Windows 10 Browser oeffnen endlos neue Tabs und Fenster mit Werbung

cybercarsten · 19.06.2016, 23:38

Hallo liebe TB-ler,

mein PC mit Windows 10 Home 64bit wird immer mehr von unerwuenschten Werbefenstern zugemuellt. Das Surfen wird dadurch mittlerweile ziemlich beeintraechtigt. Der Einsatz von Malwarebytes und JRT hat bisher nicht viel gebracht. Ich habe schon mal FRST laufen lassen und fuege auch das Protokoll von Norton Security (gekuerzt) an:

Code:

ATTFilter

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19-06-2016 01
Executado por cwege (administrador) em CARSTEN-DELL344 (19-06-2016 19:06:53)
Executando a partir de C:\Users\cwege\Desktop
Perfis Carregados: cwege (Perfis Disponíveis: cwege)
Platform: Windows 10 Home Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Product Registration\PRSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTB89A.tmp
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
Falha ao acessar processo -> firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8468184 2015-05-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Dell Inc.)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [191488 2011-04-20] (A.E.T. Europe B.V.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\RunOnce: [systwin] => C:\Windows\systwin.exe [305980 2016-05-07] (                                                            )
HKLM-x32\...\RunOnce: [AdBlock2] => [X]
HKLM-x32\...\RunOnce: [AdBlock] => C:\Windows\AdBlock.exe [304211 2016-06-11] (                                                            )
HKU\S-1-5-21-767966989-473913170-3455617934-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{816b9e62-21bd-40c3-b5ce-43e337bdf71c}: [DhcpNameServer] 192.168.254.254
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> DefaultScope {67AD6316-7576-41A2-9EBB-003E44D9FEB9} URL = 
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> {B365B296-1A28-4108-A050-7C52624DA174} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20160101&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-12-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-12-09] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\cwege\AppData\Roaming\Profiles\41A66E7E5EE1
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\cwege\AppData\Roaming\Mozilla\Firefox\Profiles\qbtk1o0i.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF SearchPlugin: C:\Users\cwege\AppData\Roaming\Profiles\41A66E7E5EE1\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF Extension: Block site - C:\Users\cwege\AppData\Roaming\Profiles\41A66E7E5EE1\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-06-09]
FF Extension: Adblock Plus - C:\Users\cwege\AppData\Roaming\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-11]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon [2016-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon

Chrome: 
=======
CHR Profile: C:\Users\cwege\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 0159571466366149mcinstcleanup; C:\Windows\TEMP\015957~1.EXE [922152 2016-03-02] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows (R) Win 7 DDK provider)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [87888 2016-05-03] ()
R2 Dell Product Registration; C:\Program Files\Dell\Product Registration\PRSvc.exe [32104 2016-01-25] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Arquivo não assinado]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Arquivo não assinado]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe [289080 2016-02-26] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [886096 2016-06-03] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-06-03] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-06-03] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [Arquivo não assinado]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [Arquivo não assinado]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [Arquivo não assinado]
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4301304 2015-05-18] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\BASHDefs\20160613.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1606000.08E\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\IPSDefs\20160617.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160619.002\ENG64.SYS [138456 2016-06-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160619.002\EX64.SYS [2148056 2016-06-15] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [48296 2015-05-29] (Synaptics Incorporated)
S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-19 19:06 - 2016-06-19 19:07 - 00023170 _____ C:\Users\cwege\Desktop\FRST.txt
2016-06-19 19:06 - 2016-06-19 19:06 - 00000000 ____D C:\FRST
2016-06-19 19:02 - 2016-06-19 19:05 - 02387456 _____ (Farbar) C:\Users\cwege\Desktop\FRST64.exe
2016-06-19 18:42 - 2016-06-19 18:42 - 02870984 _____ (ESET) C:\Users\cwege\Desktop\esetsmartinstaller_deu(1).exe
2016-06-19 18:40 - 2016-06-19 18:40 - 00165376 _____ C:\Users\cwege\Desktop\SystemLook_x64.exe
2016-06-19 18:39 - 2016-06-19 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\cwege\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-19 18:36 - 2016-06-19 18:39 - 03703360 _____ C:\Users\cwege\Desktop\AdwCleaner_5.200.exe
2016-06-18 19:55 - 2016-06-18 19:55 - 00016148 _____ C:\Windows\system32\CARSTEN-DELL344_cwege_HistoryPrediction.bin
2016-06-17 11:41 - 2016-06-17 11:41 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-15 15:23 - 2016-06-19 19:08 - 00003680 _____ C:\Windows\System32\Tasks\VirusRemover
2016-06-15 12:44 - 2016-05-28 02:02 - 06488312 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 02543784 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 01591304 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:52 - 22326760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 12:44 - 2016-05-28 01:39 - 01365584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:38 - 05118024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 01:35 - 02188472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 01:08 - 21860352 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 01:07 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 12:44 - 2016-05-28 01:00 - 01336832 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 06788096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:56 - 12511232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:53 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:51 - 02119680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:51 - 01603584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:49 - 19330560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 12:44 - 2016-05-28 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 03584000 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-15 12:44 - 2016-05-28 00:44 - 04793344 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:44 - 00737792 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 12:44 - 2016-05-28 00:41 - 05160960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:40 - 18797568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 00:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:36 - 01383424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:35 - 02042368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:32 - 03580928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:31 - 11268096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:30 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:29 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 12:43 - 2016-05-28 02:02 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00601344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00432360 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00421536 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00158048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00113144 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 02:00 - 00327520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-15 12:43 - 2016-05-28 02:00 - 00203496 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00363872 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00131208 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:54 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 03625416 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 00026464 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00613120 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 12:43 - 2016-05-28 01:39 - 00952968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 00365128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00372368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00306528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00112632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:28 - 00467296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 20861984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 02880560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:21 - 00545400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:21 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:11 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-15 12:43 - 2016-05-28 01:09 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 00672256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-06-15 12:43 - 2016-05-28 00:57 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 12:43 - 2016-05-28 00:54 - 00282112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 00:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:52 - 02663424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:51 - 02848256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:44 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-15 12:43 - 2016-05-28 00:44 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:43 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 12:43 - 2016-05-28 00:41 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 12:43 - 2016-05-28 00:40 - 00672768 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 01821696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:37 - 02315776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00679936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-15 12:43 - 2016-05-28 00:29 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:25 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-06-07 23:37 - 2016-06-07 23:37 - 00000000 _____ C:\Windows\SysWOW64\FAPAEB6.tmp
2016-06-07 23:37 - 2016-06-07 23:37 - 00000000 _____ C:\Windows\SysWOW64\FAPADDA.tmp
2016-06-07 23:35 - 2016-06-07 23:35 - 00000000 _____ C:\Windows\SysWOW64\FAP3B0E.tmp
2016-06-07 23:35 - 2016-06-07 23:35 - 00000000 _____ C:\Windows\SysWOW64\FAP356E.tmp
2016-06-07 23:35 - 2016-06-07 23:35 - 00000000 _____ C:\Windows\SysWOW64\FAP3472.tmp
2016-06-07 18:35 - 2016-06-07 18:35 - 00000000 _____ C:\Windows\SysWOW64\FAP5D8D.tmp
2016-06-07 18:35 - 2016-06-07 18:35 - 00000000 _____ C:\Windows\SysWOW64\FAP3523.tmp
2016-06-07 18:35 - 2016-06-07 18:35 - 00000000 _____ C:\Windows\SysWOW64\FAP3456.tmp
2016-06-07 18:31 - 2016-06-07 18:31 - 00000000 _____ C:\Windows\SysWOW64\FAPBE39.tmp
2016-06-07 18:31 - 2016-06-07 18:31 - 00000000 _____ C:\Windows\SysWOW64\FAP9C47.tmp
2016-06-07 18:31 - 2016-06-07 18:31 - 00000000 _____ C:\Windows\SysWOW64\FAP9A32.tmp
2016-06-07 18:26 - 2016-06-07 18:26 - 00000000 _____ C:\Windows\SysWOW64\FAPF930.tmp
2016-06-07 18:25 - 2016-06-07 18:25 - 00000000 _____ C:\Windows\SysWOW64\FAPD674.tmp
