28 23:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/10/12 23:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/07 03:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/08/14 21:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/31 17:43:00 | 000,071,952 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2014/03/27 18:00:12 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2014/03/18 00:10:32 | 003,729,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/03/17 06:57:10 | 000,843,480 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2014/03/16 23:43:32 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2014/03/13 09:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/07 03:53:16 | 003,892,224 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2014/03/01 17:32:31 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2014/03/01 17:32:31 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2014/02/26 02:53:02 | 000,598,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2014/02/26 02:53:02 | 000,355,528 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2014/02/26 02:53:02 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2014/02/26 02:53:02 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2014/02/26 02:53:02 | 000,118,984 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2014/02/26 02:53:02 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2014/02/26 02:53:02 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2014/02/26 02:53:02 | 000,035,016 | ---- | M] (Qualcomm Atheros) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2014/02/22 12:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/11 22:08:26 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Program Files\ASUS\P4G\plctrl.sys -- (plctrl)
DRV:64bit: - [2013/12/18 01:39:51 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/12/04 15:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/10/25 22:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/23 18:44:48 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/10/17 23:24:40 | 000,494,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2013/10/17 23:24:40 | 000,289,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2013/10/17 23:24:40 | 000,116,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2013/10/17 23:24:38 | 000,145,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2013/10/07 22:47:18 | 000,020,280 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2013/08/22 16:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 10:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 10:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 09:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 09:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 09:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 09:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 09:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 09:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 09:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 09:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 09:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 09:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 09:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 09:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 09:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 09:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 09:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 09:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 09:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 09:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 09:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 09:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 09:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 09:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 09:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 09:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 09:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 08:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 08:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 08:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 08:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 08:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 08:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 08:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 08:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 08:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 08:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 08:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 08:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 08:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 08:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 08:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 05:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 20:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 21:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/08 23:31:50 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/07/30 15:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 16:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/24 03:53:12 | 000,423,128 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER)
DRV:64bit: - [2013/06/18 12:05:45 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2013/06/18 11:45:58 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2013/06/18 11:45:26 | 000,460,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/08/06 00:17:18 | 000,017,280 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2015/08/26 14:35:32 | 000,029,912 | ---- | M] (GAS Tecnologia) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GbPlugin\gbprcm64.sys -- (GBPRCM)
DRV - [2015/04/29 11:29:12 | 000,024,792 | ---- | M] (GAS Tecnologia LTDA) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GbPlugin\wsftprp64.sys -- (Warsaw_PP)
DRV - [2013/07/02 21:45:52 | 000,019,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 22:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&PC=ASJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&PC=ASJB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = D0 64 8C FF 29 0A D3 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 12 00 00 00 D3 3E 26 E7 2B 8C B3 5A 91 41 F7 8F 63 8C D7 9D E2 95 02 00 00 00 0E 00 00 00 34 52 78 49 6D 38 30 65 44 69 4D 25 33 64  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Eduardo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Eduardo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2017/09/23 12:30:14 | 000,000,753 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost 
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe ()
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Google Update] C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe (Google Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([aapj] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([seg] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([imagem2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbankingpf] https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: gastecnologia.com.br ([cloud] * in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A0273A4-ACF6-41E3-90F9-F5F34B576E06}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4383C46-0A5F-465B-ABEB-03FFC614105D}: DhcpNameServer = 172.16.0.250
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (Userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files (x86)\GbPlugin\gbiehCef.dll) - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2017/09/24 18:24:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
[2017/09/23 20:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2017/09/23 20:20:59 | 002,870,984 | ---- | C] (ESET) -- C:\Users\Eduardo\Desktop\esetsmartinstaller_enu.exe
[2017/09/23 17:36:17 | 000,101,824 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017/09/22 21:07:30 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\ZHP
[2017/09/22 21:07:29 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Local\ZHP
[2017/09/20 23:17:36 | 008,182,736 | ---- | C] (Malwarebytes) -- C:\Users\Eduardo\Desktop\AdwCleaner.exe
[2017/09/20 23:13:46 | 001,790,024 | ---- | C] (Malwarebytes) -- C:\Users\Eduardo\Desktop\JRT.exe
[2017/09/19 21:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
[2017/09/19 20:32:48 | 000,192,960 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017/09/19 20:32:47 | 000,094,144 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017/09/19 20:32:43 | 000,045,472 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/09/19 20:32:36 | 000,253,888 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017/09/19 20:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017/09/19 20:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017/09/19 17:18:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files (x86)\HijackThis.exe
[2017/09/19 16:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017/08/17 23:19:04 | 000,000,000 | ---D | C] -- C:\Users\Eduardo\AppData\Roaming\dvdcss
[2017/08/14 21:53:02 | 000,028,376 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\wsddfac.sys
[2017/08/14 21:53:02 | 000,025,184 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\wsddprm.sys
[2017/08/14 21:53:02 | 000,025,184 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\wsddpp.sys
[2017/08/14 21:52:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\GAS Tecnologia
[2017/08/14 21:52:59 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Diebold
 
========== Files - Modified Within 90 Days ==========
 
[2017/09/24 18:34:03 | 000,028,888 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\gbpddfac64.sys
[2017/09/24 18:24:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eduardo\Desktop\OTL.exe
[2017/09/24 10:13:05 | 000,000,093 | ---- | M] () -- C:\Users\Eduardo\AppData\Roaming\sp_data.sys
[2017/09/24 10:08:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017/09/24 10:08:20 | 000,101,824 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2017/09/24 10:08:16 | 000,045,472 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/09/24 10:08:12 | 000,253,888 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2017/09/24 10:07:27 | 000,028,376 | ---- | M] (GAS Tecnologia) -- C:\Windows\SysNative\drivers\wsddfac.sys
[2017/09/24 10:06:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017/09/24 10:06:22 | 761,208,831 | -HS- | M] () -- C:\hiberfil.sys
[2017/09/23 20:21:00 | 002,870,984 | ---- | M] (ESET) -- C:\Users\Eduardo\Desktop\esetsmartinstaller_enu.exe
[2017/09/23 17:36:18 | 000,192,960 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2017/09/23 12:30:14 | 000,000,753 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2017/09/23 09:34:40 | 001,309,184 | ---- | M] () -- C:\zoek.exe
[2017/09/22 21:07:35 | 000,000,881 | ---- | M] () -- C:\Users\Eduardo\Desktop\ZHPCleaner.lnk
[2017/09/22 21:04:03 | 000,094,144 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2017/09/22 20:24:11 | 561,008,347 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2017/09/22 07:07:25 | 002,894,208 | ---- | M] () -- C:\Users\Eduardo\Desktop\ZHPCleaner.exe
[2017/09/21 08:04:00 | 000,118,666 | ---- | M] () -- C:\Users\Eduardo\Desktop\Sem título.jpg
[2017/09/20 23:17:45 | 008,182,736 | ---- | M] (Malwarebytes) -- C:\Users\Eduardo\Desktop\AdwCleaner.exe
[2017/09/20 23:14:38 | 001,790,024 | ---- | M] (Malwarebytes) -- C:\Users\Eduardo\Desktop\JRT.exe
[2017/09/19 20:32:28 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/09/19 17:17:58 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\HijackThis.exe
[2017/09/18 22:05:18 | 000,369,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017/08/24 11:27:36 | 000,077,440 | ---- | M] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017/08/20 18:56:56 | 001,799,910 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017/08/20 18:56:56 | 000,783,224 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2017/08/20 18:56:56 | 000,730,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017/08/20 18:56:56 | 000,161,776 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2017/08/20 18:56:56 | 000,138,874 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017/08/15 21:43:39 | 000,101,560 | ---- | M] () -- C:\Users\Eduardo\Desktop\Horários 2017-2.pdf
[2017/07/21 10:40:59 | 000,518,144 | ---- | M] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== Files Created - No Company Name ==========
 
[2017/09/23 09:34:32 | 001,309,184 | ---- | C] () -- C:\zoek.exe
[2017/09/22 21:07:35 | 000,000,881 | ---- | C] () -- C:\Users\Eduardo\Desktop\ZHPCleaner.lnk
[2017/09/22 20:24:11 | 561,008,347 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2017/09/22 07:06:29 | 002,894,208 | ---- | C] () -- C:\Users\Eduardo\Desktop\ZHPCleaner.exe
[2017/09/21 08:03:58 | 000,118,666 | ---- | C] () -- C:\Users\Eduardo\Desktop\Sem título.jpg
[2017/09/19 21:22:26 | 000,001,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive for PC is now Backup and Sync from Google.lnk
[2017/09/19 20:32:28 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/09/19 20:32:27 | 000,077,440 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2017/08/15 21:43:36 | 000,101,560 | ---- | C] () -- C:\Users\Eduardo\Desktop\Horários 2017-2.pdf
[2017/08/09 15:41:53 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2017/08/09 15:41:27 | 000,448,629 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2017/01/26 18:39:27 | 000,000,232 | ---- | C] () -- C:\Windows\SysWow64\dllhost.exe.config
[2016/06/17 10:13:53 | 000,010,240 | ---- | C] () -- C:\Users\Eduardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016/02/22 23:47:04 | 000,000,035 | ---- | C] () -- C:\ProgramData\droidcam-settings
[2015/12/14 22:10:39 | 000,000,093 | ---- | C] () -- C:\Users\Eduardo\AppData\Roaming\sp_data.sys
[2015/11/15 20:27:23 | 000,000,114 | ---- | C] () -- C:\Users\Eduardo\webutil.32.properties
[2014/11/26 22:36:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/18 14:55:58 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013/12/18 14:55:58 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
 
========== ZeroAccess Check ==========
 
[2015/08/18 23:22:47 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2017/08/12 06:30:10 | 022,361,344 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/08/12 06:26:18 | 019,789,736 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 22:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 21:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 22:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2016/09/04 19:50:51 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\(84-11-9E-D5-C9-B7)
[2015/10/09 18:20:21 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\(C4-42-02-25-FB-29)
[2016/10/16 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\amanita-design.samorost3
[2017/06/04 19:46:17 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\avidemux
[2017/09/19 17:15:04 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\DAEMON Tools Lite
[2017/01/11 20:48:25 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\Garmin
[2017/01/26 18:50:50 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\iMobie
[2015/08/25 10:25:46 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\RobotSoft
[2015/09/07 23:56:40 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\SPORE
[2017/09/23 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\uTorrent
[2015/07/25 11:54:45 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\WebStorage
[2016/03/25 21:43:30 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\WildTangent
[2017/01/26 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\Wondershare
[2017/09/22 21:20:51 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\ZHP
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %systemroot%\system32\drivers\*.* /90 >
 
< %systemdrive%\drivers\*.exe >
 
< %SYSTEMDRIVE%\*.* >
[2015/08/04 12:29:15 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/12/18 01:34:57 | 000,398,356 | RHS- | M] () -- C:\bootmgr
[2013/06/18 09:18:29 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT
[2017/09/24 10:06:22 | 761,208,831 | -HS- | M] () -- C:\hiberfil.sys
[2017/09/24 10:06:25 | 2147,483,647 | -HS- | M] () -- C:\pagefile.sys
[2017/09/23 13:00:41 | 000,000,954 | ---- | M] () -- C:\runcheck.txt
[2017/09/24 10:06:25 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017/09/23 12:43:00 | 000,001,347 | ---- | M] () -- C:\zoek-results.log
[2017/09/23 09:34:40 | 001,309,184 | ---- | M] () -- C:\zoek.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
[2017/06/05 15:48:13 | 000,010,240 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2017/08/22 06:46:28 | 000,083,744 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2015/07/25 11:48:20 | 000,000,020 | -HS- | M] () -- C:\Users\Eduardo\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2017/09/24 10:05:16 | 003,407,872 | -HS- | M] () -- C:\Users\Eduardo\NTUSER.DAT
 