2016-06-07 18:25 - 2016-06-07 18:25 - 00000000 _____ C:\Windows\SysWOW64\FAPCC60.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAPAD80.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP819C.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP8013.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP49BF.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP2DF8.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP2D79.tmp
2016-06-07 18:20 - 2016-06-07 18:20 - 00000000 _____ C:\Windows\SysWOW64\FAPAAC8.tmp
2016-06-07 18:20 - 2016-06-07 18:20 - 00000000 _____ C:\Windows\SysWOW64\FAP82BC.tmp
2016-06-07 18:20 - 2016-06-07 18:20 - 00000000 _____ C:\Windows\SysWOW64\FAP824D.tmp
2016-06-07 18:15 - 2016-06-07 18:15 - 00000000 _____ C:\Windows\SysWOW64\FAPF8D.tmp
2016-06-07 18:15 - 2016-06-07 18:15 - 00000000 _____ C:\Windows\SysWOW64\FAPF1E.tmp
2016-06-07 18:15 - 2016-06-07 18:15 - 00000000 _____ C:\Windows\SysWOW64\FAP2922.tmp
2016-06-07 18:13 - 2016-06-07 18:13 - 00000000 _____ C:\Windows\SysWOW64\FAP4D67.tmp
2016-06-07 18:13 - 2016-06-07 18:13 - 00000000 _____ C:\Windows\SysWOW64\FAP228C.tmp
2016-06-07 18:13 - 2016-06-07 18:13 - 00000000 _____ C:\Windows\SysWOW64\FAP222C.tmp
2016-06-07 18:12 - 2016-06-07 18:12 - 00000000 _____ C:\Windows\SysWOW64\FAP4BC0.tmp
2016-06-07 18:12 - 2016-06-07 18:12 - 00000000 _____ C:\Windows\SysWOW64\FAP3F69.tmp
2016-06-07 18:11 - 2016-06-07 18:11 - 00000000 _____ C:\Windows\SysWOW64\FAPDCE5.tmp
2016-06-07 18:11 - 2016-06-07 18:11 - 00000000 _____ C:\Windows\SysWOW64\FAPDC37.tmp
2016-06-07 18:11 - 2016-06-07 18:11 - 00000000 _____ C:\Windows\SysWOW64\FAPD985.tmp
2016-06-07 18:06 - 2016-06-07 18:06 - 00000000 _____ C:\Windows\SysWOW64\FAP1953.tmp
2016-06-07 18:05 - 2016-06-07 18:05 - 00000000 _____ C:\Windows\SysWOW64\FAP6FE2.tmp
2016-06-07 18:03 - 2016-06-07 18:03 - 00000000 _____ C:\Windows\SysWOW64\FAP20A1.tmp
2016-06-07 18:02 - 2016-06-07 18:02 - 00000000 _____ C:\Windows\SysWOW64\FAP8B35.tmp
2016-06-07 18:02 - 2016-06-07 18:02 - 00000000 _____ C:\Windows\SysWOW64\FAP30AF.tmp
2016-06-07 18:01 - 2016-06-07 18:01 - 00000000 _____ C:\Windows\SysWOW64\FAP972C.tmp
2016-06-07 17:57 - 2016-06-07 17:57 - 00000000 _____ C:\Windows\SysWOW64\FAPE9D2.tmp
2016-06-07 17:47 - 2016-06-07 17:47 - 00000000 _____ C:\Windows\SysWOW64\FAP90A0.tmp
2016-06-07 17:43 - 2016-06-07 17:43 - 00000000 _____ C:\Windows\SysWOW64\FAPB55F.tmp
2016-06-07 17:40 - 2016-06-07 17:40 - 00000000 _____ C:\Windows\SysWOW64\FAP9FEB.tmp
2016-06-07 17:35 - 2016-06-07 17:35 - 00000000 _____ C:\Windows\SysWOW64\FAPB7EC.tmp
2016-06-07 17:35 - 2016-06-07 17:35 - 00000000 _____ C:\Windows\SysWOW64\FAP5BF.tmp
2016-06-07 17:03 - 2016-06-07 17:03 - 00000000 _____ C:\Windows\SysWOW64\FAPAEFD.tmp
2016-06-07 17:03 - 2016-06-07 17:03 - 00000000 _____ C:\Windows\SysWOW64\FAP4A27.tmp
2016-06-07 17:01 - 2016-06-07 17:01 - 00000000 _____ C:\Windows\SysWOW64\FAPEB9F.tmp
2016-06-07 17:01 - 2016-06-07 17:01 - 00000000 _____ C:\Windows\SysWOW64\FAPA145.tmp
2016-06-07 17:00 - 2016-06-07 17:00 - 00000000 _____ C:\Windows\SysWOW64\FAPED16.tmp
2016-06-07 16:55 - 2016-06-07 16:55 - 00000000 _____ C:\Windows\SysWOW64\FAPFB94.tmp
2016-06-07 16:54 - 2016-06-07 16:54 - 00000000 _____ C:\Windows\SysWOW64\FAPC93C.tmp
2016-06-07 16:44 - 2016-06-07 16:44 - 00000000 _____ C:\Windows\SysWOW64\FAP2AED.tmp
2016-06-07 16:42 - 2016-06-07 16:42 - 00000000 _____ C:\Windows\SysWOW64\FAP55C.tmp
2016-06-07 16:41 - 2016-06-07 16:41 - 00000000 _____ C:\Windows\SysWOW64\FAP4805.tmp
2016-06-07 16:41 - 2016-06-07 16:41 - 00000000 _____ C:\Windows\SysWOW64\FAP46F9.tmp
2016-06-07 16:40 - 2016-06-07 16:40 - 00000000 _____ C:\Windows\SysWOW64\FAPABB1.tmp
2016-06-07 16:40 - 2016-06-07 16:40 - 00000000 _____ C:\Windows\SysWOW64\FAP63AA.tmp
2016-06-07 16:40 - 2016-06-07 16:40 - 00000000 _____ C:\Windows\SysWOW64\FAP629E.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAPE2B6.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAPE1AA.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAPB0.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAP8C74.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAP8BB6.tmp
2016-06-07 16:36 - 2016-06-07 16:36 - 00000000 _____ C:\Windows\SysWOW64\FAP4D1A.tmp
2016-06-07 16:35 - 2016-06-07 16:35 - 00000000 _____ C:\Windows\SysWOW64\FAP252D.tmp
2016-06-07 16:35 - 2016-06-07 16:35 - 00000000 _____ C:\Windows\SysWOW64\FAP23F2.tmp
2016-06-07 16:35 - 2016-06-07 16:35 - 00000000 _____ C:\Windows\SysWOW64\FAP22F6.tmp
2016-06-07 16:31 - 2016-06-07 16:31 - 00000000 _____ C:\Windows\SysWOW64\FAP7E37.tmp
2016-06-07 16:31 - 2016-06-07 16:31 - 00000000 _____ C:\Windows\SysWOW64\FAP7CED.tmp
2016-06-07 16:28 - 2016-06-07 16:28 - 00000000 _____ C:\Windows\SysWOW64\FAP749E.tmp
2016-06-07 16:28 - 2016-06-07 16:28 - 00000000 _____ C:\Windows\SysWOW64\FAP7372.tmp
2016-06-07 16:28 - 2016-06-07 16:28 - 00000000 _____ C:\Windows\SysWOW64\FAP20FA.tmp
2016-06-07 16:28 - 2016-06-07 16:28 - 00000000 _____ C:\Windows\SysWOW64\FAP201E.tmp
2016-06-07 16:27 - 2016-06-07 16:27 - 00000000 _____ C:\Windows\SysWOW64\FAP3FDD.tmp
2016-06-07 16:26 - 2016-06-07 16:26 - 00000000 _____ C:\Windows\SysWOW64\FAP3689.tmp
2016-06-07 16:26 - 2016-06-07 16:26 - 00000000 _____ C:\Windows\SysWOW64\FAP1A16.tmp
2016-06-07 16:26 - 2016-06-07 16:26 - 00000000 _____ C:\Windows\SysWOW64\FAP18BC.tmp
2016-06-07 16:25 - 2016-06-07 16:25 - 00000000 _____ C:\Windows\SysWOW64\FAPB964.tmp
2016-06-07 16:25 - 2016-06-07 16:25 - 00000000 _____ C:\Windows\SysWOW64\FAPB80A.tmp
2016-06-07 16:09 - 2016-06-07 16:09 - 00000000 _____ C:\Windows\SysWOW64\FAPE192.tmp
2016-06-07 16:09 - 2016-06-07 16:09 - 00000000 _____ C:\Windows\SysWOW64\FAPE0D5.tmp
2016-06-07 16:08 - 2016-06-07 16:08 - 00000000 _____ C:\Windows\SysWOW64\FAPB62E.tmp
2016-06-07 16:08 - 2016-06-07 16:08 - 00000000 _____ C:\Windows\SysWOW64\FAP9815.tmp
2016-06-07 16:08 - 2016-06-07 16:08 - 00000000 _____ C:\Windows\SysWOW64\FAP8BED.tmp
2016-06-07 16:07 - 2016-06-07 16:07 - 00000000 _____ C:\Windows\SysWOW64\FAP89F7.tmp
2016-06-07 16:07 - 2016-06-07 16:07 - 00000000 _____ C:\Windows\SysWOW64\FAP89A7.tmp
2016-06-07 16:07 - 2016-06-07 16:07 - 00000000 _____ C:\Windows\SysWOW64\FAP87A1.tmp
2016-06-07 15:42 - 2016-06-07 15:42 - 00000000 _____ C:\Windows\SysWOW64\FAPC2A5.tmp
2016-06-07 15:42 - 2016-06-07 15:42 - 00000000 _____ C:\Windows\SysWOW64\FAP8CFE.tmp
2016-06-07 15:42 - 2016-06-07 15:42 - 00000000 _____ C:\Windows\SysWOW64\FAP8C41.tmp
2016-06-07 15:40 - 2016-06-07 15:40 - 00000000 _____ C:\Windows\SysWOW64\FAP3B48.tmp
2016-06-07 15:37 - 2016-06-07 15:37 - 00000000 _____ C:\Windows\SysWOW64\FAP461.tmp
2016-06-07 15:35 - 2016-06-07 15:35 - 00000000 _____ C:\Windows\SysWOW64\FAPF555.tmp
2016-06-07 15:32 - 2016-06-07 15:32 - 00000000 _____ C:\Windows\SysWOW64\FAP5832.tmp
2016-06-07 15:29 - 2016-06-07 15:29 - 00000000 _____ C:\Windows\SysWOW64\FAP8356.tmp
2016-06-07 15:22 - 2016-06-07 15:22 - 00000000 _____ C:\Windows\SysWOW64\FAP4F9E.tmp
2016-06-07 15:18 - 2016-06-07 15:18 - 00000000 _____ C:\Windows\SysWOW64\FAP9FF2.tmp
2016-06-07 15:18 - 2016-06-07 15:18 - 00000000 _____ C:\Windows\SysWOW64\FAP9F64.tmp
2016-06-07 15:18 - 2016-06-07 15:18 - 00000000 _____ C:\Windows\SysWOW64\FAP9ED5.tmp
2016-06-07 15:14 - 2016-06-07 15:14 - 00000000 _____ C:\Windows\SysWOW64\FAP6C5D.tmp
2016-06-07 15:14 - 2016-06-07 15:14 - 00000000 _____ C:\Windows\SysWOW64\FAP5D47.tmp
2016-06-07 15:14 - 2016-06-07 15:14 - 00000000 _____ C:\Windows\SysWOW64\FAP3720.tmp
2016-06-07 15:14 - 2016-06-07 15:14 - 00000000 _____ C:\Windows\SysWOW64\FAP3578.tmp
2016-06-07 15:05 - 2016-06-07 15:05 - 00000000 _____ C:\Windows\SysWOW64\FAP871.tmp
2016-06-07 15:03 - 2016-06-07 15:03 - 00000000 _____ C:\Windows\SysWOW64\FAPD4A2.tmp
2016-06-07 14:58 - 2016-06-07 14:58 - 00000000 _____ C:\Windows\SysWOW64\FAPCDC3.tmp
2016-06-07 14:58 - 2016-06-07 14:58 - 00000000 _____ C:\Windows\SysWOW64\FAP8241.tmp
2016-06-07 14:57 - 2016-06-07 14:57 - 00000000 _____ C:\Windows\SysWOW64\FAPA349.tmp
2016-06-07 14:20 - 2016-06-07 14:20 - 00000000 _____ C:\Windows\SysWOW64\FAP769A.tmp
2016-06-07 14:20 - 2016-06-07 14:20 - 00000000 _____ C:\Windows\SysWOW64\FAP4B23.tmp
2016-06-07 14:20 - 2016-06-07 14:20 - 00000000 _____ C:\Windows\SysWOW64\FAP49F8.tmp
2016-06-07 14:19 - 2016-06-07 14:19 - 00000000 _____ C:\Windows\SysWOW64\FAP107C.tmp
2016-06-07 14:18 - 2016-06-07 14:18 - 00000000 _____ C:\Windows\SysWOW64\FAPA9F0.tmp
2016-06-07 14:18 - 2016-06-07 14:18 - 00000000 _____ C:\Windows\SysWOW64\FAPA8B5.tmp
2016-06-07 14:18 - 2016-06-07 14:18 - 00000000 _____ C:\Windows\SysWOW64\FAP4258.tmp
2016-06-07 14:18 - 2016-06-07 14:18 - 00000000 _____ C:\Windows\SysWOW64\FAP41D9.tmp
2016-06-07 14:09 - 2016-06-13 04:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-07 12:02 - 2016-06-07 12:02 - 00000000 _____ C:\Windows\SysWOW64\FAPA8A0.tmp
2016-06-07 12:02 - 2016-06-07 12:02 - 00000000 _____ C:\Windows\SysWOW64\FAP9535.tmp
2016-06-07 12:02 - 2016-06-07 12:02 - 00000000 _____ C:\Windows\SysWOW64\FAP9477.tmp
2016-06-07 11:58 - 2016-06-07 11:58 - 00000000 _____ C:\Windows\SysWOW64\FAP6A66.tmp
2016-06-07 11:58 - 2016-06-07 11:58 - 00000000 _____ C:\Windows\SysWOW64\FAP689F.tmp
2016-06-07 11:57 - 2016-06-07 11:57 - 00000000 _____ C:\Windows\SysWOW64\FAPC34A.tmp
2016-06-07 11:56 - 2016-06-07 11:56 - 00000000 _____ C:\Windows\SysWOW64\FAPACE1.tmp
2016-06-07 11:56 - 2016-06-07 11:56 - 00000000 _____ C:\Windows\SysWOW64\FAPAC05.tmp
2016-06-07 11:54 - 2016-06-07 11:54 - 00000000 _____ C:\Windows\SysWOW64\FAP73F.tmp
2016-06-07 11:54 - 2016-06-07 11:54 - 00000000 _____ C:\Windows\SysWOW64\FAP684C.tmp
2016-06-07 11:54 - 2016-06-07 11:54 - 00000000 _____ C:\Windows\SysWOW64\FAP633.tmp
2016-06-07 11:52 - 2016-06-07 11:52 - 00000000 _____ C:\Windows\SysWOW64\FAP4B62.tmp
2016-06-07 11:52 - 2016-06-07 11:52 - 00000000 _____ C:\Windows\SysWOW64\FAP4A85.tmp
2016-06-07 11:48 - 2016-06-07 11:48 - 00000000 _____ C:\Windows\SysWOW64\FAP6A2F.tmp
2016-06-07 11:48 - 2016-06-07 11:48 - 00000000 _____ C:\Windows\SysWOW64\FAP46C6.tmp
2016-06-07 11:48 - 2016-06-07 11:48 - 00000000 _____ C:\Windows\SysWOW64\FAP451F.tmp
2016-06-07 11:47 - 2016-06-07 11:47 - 00000000 _____ C:\Windows\SysWOW64\FAPD447.tmp
2016-06-07 11:47 - 2016-06-07 11:47 - 00000000 _____ C:\Windows\SysWOW64\FAPC149.tmp
2016-06-07 11:47 - 2016-06-07 11:47 - 00000000 _____ C:\Windows\SysWOW64\FAPC01E.tmp
2016-06-07 11:46 - 2016-06-07 11:46 - 00000000 _____ C:\Windows\SysWOW64\FAP8D3.tmp
2016-06-07 11:46 - 2016-06-07 11:46 - 00000000 _____ C:\Windows\SysWOW64\FAP825.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP6E91.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP5848.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP575B.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP255C.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP24CE.tmp
2016-06-07 11:41 - 2016-06-07 11:41 - 00000000 _____ C:\Windows\SysWOW64\FAP4C5E.tmp
2016-06-07 11:41 - 2016-06-07 11:41 - 00000000 _____ C:\Windows\SysWOW64\FAP3FE8.tmp
2016-06-07 11:41 - 2016-06-07 11:41 - 00000000 _____ C:\Windows\SysWOW64\FAP3F2B.tmp
2016-06-07 11:39 - 2016-06-07 11:39 - 00000000 _____ C:\Windows\SysWOW64\FAPE72A.tmp
2016-06-07 11:39 - 2016-06-07 11:39 - 00000000 _____ C:\Windows\SysWOW64\FAPD536.tmp
2016-06-07 11:39 - 2016-06-07 11:39 - 00000000 _____ C:\Windows\SysWOW64\FAPD42B.tmp
2016-06-07 11:37 - 2016-06-07 11:37 - 00000000 _____ C:\Windows\SysWOW64\FAPBF24.tmp
2016-06-07 11:37 - 2016-06-07 11:37 - 00000000 _____ C:\Windows\SysWOW64\FAP994A.tmp
2016-06-07 11:37 - 2016-06-07 11:37 - 00000000 _____ C:\Windows\SysWOW64\FAP988D.tmp
2016-06-07 11:36 - 2016-06-07 11:36 - 00000000 _____ C:\Windows\SysWOW64\FAPAC85.tmp
2016-06-07 11:36 - 2016-06-07 11:36 - 00000000 _____ C:\Windows\SysWOW64\FAP8515.tmp
2016-06-07 11:35 - 2016-06-07 11:35 - 00000000 _____ C:\Windows\SysWOW64\FAPC105.tmp
2016-06-07 11:35 - 2016-06-07 11:35 - 00000000 _____ C:\Windows\SysWOW64\FAPBFCB.tmp
2016-06-07 11:35 - 2016-06-07 11:35 - 00000000 _____ C:\Windows\SysWOW64\FAP83FA.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAPD46E.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAPD362.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAP6F5C.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAP4915.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAP479C.tmp
2016-06-07 11:30 - 2016-06-07 11:30 - 00000000 _____ C:\Windows\SysWOW64\FAP70E7.tmp
2016-06-07 11:30 - 2016-06-07 11:30 - 00000000 _____ C:\Windows\SysWOW64\FAP5416.tmp
2016-06-07 11:30 - 2016-06-07 11:30 - 00000000 _____ C:\Windows\SysWOW64\FAP529D.tmp
2016-06-07 11:28 - 2016-06-07 11:28 - 00000000 _____ C:\Windows\SysWOW64\FAPC9E9.tmp
2016-06-07 11:28 - 2016-06-07 11:28 - 00000000 _____ C:\Windows\SysWOW64\FAP9D48.tmp
2016-06-07 11:28 - 2016-06-07 11:28 - 00000000 _____ C:\Windows\SysWOW64\FAP9CC9.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAPF6FB.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAPCA8A.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAP2C3A.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAP2BDA.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAP1BEA.tmp
2016-06-07 11:19 - 2016-06-07 11:19 - 00000000 _____ C:\Windows\SysWOW64\FAP6112.tmp
2016-06-07 11:19 - 2016-06-07 11:19 - 00000000 _____ C:\Windows\SysWOW64\FAP6035.tmp
2016-06-07 10:31 - 2016-06-07 10:31 - 00000000 _____ C:\Windows\SysWOW64\FAP75A6.tmp
2016-06-07 10:31 - 2016-06-07 10:31 - 00000000 _____ C:\Windows\SysWOW64\FAP5FF9.tmp
2016-06-07 10:31 - 2016-06-07 10:31 - 00000000 _____ C:\Windows\SysWOW64\FAP5ECE.tmp
2016-06-07 10:30 - 2016-06-07 10:30 - 00000000 _____ C:\Windows\SysWOW64\FAPB202.tmp
2016-06-07 10:30 - 2016-06-07 10:30 - 00000000 _____ C:\Windows\SysWOW64\FAPB154.tmp
2016-06-07 08:16 - 2016-06-07 08:16 - 00000000 _____ C:\Windows\SysWOW64\FAP4674.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAPA024.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP82F5.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP8237.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP3EC4.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP3D89.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP2FCC.tmp
2016-06-07 07:53 - 2016-06-07 07:53 - 00000000 _____ C:\Windows\SysWOW64\FAPD3FB.tmp
2016-06-07 07:53 - 2016-06-07 07:53 - 00000000 _____ C:\Windows\SysWOW64\FAPD38B.tmp
2016-06-07 07:53 - 2016-06-07 07:53 - 00000000 _____ C:\Windows\SysWOW64\FAPD1E4.tmp
2016-06-07 07:52 - 2016-06-07 07:52 - 00000000 _____ C:\Windows\SysWOW64\FAP409E.tmp
2016-06-07 07:52 - 2016-06-07 07:52 - 00000000 _____ C:\Windows\SysWOW64\FAP3E79.tmp
2016-06-07 07:52 - 2016-06-07 07:52 - 00000000 _____ C:\Windows\SysWOW64\FAP3D8D.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPFE64.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPD35A.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPD30A.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPD2CA.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPD1DD.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPCB44.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPCA96.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC9E8.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC988.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC919.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC87B.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC80B.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC79C.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC6DF.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC67F.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC61F.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC581.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC4D3.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC3C7.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPBF03.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPBB19.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9F32.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9EF1.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9EB1.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9E80.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9C1D.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP757.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP717.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP6E6.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP6B5.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP6A42.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP5A.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP5178.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP503E.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP29A9.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP1DCF.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPFAFD.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPFAAD.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPFA7C.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF9EE.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF77B.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF46B.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF43A.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF40A.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF3B9.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPE734.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPC274.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPC234.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPC1B5.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPC174.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPB4FF.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPB21E.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP96CB.