< C:\Windows\system32\Tasks\*.* /s >
[2013/08/22 11:45:54 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2016/01/04 21:11:46 | 000,001,050 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core.job
[2016/01/04 21:11:46 | 000,001,050 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1474daa2cc74b.job
[2016/02/01 19:02:41 | 000,001,050 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d15d3c458456cf.job
[2016/05/10 21:29:19 | 000,001,050 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1ab1c28a47df9.job
 
< C:\Windows\system32\Tasks\*.* /s /64 >
[2017/09/24 12:00:20 | 000,003,480 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS Live Update1
[2017/09/24 12:00:20 | 000,003,470 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS Live Update2
[2014/11/26 22:49:56 | 000,003,054 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS P4G
[2014/11/26 22:39:59 | 000,003,538 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS Smart Gesture Launcher
[2014/11/26 22:51:18 | 000,002,986 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS Splendid ACMON
[2014/11/26 22:51:04 | 000,003,026 | ---- | M] () -- C:\Windows\SysNative\Tasks\ASUS USB Charger Plus
[2014/11/26 22:46:53 | 000,003,562 | ---- | M] () -- C:\Windows\SysNative\Tasks\ATK Package 36D18D69AFC3
[2015/12/01 20:24:09 | 000,002,792 | ---- | M] () -- C:\Windows\SysNative\Tasks\CCleanerSkipUAC
[2017/04/29 10:05:56 | 000,003,372 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineCore
[2017/04/29 10:05:57 | 000,003,500 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskMachineUA
[2017/04/28 18:46:17 | 000,003,408 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1e923f2d93fb3
[2017/04/28 18:46:17 | 000,003,680 | ---- | M] () -- C:\Windows\SysNative\Tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001UA
[2017/09/22 06:08:50 | 000,003,068 | ---- | M] () -- C:\Windows\SysNative\Tasks\McAfeeLogon
[2017/09/24 14:16:30 | 000,003,598 | ---- | M] () -- C:\Windows\SysNative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1936283034-997287812-3338988641-1001
[2014/11/26 22:52:45 | 000,003,594 | ---- | M] () -- C:\Windows\SysNative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1936283034-997287812-3338988641-500
[2014/11/26 22:49:57 | 000,003,206 | ---- | M] () -- C:\Windows\SysNative\Tasks\P4GIntlCtrl
[2014/11/26 22:36:59 | 000,003,138 | ---- | M] () -- C:\Windows\SysNative\Tasks\RtHDVBg
[2014/11/26 22:36:58 | 000,003,132 | ---- | M] () -- C:\Windows\SysNative\Tasks\RTKCPL
[2016/09/02 23:05:24 | 000,003,912 | ---- | M] () -- C:\Windows\SysNative\Tasks\Update Checker
[2017/09/09 20:39:21 | 000,003,352 | ---- | M] () -- C:\Windows\SysNative\Tasks\McAfee\McAfee Auto Maintenance Task Agent
[2017/09/09 20:39:21 | 000,002,930 | ---- | M] () -- C:\Windows\SysNative\Tasks\McAfee\McAfee Idle Detection Task
[2016/07/20 16:14:27 | 000,004,158 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
[2017/09/23 11:45:02 | 000,003,704 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
[2017/09/23 11:45:01 | 000,003,710 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
[2017/09/19 16:10:47 | 000,003,476 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
[2017/09/19 16:10:48 | 000,003,470 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
[2013/08/22 12:37:37 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
[2013/08/22 12:37:37 | 000,003,854 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
[2013/08/22 12:38:14 | 000,002,900 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\PolicyConverter
[2013/08/22 12:38:32 | 000,003,558 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
[2013/08/22 12:38:14 | 000,003,790 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
[2013/08/22 12:37:55 | 000,002,902 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\AitAgent
[2016/01/19 07:12:19 | 000,004,170 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
[2016/01/17 11:56:05 | 000,002,880 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
[2013/08/22 12:38:31 | 000,003,154 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Application Experience\StartupAppTask
[2013/08/22 12:38:48 | 000,002,814 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState
[2015/07/25 12:50:06 | 000,003,640 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
[2013/08/22 12:37:41 | 000,003,022 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Autochk\Proxy
[2013/08/22 12:38:52 | 000,002,118 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
[2013/08/22 12:37:21 | 000,004,130 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
[2013/08/22 12:37:21 | 000,003,868 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
[2015/07/25 11:50:00 | 000,003,134 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
[2013/08/22 12:38:56 | 000,003,028 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
[2013/08/22 12:38:51 | 000,003,178 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
[2013/08/22 12:38:17 | 000,002,934 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[2013/08/22 12:37:48 | 000,003,316 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[2013/08/22 12:37:57 | 000,003,182 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[2013/08/22 12:39:01 | 000,004,450 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
[2013/08/22 12:39:01 | 000,004,012 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
[2013/08/22 12:38:31 | 000,003,266 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
[2017/09/24 18:33:45 | 000,003,782 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
[2013/08/22 12:38:35 | 000,003,170 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Diagnosis\Scheduled
[2015/08/01 23:54:11 | 000,003,696 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup
[2015/09/20 19:03:23 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[2013/08/22 16:12:22 | 000,002,428 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
[2015/08/01 23:54:23 | 000,002,618 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
[2013/08/22 12:38:55 | 000,003,834 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
[2013/08/22 12:37:35 | 000,003,630 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\IME\SQM data sender
[2013/08/22 12:39:02 | 000,003,554 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Location\Notifications
[2013/08/22 12:37:37 | 000,003,178 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Maintenance\WinSAT
[2013/08/22 12:38:51 | 000,006,054 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
[2013/08/22 12:38:51 | 000,003,640 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
[2013/08/22 12:38:48 | 000,004,410 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
[2015/07/29 15:37:46 | 000,003,456 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\Lpksetup
[2013/08/22 12:38:11 | 000,003,030 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\LPRemove