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP919.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP78B2.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP77B6.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP7766.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP767A.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP761A.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP757C.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP750C.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP749D.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP743D.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP73ED.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP735E.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP72FF.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP71D4.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP7164.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP6D3C.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP65D7.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP4732.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP46F1.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP46B1.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP4670.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP4610.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP45D0.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP458F.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP4520.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP3F23.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP3E36.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP3607.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPD1B.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPCB5D.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPCB0C.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPCACC.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPCA6C.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA904.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA8C4.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA883.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA852.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA67B.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA224.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP9FD0.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP8A23.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP8908.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP6BBA.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP6ADD.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP67DE.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP676E.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP672E.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP66FD.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP63FD.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP619A.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP40D1.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1F2E.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1EEE.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1EAD.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1E1E.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1C28.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1BE8.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1BB7.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1B48.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1838.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF675.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF625.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF5F4.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF5C3.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF3CD.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPEDA1.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPDB11.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPC0E5.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPA3F4.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP93D5.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP9395.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP9345.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP9304.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP90EF.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP7E21.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP69FA.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP698B.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP691C.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP68CB.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP687B.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP67DD.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP675E.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP66EF.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP669F.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP662F.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP65C0.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP6522.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP64C2.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP6414.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP5433.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP42FB.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP42BB.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP426B.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP421A.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP416D.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP3E4E.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPDA44.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPAA68.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPAA37.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPA9F7.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPA9B6.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPA733.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPA686.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP8196.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP7FDF.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6A22.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP68C9.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6898.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6848.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6817.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6611.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP3654.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP3624.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP35E3.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP3574.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP31B9.tmp
2016-06-07 07:45 - 2016-06-07 07:45 - 00000000 _____ C:\Windows\SysWOW64\FAP9E9E.tmp
2016-06-07 07:45 - 2016-06-07 07:45 - 00000000 _____ C:\Windows\SysWOW64\FAP9814.tmp
2016-06-07 07:45 - 2016-06-07 07:45 - 00000000 _____ C:\Windows\SysWOW64\FAP9776.tmp
2016-06-06 13:59 - 2016-06-11 12:59 - 00304211 _____ ( ) C:\Windows\AdBlock.exe
2016-06-03 18:43 - 2016-06-03 18:43 - 00875192 _____ (Amazon) C:\Users\cwege\Downloads\AmazonCloudDriveSetup.exe
2016-06-03 13:48 - 2016-06-03 13:48 - 00001086 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-06-02 18:45 - 2016-06-15 15:23 - 00003350 _____ C:\Windows\System32\Tasks\AdBlock
2016-05-27 14:37 - 2016-06-08 06:15 - 00000000 ____D C:\Users\cwege\AppData\Local\tkdata
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Users\Todos os Usuários\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\ProgramData\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-05-27 14:35 - 2016-06-19 16:56 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00001227 _____ C:\Users\Public\Desktop\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00000000 ____D C:\Program Files\Intel Security
2016-05-27 14:33 - 2016-06-19 16:55 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-27 14:33 - 2016-05-28 02:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-05-27 14:27 - 2016-05-27 14:27 - 00000000 ____D C:\Users\cwege\AppData\Local\Macromedia
2016-05-27 14:25 - 2016-05-27 14:23 - 00000030 _____ C:\AVScanner.ini
2016-05-27 14:23 - 2016-06-19 18:41 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 14:23 - 2016-06-19 16:56 - 00000000 ____D C:\Program Files\TrueKey
2016-05-27 14:23 - 2016-06-17 11:41 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-26 10:07 - 2016-05-26 10:23 - 00000000 ____D C:\Users\cwege\AppData\Local\NPE
2016-05-23 20:22 - 2016-06-05 10:15 - 00000000 ___HD C:\OneDriveTemp
2016-05-20 22:16 - 2016-05-20 22:16 - 00002215 _____ C:\Users\Public\Desktop\Dell Help & Support.lnk

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-19 18:59 - 2015-12-12 10:29 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Skype
2016-06-19 18:40 - 2016-05-14 16:05 - 01610816 _____ (Malwarebytes) C:\Users\cwege\Desktop\JRT.exe
2016-06-19 18:37 - 2016-05-09 14:59 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-06-19 16:05 - 2016-05-12 23:08 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2016-06-19 14:45 - 2015-12-05 14:01 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F7C92D93-B2FB-4112-A628-A72D18F1E197}
2016-06-19 11:58 - 2015-12-05 17:41 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-06-19 11:58 - 2015-12-05 10:24 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-06-19 11:58 - 2015-10-22 03:21 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-06-18 12:05 - 2015-12-16 11:00 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Nitro PDF
2016-06-17 09:06 - 2016-05-16 20:35 - 00000000 ____D C:\Users\cwege\AppData\Local\CrashDumps
2016-06-17 05:05 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\AppReadiness
2016-06-17 05:00 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-17 04:56 - 2015-07-10 07:55 - 00000000 ____D C:\Windows\CbsTemp
2016-06-16 19:37 - 2015-12-05 16:29 - 00000000 ___RD C:\Users\cwege\Documents\Scanned Documents
2016-06-15 15:21 - 2015-12-05 10:24 - 00000000 ___RD C:\Users\cwege\OneDrive
2016-06-15 15:20 - 2015-12-05 10:21 - 00000000 __SHD C:\Users\cwege\IntelGraphicsProfiles
2016-06-15 15:20 - 2015-12-05 10:16 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-15 15:20 - 2015-10-22 03:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 15:17 - 2015-07-10 09:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 15:16 - 2015-07-10 09:20 - 00206344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 15:16 - 2015-07-10 08:02 - 00000000 ____D C:\Windows\INF
2016-06-15 15:15 - 2015-07-10 06:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-15 15:13 - 2015-07-10 08:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-15 13:34 - 2015-12-05 14:18 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 13:27 - 2015-12-05 14:18 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 11:19 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 04:55 - 2015-07-10 06:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-06-13 04:51 - 2016-05-09 15:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-10 12:40 - 2015-12-26 19:38 - 00000000 ____D C:\Monica
2016-06-09 17:42 - 2015-10-22 02:47 - 01810446 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-09 17:42 - 2015-07-16 16:14 - 00796654 _____ C:\Windows\system32\prfh0416.dat
2016-06-09 17:42 - 2015-07-16 16:14 - 00157592 _____ C:\Windows\system32\prfc0416.dat
2016-06-05 08:17 - 2016-01-23 22:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00000000 ____D C:\Program Files\paint.net
2016-06-02 18:51 - 2015-10-22 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-02 18:51 - 2015-10-22 03:13 - 00000000 ____D C:\Program Files\Dell
2016-06-02 17:12 - 2015-12-05 19:36 - 00000000 ____D C:\Carsten
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\ProgramData\McAfee
2016-05-27 14:40 - 2015-12-05 13:56 - 00000000 ____D C:\Users\cwege\AppData\Local\Adobe
2016-05-27 14:35 - 2015-10-22 03:07 - 00000000 ____D C:\Program Files\Intel
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-27 14:33 - 2016-05-12 23:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-27 13:46 - 2015-10-22 02:51 - 00000000 ____D C:\Windows\Panther
2016-05-27 13:42 - 2016-04-27 09:13 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-26 23:18 - 2015-12-12 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\Users\Todos os Usuários\Norton
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\ProgramData\Norton
2016-05-23 20:22 - 2015-12-05 10:24 - 00002371 _____ C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-21 14:36 - 2015-12-12 10:28 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-05-21 14:36 - 2015-12-12 10:28 - 00000000 ____D C:\ProgramData\Skype
2016-05-20 22:16 - 2016-02-24 10:01 - 00000168 _____ C:\Windows\SysWOW64\DLC_Debug_log.txt
2016-05-20 22:16 - 2015-10-22 02:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Arquivos na raiz de alguns diretórios =======