[2015/08/04 12:41:36 | 000,003,324 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\MUI\Mcbuilder
[2013/08/22 12:38:42 | 000,002,602 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
[2013/08/22 12:37:17 | 000,002,738 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
[2013/08/22 12:38:14 | 000,002,044 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
[2013/08/22 12:38:14 | 000,002,832 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
[2013/08/22 12:38:56 | 000,002,980 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
[2013/08/22 12:38:56 | 000,002,872 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\PI\Sqm-Tasks
[2013/08/22 12:38:58 | 000,003,590 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
[2013/08/22 12:37:16 | 000,003,200 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
[2013/08/22 12:38:57 | 000,003,562 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
[2013/08/22 12:37:49 | 000,002,128 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
[2013/08/22 12:38:41 | 000,003,162 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[2013/08/22 12:38:36 | 000,005,624 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RAC\RacTask
[2013/08/22 12:37:43 | 000,003,248 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Ras\MobilityManager
[2015/08/09 19:20:16 | 000,003,750 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
[2013/08/22 12:38:14 | 000,003,326 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Registry\RegIdleBackup
[2013/08/22 12:38:57 | 000,004,596 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
[2016/03/09 12:03:01 | 000,003,544 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\RemovalTools\MRT_HB
[2013/08/22 12:38:47 | 000,002,944 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
[2013/08/22 12:39:00 | 000,003,360 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
[2013/08/22 12:39:00 | 000,003,364 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SettingSync\BackupTask
[2013/08/22 12:39:00 | 000,003,462 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
[2013/08/22 12:37:23 | 000,002,236 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\CreateObjectTask
[2013/08/22 12:38:57 | 000,002,330 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor
[2015/08/01 23:54:13 | 000,003,216 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
[2015/08/01 23:54:13 | 000,003,014 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
[2013/08/22 12:37:27 | 000,003,512 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
[2013/08/22 12:39:06 | 000,003,036 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
[2013/08/22 12:39:06 | 000,002,768 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
[2017/09/24 18:31:23 | 000,004,680 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
[2015/07/25 11:50:50 | 000,003,842 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
[2013/08/22 11:48:57 | 000,004,480 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
[2013/08/22 12:38:38 | 000,003,590 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask
[2013/08/22 12:37:37 | 000,003,214 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
[2013/08/22 12:37:37 | 000,003,284 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
[2017/09/03 00:35:14 | 000,003,858 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask
[2013/08/22 12:38:48 | 000,002,798 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\SystemRestore\SR
[2013/08/22 12:37:32 | 000,002,614 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Task Manager\Interactive
[2017/09/24 10:53:21 | 000,004,028 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
[2013/08/22 12:38:35 | 000,004,166 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
[2013/08/22 12:38:35 | 000,003,048 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
[2015/07/25 11:57:24 | 000,004,472 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
[2013/08/22 12:37:53 | 000,002,978 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
[2013/08/22 12:38:35 | 000,002,848 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
[2013/08/22 12:37:21 | 000,002,918 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
[2013/08/22 12:39:01 | 000,003,180 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone
[2013/08/22 12:38:56 | 000,004,194 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
[2013/08/22 12:37:18 | 000,001,986 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
[2013/08/22 12:37:49 | 000,003,420 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
[2013/08/22 12:37:17 | 000,002,682 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WDI\ResolutionHost
[2017/09/22 21:14:13 | 000,003,590 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance
[2017/09/22 21:14:14 | 000,003,566 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup
[2017/09/22 21:14:14 | 000,003,546 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan
[2017/09/22 21:14:12 | 000,003,584 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
[2013/08/22 12:37:17 | 000,004,004 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
[2013/08/22 12:37:25 | 000,003,290 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
[2013/08/22 12:38:32 | 000,003,304 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
[2013/08/22 11:47:31 | 000,003,532 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2015/08/01 23:53:10 | 000,003,676 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
[2017/09/24 11:11:40 | 000,003,402 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
[2017/09/24 11:11:40 | 000,005,004 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
[2017/09/24 11:11:40 | 000,004,926 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start
[2017/09/24 11:11:40 | 000,004,924 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network
[2013/08/22 12:37:24 | 000,003,344 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Wininet\CacheTask
[2015/08/01 23:54:29 | 000,003,448 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
[2015/08/09 19:18:41 | 000,003,016 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
[2013/08/22 12:38:47 | 000,002,808 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
[2013/08/22 12:38:47 | 000,003,132 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
[2013/08/22 12:38:51 | 000,003,530 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join
[2013/08/22 12:39:06 | 000,003,606 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\Badge Update
[2017/09/22 20:38:51 | 000,005,070 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\License Validation
[2013/08/22 12:39:06 | 000,003,464 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\Sync Licenses
[2013/08/22 12:39:06 | 000,003,826 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask
[2013/08/22 12:38:32 | 000,003,700 | ---- | M] () -- C:\Windows\SysNative\Tasks\Microsoft\Windows\WS\WSTask
 