2015-12-11 18:40 - 2015-12-11 18:41 - 6557455 _____ () C:\Program Files (x86)\paint.net.4.0.6.install.zip
2016-01-10 15:33 - 2016-01-10 15:33 - 0003584 _____ () C:\Users\cwege\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-22 03:06 - 2015-10-22 03:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-22 03:05 - 2015-10-22 03:05 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-10-22 02:52 - 2015-10-22 02:53 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-10-22 03:00 - 2015-10-22 03:05 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-10-22 02:54 - 2015-10-22 02:59 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

Alguns arquivos em TEMP:
====================
C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-06-10 12:49

==================== Fim de FRST.txt ============================

Addition:

Code:

ATTFilter

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 19-06-2016 01
Executado por cwege (2016-06-19 19:08:43)
Executando a partir de C:\Users\cwege\Desktop
Windows 10 Home Single Language (X64) (2015-12-05 13:15:49)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-767966989-473913170-3455617934-500 - Administrator - Disabled)
Convidado (S-1-5-21-767966989-473913170-3455617934-501 - Limited - Disabled)
cwege (S-1-5-21-767966989-473913170-3455617934-1001 - Administrator - Enabled) => C:\Users\cwege
DefaultAccount (S-1-5-21-767966989-473913170-3455617934-503 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Norton Security com Backup (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security com Backup (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security com Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Any Video Converter 5.8.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AssinadorLivre (HKLM-x32\...\{369B7318-9434-4938-9595-58DB0200AD12}) (Version: 1.0.4 - PJERJ)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
calibre 64bit (HKLM\...\{D8905AF6-9F72-4BD8-BF37-51C5760B3CD5}) (Version: 2.48.0 - Kovid Goyal)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.2.131.1 - Intel Security)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Maxx Audio Installer (x64) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
Norton Security com Backup (HKLM-x32\...\NSBU) (Version: 22.6.0.142 - Symantec Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Product Registration (HKLM-x32\...\InstallShield_{C1600AC7-74E3-4BB5-8B42-B13653792252}) (Version: 2.2.38.0 - Dell Inc.)
Product Registration (Version: 2.2.38.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
SafeSign 64-bits (HKLM\...\{66913111-2F8A-4950-AA93-51C26182FC35}) (Version: 3.0.45 - A.E.T. Europe B.V.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Software de dispositivo do Chipset Intel® (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
XMedia Recode Version 3.2.7.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.7.0 - XMedia Recode)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-767966989-473913170-3455617934-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {264FB661-4391-4D9F-A35F-4E6C06CA8055} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2970D737-D999-4982-A443-2C425EB3EA50} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {2F886772-1DB0-43E7-BFE8-FA74CBC46C33} - System32\Tasks\VirusRemover => C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe [2016-06-11] (                                                            ) <==== ATENÇÃO
Task: {45BDA5A8-15A2-43ED-869F-79317DF5DD61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {496DC9B4-0DC2-4564-8818-0E4E0B7617DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {517C21EB-CCD2-47DC-B384-03D629929C07} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATENÇÃO
Task: {77F15C2A-F531-4241-9CDB-F3C1A7A0D055} - System32\Tasks\Norton Security with Backup\Norton Autofix => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {9DD8D688-1574-4CA6-97B2-250020773404} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security com Backup\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {9FEC4113-C748-43DC-BF09-125EB634F061} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A32E0AA3-54F3-4024-99AD-E6590AFAE95E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28] (Realtek Semiconductor)
Task: {A4E3AE10-29B3-461A-9FCA-63A245138564} - System32\Tasks\AdBlock => C:\Windows\AdBlock.exe [2016-06-11] (                                                            ) <==== ATENÇÃO
Task: {D136D80D-B0FE-4F7D-95FD-629F7AB8A9EF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-29] (Synaptics Incorporated)
Task: {D6BA068F-3D96-4AB5-9C07-D2E695BD8CAA} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {E0C4634E-BBF1-4418-9668-1601841297C2} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {E2DBFA14-A2AF-4C08-9451-A80F5ACA40CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EFFA3837-5636-4587-83BF-67ACB45BF3D5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {FE27E495-3669-4351-BC07-1184DB5CEC6A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2015-07-10 08:00 - 2015-07-10 08:00 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-10-22 02:58 - 2014-04-14 22:59 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00959168 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-10-22 03:12 - 2015-09-07 18:43 - 00395880 _____ () C:\Windows\system32\igfxTray.exe
2015-12-05 14:13 - 2015-09-17 02:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-05 14:13 - 2015-09-17 03:04 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-07-10 07:59 - 2015-07-10 07:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-08 21:00 - 2015-11-25 01:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-05 14:15 - 2015-09-17 02:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00306904 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00241368 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00118488 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00962264 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2016-05-13 17:15 - 2015-02-26 00:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-06-23 20:26 - 2015-06-23 20:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-24 05:07 - 2015-06-24 05:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00679624 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-26 10:26 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-26 10:26 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-05-27 16:19 - 2016-05-27 16:19 - 22345912 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-05-03 11:41 - 2016-05-03 11:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-05-03 11:41 - 2016-05-03 11:41 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ==========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2016-05-27 14:25 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-767966989-473913170-3455617934-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 89.248.166.149 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D177353D-E445-4C8E-9A75-E45E90F2704B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{DFDE7270-7B9C-489A-827C-696E9D9D84D9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{AE1224D1-DBA8-4D02-A1D5-18E47DC8815A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CF17050-B9D8-4213-9037-3FC25F2A6C8D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A8A3BBAF-89A3-4599-A6A3-E53A66529026}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5503F6A8-C4E8-4BBF-8C3F-83CD82B4C79F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFC754C6-488E-4C17-8508-33D5DD3FCC2A}] => (Allow) LPort=2869
FirewallRules: [{CC9DB1F8-AEE9-4806-9FFC-2EDC2B1EFB04}] => (Allow) LPort=1900

==================== Pontos de Restauração =========================

27-05-2016 14:34:04 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
03-06-2016 13:46:44 paint.net v4.0.9
13-06-2016 10:38:47 Ponto de Verificação Agendado
17-06-2016 04:53:37 Windows Update

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (06/19/2016 06:43:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (06/19/2016 06:42:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (06/19/2016 06:42:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (06/18/2016 01:22:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARSTEN-DELL344)
Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/17/2016 09:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: ShellExperienceHost.exe, versão: 10.0.10240.16766, carimbo de data/hora: 0x56e8dba8
Nome do módulo com falha: CoreUIComponents.dll, versão: 0.0.0.0, carimbo de data/hora: 0x56e8ccaf
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000000000060624
ID do processo com falha: 0x18a8
Hora de início do aplicativo com falha: 0xShellExperienceHost.exe0
Caminho do aplicativo com falha: ShellExperienceHost.exe1
Caminho do módulo com falha: ShellExperienceHost.exe2
ID do Relatório: ShellExperienceHost.exe3
Nome completo do pacote com falha: ShellExperienceHost.exe4
ID do aplicativo relativo ao pacote com falha: ShellExperienceHost.exe5

Error: (06/17/2016 07:54:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: plugin-container.exe, versão: 47.0.0.5999, carimbo de data/hora: 0x5753660e
Nome do módulo com falha: mozglue.dll, versão: 47.0.0.5999, carimbo de data/hora: 0x57535438
Código de exceção: 0x80000003
Deslocamento da falha: 0x0000f3ad
ID do processo com falha: 0x2a04
Hora de início do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
Caminho do módulo com falha: plugin-container.exe2
ID do Relatório: plugin-container.exe3
Nome completo do pacote com falha: plugin-container.exe4
ID do aplicativo relativo ao pacote com falha: plugin-container.exe5

Error: (06/17/2016 04:58:06 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6428) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/17/2016 04:58:06 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6428) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/17/2016 04:57:55 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6428) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/17/2016 04:57:55 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6428) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).