< %windir%\tasks\*.* /s >
[2016/01/04 21:11:46 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core.job
[2016/02/01 19:02:41 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1474daa2cc74b.job
[2016/05/10 21:29:19 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d15d3c458456cf.job
[2016/07/28 20:01:17 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1936283034-997287812-3338988641-1001Core1d1ab1c28a47df9.job
[2017/09/24 10:07:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
 
< %systemroot%\*.scr >
[2014/03/31 21:34:22 | 000,322,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 2C 02 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 78 CF 04 63 03 A8 4C 20 6A D7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 99 35 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 00 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 78 CF 04 63 03 A8 4C 20 6A D7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MEMPROTECT_MODE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
 
< \FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings >
"CodeBaseSearchPath" = CODEBASE
"WarnOnIntranet" = 1
"EnablePunycode" = 1
"MinorVersion" = 0
"ActiveXCache" = C:\Windows\Downloaded Program Files -- [2013/08/22 12:36:44 | 000,000,000 | --SD | M]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings >
"CodeBaseSearchPath" = CODEBASE
"WarnOnIntranet" = 1
"EnablePunycode" = 1
"MinorVersion" = 0
"ActiveXCache" = C:\Windows\Downloaded Program Files -- [2013/08/22 12:36:44 | 000,000,000 | --SD | M]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedBehaviors]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragImageExts]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\AllowedDragProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Last Update]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\NoFileLifetimeExtension]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Passport]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\PluggableProtocols]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Secure Mime Handlers]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SO]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\SOIEAK]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Unattend]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Url History]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server >
"StartRCM" = 0
"DeleteTempDirsOnExit" = 1
"fSingleSessionPerUser" = 1
"TSUserEnabled" = 0
"RCDependentServices" = CertPropSvcSessionEnv [binary data]
"SnapshotMonitors" = 1
"DelayConMgrTimeout" = 0
"NotificationTimeOut" = 0
"PerSessionTempDir" = 0
"AllowRemoteRPC" = 0
"ProductVersion" = 5.1
"fDenyTSConnections" = 1
"InstanceID" = f3adfd05-9bc4-47d2-9c0b-03451f3
"GlassSessionId" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\ConnectionHandler]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\KeyboardType Mapping]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SessionArbitrationHelper]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\TerminalTypes]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\VIDEO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon >
"Userinit" = Userinit.exe,
"Shell" = Explorer.exe -- [2016/08/27 15:26:03 | 002,411,048 | ---- | M] (Microsoft Corporation)
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2014/10/28 22:39:56 | 000,081,920 | ---- | M] (Microsoft Corporation)
"DefaultDomainName" = 
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa >
"Bounds" = 0  [binary data]
"auditbasedirectories" = 0
"fullprivilegeauditing" =  [binary data]
"crashonauditfail" = 0
"auditbaseobjects" = 0
"Security Packages" = "" [binary data]
"LimitBlankPasswordUse" = 1
"NoLmHash" = 1
"Notification Packages" = scecli [binary data] -- [2014/10/28 22:01:41 | 000,214,016 | ---- | M] (Microsoft Corporation)
"Authentication Packages" = msv1_0 [binary data] -- [2016/10/10 18:17:59 | 000,333,656 | ---- | M] (Microsoft Corporation)
"LsaPid" = 844
"SecureBoot" = 1
"ProductType" = 3
"disabledomaincreds" = 0
"everyoneincludesanonymous" = 0
"forceguest" = 0
"restrictanonymous" = 0
"restrictanonymoussam" = 1
"SamConnectedAccountsExist" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\CentralizedAccessPolicies]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts >
 
< \UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
"AutoHide" = yes
"Security Risk Page" = about:SecurityRisk
"Extensions Off Page" = about:NoAdd-ons
"Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
"ApplicationTileImmersiveActivation" = 1
"AssociationActivationMode" = 0
"Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
"Placeholder_Width" = 1A 00 00 00  [binary data]
"x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2017/08/15 21:30:44 | 000,815,280 | ---- | M] (Microsoft Corporation)
"Placeholder_Height" = 1A 00 00 00  [binary data]
"Default_Secondary_Page_URL" =  [binary data]
"Use_Async_DNS" = yes
"Start Page" = about:blank
"Local Page" = C:\Windows\SysWOW64\blank.htm
"Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit" = yes
"Enable_Disk_Cache" = yes
"TabProcGrowth" = Medium
"DoNotTrack" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon >
"Userinit" = Userinit.exe,
"Shell" = Explorer.exe -- [2016/08/27 15:26:03 | 002,411,048 | ---- | M] (Microsoft Corporation)
"VMApplet" = SystemPropertiesPerformance.exe /pagefile -- [2014/10/28 22:39:56 | 000,081,920 | ---- | M] (Microsoft Corporation)
"DefaultDomainName" = 
"PreCreateKnownFolders" = {A520A1A4-1780-4FF6-BD18-167343C5AF16}
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
 
< \SpecialAccounts\UserList >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN >
"AutoHide" = yes
"Security Risk Page" = about:SecurityRisk
"Extensions Off Page" = about:NoAdd-ons
"Default_Search_URL" = http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL" = http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon" = 01 00 00 00  [binary data]
"ApplicationTileImmersiveActivation" = 1
"AssociationActivationMode" = 0
"Cache_Percent_of_Disk" = 0A 00 00 00  [binary data]
"Placeholder_Width" = 1A 00 00 00  [binary data]
"x86AppPath" = C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE -- [2017/08/15 21:30:44 | 000,815,280 | ---- | M] (Microsoft Corporation)
"Placeholder_Height" = 1A 00 00 00  [binary data]
"Default_Secondary_Page_URL" =  [binary data]
"Use_Async_DNS" = yes
"Start Page" = about:blank
"Local Page" = C:\Windows\SysWOW64\blank.htm
"Search Page" = http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit" = yes
"Enable_Disk_Cache" = yes
"TabProcGrowth" = Medium
"DoNotTrack" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\ErrorThresholds]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\UrlTemplate]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService >
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2014/10/29 00:17:51 | 000,033,088 | ---- | M] (Microsoft Corporation)
"DisplayName" = @%SystemRoot%\System32\termsrv.dll,-268
"ErrorControl" = 1
"Start" = 3
"Type" = 32
"Description" = @%SystemRoot%\System32\termsrv.dll,-267
"DependOnService" = RPCSS [binary data]
"ObjectName" = NT Authority\NetworkService
"ServiceSidType" = 1
"RequiredPrivileges" = SeAssignPrimaryTokenPrivilegeSeAu [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 00 00 00 00 60 EA 00 00  [binary data]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Parameters]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService\Performance]
 
< net user /c >
Contas de usu rio para \\EDUARDO
-------------------------------------------------------------------------------
Administrador            Convidado                Eduardo                  
Comando conclu¡do com ˆxito.
 
< MD5 for: TERMSRV.DLL  >
[2015/08/31 12:56:24 | 000,198,463 | ---- | M] () MD5=25A73204EB15E84D6B263267BD21536C -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.16384_none_7f5da1d3283b1dd6\termsrv.dll
[2015/08/31 12:56:26 | 000,198,463 | ---- | M] () MD5=25A73204EB15E84D6B263267BD21536C -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.16389_none_7f62a34528369c89\termsrv.dll
[2017/05/27 13:42:21 | 001,115,136 | ---- | M] (Microsoft Corporation) MD5=76938862B2674EFED79E814CD36E6A08 -- C:\Windows\SysNative\termsrv.dll
[2017/05/27 13:42:21 | 001,115,136 | ---- | M] (Microsoft Corporation) MD5=76938862B2674EFED79E814CD36E6A08 -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.18709_none_7fb8fcad27f5e4df\termsrv.dll
[2017/09/03 00:23:51 | 000,080,207 | ---- | M] () MD5=B8454CE722617B69853F0DB663D442DB -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.18692_none_7f50a975284531d0\termsrv.dll
[2017/08/19 16:18:08 | 000,048,405 | ---- | M] () MD5=C81B1C71D6175A0FC3806F17869D64D5 -- C:\Windows\WinSxS\amd64_microsoft-Windows-t..teconnectionmanager_31bf3856ad364e35_6.3.9600.17415_none_7faa3caf28018a5e\termsrv.dll
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >[/color]
Invalid Switch: color]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 32 bytes -> C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
@Alternate Data Stream - 237 bytes -> C:\Users\Eduardo\SkyDrive:ms-properties
@Alternate Data Stream - 10 bytes -> C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt
@Alternate Data Stream - 10 bytes -> C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt

< End of report >
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

1. Selecione as linhas abaixo em vermelho e copie-as (CTRL C)

:OTL
MOD - [2017/09/24 10:08:42 | 001,177,088 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._core_.pyd
MOD - [2017/09/24 10:08:42 | 001,067,520 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._controls_.pyd
MOD - [2017/09/24 10:08:42 | 000,816,640 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._windows_.pyd
MOD - [2017/09/24 10:08:42 | 000,806,912 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._gdi_.pyd
MOD - [2017/09/24 10:08:42 | 000,733,696 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._misc_.pyd
MOD - [2017/09/24 10:08:42 | 000,088,576 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows.volumes.pyd
MOD - [2017/09/24 10:08:42 | 000,077,824 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\wx._html2.pyd
MOD - [2017/09/24 10:08:42 | 000,058,880 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows.device_monitor.pyd
MOD - [2017/09/24 10:08:42 | 000,017,408 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows.winwrap.pyd
MOD - [2017/09/24 10:08:41 | 000,736,256 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pysqlite2._sqlite.pyd
MOD - [2017/09/24 10:08:41 | 000,686,080 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\unicodedata.pyd
MOD - [2017/09/24 10:08:41 | 000,524,248 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\Windows._lib_cacheinvalidation.pyd
MOD - [2017/09/24 10:08:41 | 000,364,544 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pythoncom27.dll
MOD - [2017/09/24 10:08:41 | 000,320,512 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32com.shell.shell.pyd
MOD - [2017/09/24 10:08:41 | 000,167,936 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32gui.pyd
MOD - [2017/09/24 10:08:41 | 000,127,488 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pyexpat.pyd
MOD - [2017/09/24 10:08:41 | 000,119,808 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32file.pyd
MOD - [2017/09/24 10:08:41 | 000,110,080 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\pywintypes27.dll
MOD - [2017/09/24 10:08:41 | 000,108,544 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32security.pyd
MOD - [2017/09/24 10:08:41 | 000,098,816 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32api.pyd
MOD - [2017/09/24 10:08:41 | 000,082,432 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\usb_ext.pyd
MOD - [2017/09/24 10:08:41 | 000,038,912 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32inet.pyd
MOD - [2017/09/24 10:08:41 | 000,035,840 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32process.pyd
MOD - [2017/09/24 10:08:41 | 000,025,600 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32pdh.pyd
MOD - [2017/09/24 10:08:41 | 000,024,064 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32pipe.pyd
MOD - [2017/09/24 10:08:41 | 000,022,528 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32ts.pyd
MOD - [2017/09/24 10:08:41 | 000,020,480 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_yappi.pyd
MOD - [2017/09/24 10:08:41 | 000,018,432 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32event.pyd
MOD - [2017/09/24 10:08:41 | 000,017,920 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\thumbnails_ext.pyd
MOD - [2017/09/24 10:08:41 | 000,017,408 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32profile.pyd
MOD - [2017/09/24 10:08:41 | 000,013,824 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\common.time34.pyd
MOD - [2017/09/24 10:08:41 | 000,011,264 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\win32crypt.pyd
MOD - [2017/09/24 10:08:41 | 000,010,240 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\select.pyd
MOD - [2017/09/24 10:08:41 | 000,007,168 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\hashobjs_ext.pyd
MOD - [2017/09/24 10:08:40 | 001,309,696 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_ssl.pyd
MOD - [2017/09/24 10:08:40 | 000,918,528 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_hashlib.pyd
MOD - [2017/09/24 10:08:40 | 000,218,624 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\PIL._imaging.pyd
MOD - [2017/09/24 10:08:40 | 000,129,536 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_elementtree.pyd
MOD - [2017/09/24 10:08:40 | 000,088,064 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_ctypes.pyd
MOD - [2017/09/24 10:08:40 | 000,046,080 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_socket.pyd
MOD - [2017/09/24 10:08:40 | 000,036,864 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_psutil_windows.pyd
MOD - [2017/09/24 10:08:40 | 000,027,648 | ---- | M] () -- C:\Users\Eduardo\AppData\Local\Temp\_MEI57~1\_multiprocessing.pyd
SRV:64bit: - [2017/08/07 19:27:36 | 000,993,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe -- (McAPExe)
SRV:64bit: - [2017/06/21 17:19:44 | 000,394,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe -- (mfemms)
SRV:64bit: - [2017/06/21 17:10:38 | 000,350,160 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2017/06/21 17:06:34 | 000,242,640 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2017/05/30 22:21:26 | 002,139,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe -- (mccspsvc)
SRV - [2016/12/15 08:33:56 | 000,440,832 | ---- | M] (Wondershare) [Auto | Stopped] -- C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe -- (WsAppService)
DRV:64bit: - [2017/06/26 09:25:56 | 000,933,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,506,352 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2017/06/26 09:25:56 | 000,487,408 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeaack.sys -- (mfeaack)
DRV:64bit: - [2017/06/26 09:25:56 | 000,355,312 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,253,424 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,116,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeplk.sys -- (mfeplk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,084,544 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2017/06/26 09:25:56 | 000,077,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = D0 64 8C FF 29 0A D3 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 12 00 00 00 D3 3E 26 E7 2B 8C B3 5A 91 41 F7 8F 63 8C D7 9D E2 95 02 00 00 00 0E 00 00 00 34 52 78 49 6D 38 30 65 44 69 4D 25 33 64  [binary data]
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
[2017/01/26 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Eduardo\AppData\Roaming\Wondershare
[2017/09/09 20:39:21 | 000,003,352 | ---- | M] () -- C:\Windows\SysNative\Tasks\McAfee\McAfee Auto Maintenance Task Agent
[2017/09/09 20:39:21 | 000,002,930 | ---- | M] () -- C:\Windows\SysNative\Tasks\McAfee\McAfee Idle Detection Task

:Files
C:\Program Files (x86)\Wondershare

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,\
01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,\
00,00,c0,a8,83,41,00,00,00,00,00,00,00,00

:Commands
[createrestorepoint]
[purity]
[emptytemp]

2. Volte ao programa, clique com o botão direito do mouse dentro da área Exames Personalizados/Correções e escolha Colar

3. Feche todas as janelas e execute o OTL

Usuários do Windows 7, 8 , 8.1: ou 10 clique com o botão direito do mouse no ícone do OTL.exe e selecione  executar-como-administrador.png

4. Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

otl-colar.png 

5. Agora clique em Consertar para o OTL iniciar a varredura do seu computador:

otl-consertar.png

O OTL executará o script e reinicializará o seu computador. Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.

6. Uma janela abrirá contendo informações importantes. Copie todo o conteúdo desta janela (CTRL A seguido de CTRL C) e poste na sua próxima resposta (tecle CTRL V). Poste também um novo Log do Hijackthis e informe situação atual do Computador.

OBSERVAÇÃO: este log fica armazenado na pasta C:\_OTL\MovedFiles com o nome no formato data_hora.log. Exemplo: 23042016_135657.log indica que ele foi criado em 23/04/2016 às 13h56min57s.

OBS: Se houver problema, faça em Modo de Segurança


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

Fiz o indicado, o OTL fez o processo e reiniciou o computador. No entanto, ao reiniciar ele não abriu novamente. Apareceu somente o arquivo de log que encaminho abaixo:

All processes killed
========== OTL ==========
Error: No service named McAPExe was found to stop!
Unable to delete service\driver key McAPExe.
File move failed. C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe scheduled to be moved on reboot.
Error: No service named mfemms was found to stop!
Unable to delete service\driver key mfemms.
File move failed. C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe scheduled to be moved on reboot.
Error: No service named mfevtp was found to stop!
Unable to delete service\driver key mfevtp.
File move failed. C:\Windows\SysNative\mfevtps.exe scheduled to be moved on reboot.
Error: No service named mfefire was found to stop!
Unable to delete service\driver key mfefire.
File move failed. C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe scheduled to be moved on reboot.
Service mccspsvc stopped successfully!
Service mccspsvc deleted successfully!
File move failed. C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe scheduled to be moved on reboot.
Service WsAppService stopped successfully!
Service WsAppService deleted successfully!
C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe moved successfully.
Error: No service named mfehidk was found to stop!
Unable to delete service\driver key mfehidk.
File move failed. C:\Windows\SysNative\drivers\mfehidk.sys scheduled to be moved on reboot.
Error: No service named mfefirek was found to stop!
Unable to delete service\driver key mfefirek.
File move failed. C:\Windows\SysNative\drivers\mfefirek.sys scheduled to be moved on reboot.
Error: No service named mfeaack was found to stop!
Unable to delete service\driver key mfeaack.
File move failed. C:\Windows\SysNative\drivers\mfeaack.sys scheduled to be moved on reboot.
Error: No service named mfeavfk was found to stop!
Unable to delete service\driver key mfeavfk.
File move failed. C:\Windows\SysNative\drivers\mfeavfk.sys scheduled to be moved on reboot.
Error: No service named mfewfpk was found to stop!
Unable to delete service\driver key mfewfpk.
File move failed. C:\Windows\SysNative\drivers\mfewfpk.sys scheduled to be moved on reboot.
Error: No service named mfeplk was found to stop!
Unable to delete service\driver key mfeplk.
File move failed. C:\Windows\SysNative\drivers\mfeplk.sys scheduled to be moved on reboot.
Error: No service named mfeelamk was found to stop!
Unable to delete service\driver key mfeelamk.
File move failed. C:\Windows\SysNative\drivers\mfeelamk.sys scheduled to be moved on reboot.
Error: No service named cfwids was found to stop!
Unable to delete service\driver key cfwids.
File move failed. C:\Windows\SysNative\drivers\cfwids.sys scheduled to be moved on reboot.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page_TIMESTAMP| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-mfe-ipt\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}\ deleted successfully.
File move failed. c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-mfe-ipt\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692}\ deleted successfully.
File move failed. c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll scheduled to be moved on reboot.
C:\Users\Eduardo\AppData\Roaming\Wondershare\DrFoneiOS folder moved successfully.
C:\Users\Eduardo\AppData\Roaming\Wondershare\DrFoneforiOS\HMYGSetting folder moved successfully.
C:\Users\Eduardo\AppData\Roaming\Wondershare\DrFoneforiOS folder moved successfully.
C:\Users\Eduardo\AppData\Roaming\Wondershare folder moved successfully.
C:\Windows\SysNative\Tasks\McAfee\McAfee Auto Maintenance Task Agent moved successfully.
C:\Windows\SysNative\Tasks\McAfee\McAfee Idle Detection Task moved successfully.
========== FILES ==========
C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\Skin\Default folder moved successfully.
C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\Skin folder moved successfully.
C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\Resources folder moved successfully.
C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\Languages folder moved successfully.
C:\Program Files (x86)\Wondershare\WAF\2.3.2.220 folder moved successfully.
C:\Program Files (x86)\Wondershare\WAF folder moved successfully.
C:\Program Files (x86)\Wondershare folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\ deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"DefaultConnectionSettings"|hex:3c,00,00,00,15,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\"SavedLegacySettings"|hex:3c,00,00,00,e6,01,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,00,50,b1,0a,41,70,27,c9,01,01,00,00,00,c0,a8,83,41,00,00,00,00,00,00,00,00 /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Eduardo
->Temp folder emptied: 182670740 bytes
->Temporary Internet Files folder emptied: 15851689 bytes
->Java cache emptied: 2443715 bytes
->Flash cache emptied: 1018 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 163697062 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 98074325 bytes
 
Total Files Cleaned = 441,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09242017_222205

Files\Folders moved on Reboot...
File move failed. C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\mfevtps.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\mfehidk.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\mfefirek.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\mfeaack.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\mfeavfk.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\mfewfpk.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\mfeplk.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\mfeelamk.sys scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\drivers\cfwids.sys scheduled to be moved on reboot.
File move failed. c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL scheduled to be moved on reboot.
File move failed. c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll scheduled to be moved on reboot.
C:\Users\Eduardo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Eduardo\AppData\Local\Microsoft\Windows\INetCache\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\upd\pgs\win_64\bin.upd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\upd\pgs\dbd\dbd.upd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\upd\pgs\warsaw.upd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\upd\global\dbd\dbd.upd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\upd\global\warsaw.upd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\upd\cef\mwdbd.upd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\upd\bb\mwdbd.upd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\013F54AC16A5B51921E2E77B2C60AAB3.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\19EBB02DCDFC37D57E8C79BDC09047DC.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\46B5C65CFB8C836A109546F58E3A5789.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\4806D58381B52E501E90103C1AE3762F.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\57E95D8E78FCF00E979136B0FD3C9C5A.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\5E3AE455E05417B09ED870D5E29E9276.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\6127054A9159BEEF1BC5485990935FE1.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\886A425515D048A464DA71EF1FF9DF3E.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\AE376FC6A65745405BC1D17D74C674E6.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\D2D3E551312E5413B2744FF3477CA60B.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\DE2E2E18E9B3FF623817593D3B053365.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\EA4B4CD78DEE9A276C07FD9446828D38.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\F170E1DFDB3B824E1833F23FB9EAEF3A.wtcf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Diebold\Warsaw\cd\FD1BA3AC1F3AF009CDF574531C1B93CB.wtcf scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Já fiz também o log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:34:46, on 24/09/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18792)
Boot mode: Normal

Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Google Update] C:\Users\Eduardo\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @oem20.inf,%WIN32_DPTF_PARTICIPANT_PROC_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Processor Participant Service Application (DptfParticipantProcessorService) - Unknown owner - C:\Windows\system32\DptfParticipantProcessorService.exe (file missing)
O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CONFIGTDP_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Config TDP Service Application (DptfPolicyConfigTDPService) - Unknown owner - C:\Windows\system32\DptfPolicyConfigTDPService.exe (file missing)
O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_CRITICAL_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Critical Service Application (DptfPolicyCriticalService) - Unknown owner - C:\Windows\system32\DptfPolicyCriticalService.exe (file missing)
O23 - Service: @oem20.inf,%WIN32_DPTF_POLICY_LPM_SERVICE_DISPLAY_NAME%;Intel(R) Dynamic Platform and Thermal Framework Low Power Mode Service Application (DptfPolicyLpmService) - Unknown owner - C:\Windows\system32\DptfPolicyLpmService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_7\McApExe.exe
O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\Wondershare Dr.Fone para iOS (Portuguese)\Library\DriverInstaller\DriverInstall.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 12505 bytes
 

O computador está bem melhor! Já não apresenta lentidão (somente ao reiniciar e demorou um pouquinho, mas isso já acontecia). No entanto, vi que os processos relacionados ao McAfee continuam ativos. Já o Wondershare foi resolvido, ele não está mais sendo executado. 

gerenciador1.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

Só agora consegui responder. Olha, fiz o indicado ontem no modo segurança, mas ele deu uma mensagem dizendo que ocorria um erro durante a desinstalação. No entanto, ao reiniciar em modo normal, percebi que grande parte daqueles processos relacionados ao McAfee desapareceram. Restou somente esse que segue na imagem. Será que há algum problema se ele permanecer? Poderia tentar reinstalar todo o McAfee e desinstalar novamente. De forma geral, o computador está normal. A lentidão resolveu, o chrome está funcionando corretamente.

Só fiquei em dúvida quanto ao McAfee. Era o antivírus que eu estava usando (inclusive tinha pago uma licença de 1 ano). Pelo que vi, ele não se mostrou uma boa escolha... Recomenda que eu use algum daqueles sugeridos por você na listagem, certo?GERENCIADOR2.jpg.0cbfed8b8baf64d8e1cd45ec80ed85fc.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sim, veja os recomendados.

Boa sorte, por aqui nada mais a fazer, o PC está limpo. (Y)

Finalizando, para desinstalar os Programas usados.......
 Execute o OTL.exe
Clique no botão Limpeza (CLEAN) 

LIMPAR.PNG

Permita que o PC seja reiniciado....


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  

×