Erros de Sistema:
=============
Error: (06/19/2016 04:56:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1 = Função incorreta.


Error: (06/18/2016 01:22:15 PM) (Source: DCOM) (EventID: 10010) (User: CARSTEN-DELL344)
Description: App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca

Error: (06/17/2016 04:13:59 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/17/2016 04:12:42 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/17/2016 04:09:15 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/17/2016 04:09:14 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/17/2016 04:09:14 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/15/2016 03:21:42 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSERVIÇO LOCALS-1-5-19LocalHost (Usando LRPC)Não DisponívelNão Disponível

Error: (06/15/2016 03:17:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Service Installer TrueKey devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/15/2016 03:15:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Central de Segurança terminou com o erro: 
%%1747 = Serviço de autenticação desconhecido.



CodeIntegrity:
===================================
  Date: 2016-05-09 14:37:47.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:33.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:25.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:35:11.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentagem de memória em uso: 80%
RAM física total: 4000.18 MB
RAM física disponível: 782.22 MB
Virtual Total: 9114.15 MB
Virtual disponível: 1533.44 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.63 GB) (Free:753.56 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1157C999)

Partition: GPT.

==================== Fim de Addition.txt ============================

Norton Security:

Code:

ATTFilter

Categoria: Resultados da verificação
Data e hora,Risco,Atividade,Status,Tempo de verificação (d:h:m:s),Total de itens verificados,Arquivos e diretórios,Entradas do Registro,Itens de processos e inicialização,Itens de rede e navegador,Outros,Arquivos confiáveis,Arquivos ignorados,Total de riscos à segurança detectados,Total de riscos à segurança resolvidos,Total de riscos à segurança que exigem atenção
19/06/2016 12:04:31,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:05:57,"8,772","5,307",780,"1,876",803,6,705,0,0,0,0
18/06/2016 20:20:46,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:06:46,"8,772","5,309",780,"1,875",802,6,707,0,0,0,0
17/06/2016 20:19:40,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:05:47,"9,041","5,310",780,"2,145",800,6,708,0,0,0,0
17/06/2016 13:44:58,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:02:49,"8,575","5,276",780,"1,715",798,6,675,72,0,0,0
17/06/2016 06:08:56,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:02:55,"8,564","5,275",780,"1,705",798,6,674,72,0,0,0
16/06/2016 13:55:31,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:18,"8,675","5,301",780,"1,790",798,6,699,0,0,0,0
16/06/2016 04:47:24,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:19,"8,666","5,300",780,"1,782",798,6,698,0,0,0,0
15/06/2016 22:34:25,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:35,"8,686","5,302",780,"1,800",798,6,699,0,0,0,0
15/06/2016 12:52:04,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:33,"8,718","5,309",778,"1,827",798,6,709,0,0,0,0
15/06/2016 06:18:14,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:13,"8,717","5,311",778,"1,824",798,6,711,0,0,0,0
15/06/2016 00:32:24,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:05:20,"8,597","5,276",778,"1,739",798,6,681,72,0,0,0
14/06/2016 12:28:04,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:49,"9,034","5,306",778,"2,146",798,6,710,0,0,0,0
14/06/2016 05:15:53,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:04:18,"8,830","5,302",778,"1,946",798,6,705,0,0,0,0
13/06/2016 22:26:33,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:17,"8,823","5,302",778,"1,939",798,6,706,0,0,0,0
13/06/2016 17:43:09,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:02:42,"8,686","5,266",778,"1,840",796,6,677,74,0,0,0
13/06/2016 10:16:53,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:04:04,"8,548","5,270",778,"1,703",791,6,681,72,0,0,0


Categoria: Riscos à segurança resolvidos
Data e hora,Risco,Atividade,Status,Ação recomendada,Atividade
17/06/2016 15:24:20,Alto,bit2faf.tmp (Suspicious.Cloud.9.B) detectado por Auto-Protect,Em quarentena,Resolvido - Nenhuma ação necessária,Ações de ameaças executadas: 1


Categoria: Quarentena
Data e hora,Risco,Atividade,Status,Ação recomendada,Atividade
17/06/2016 15:24:20,Alto,bit2faf.tmp (Suspicious.Cloud.9.B) detectado por Auto-Protect,Em quarentena,Resolvido - Nenhuma ação necessária,Ações de ameaças executadas: 1


Categoria: Firewall - Rede e conexões
Data e hora,Risco,Atividade,Status,Ação recomendada,Categoria
19/06/2016 18:44:00,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Microsoft Teredo Tunneling Adapter\" (endereço IP: 2001::9d38:90d7:207e:1ac2:4c2d:f1c7).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:59,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Microsoft Teredo Tunneling Adapter\" (endereço IP: fe80::207e:1ac2:4c2d:f1c7%10).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:59,Informações,Endereço IP desapareceu do adaptador Microsoft Teredo Tunneling Adapter (endereço IP: fe80::30ed:1ac2:3f57:fffc%10).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:59,Informações,Endereço IP desapareceu do adaptador Microsoft Teredo Tunneling Adapter (endereço IP: 2001::9d38:90d7:30ed:1ac2:3f57:fffc).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:56,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Microsoft Teredo Tunneling Adapter\" (endereço IP: 2001::9d38:90d7:30ed:1ac2:3f57:fffc).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:56,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Microsoft Teredo Tunneling Adapter\" (endereço IP: fe80::30ed:1ac2:3f57:fffc%10).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:55,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Dell Wireless 1705 802.11b|g|n (2.4GHZ)\" (endereço IP: fe80::d565:5368:3e1c:d8ce%2).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:55,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Dell Wireless 1705 802.11b|g|n (2.4GHZ)\" (endereço IP: 192.168.0.3).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:50,Informações,Endereço IP desapareceu do adaptador Microsoft Teredo Tunneling Adapter (endereço IP: fe80::1cfc:367c:4c2d:f1c7%10).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:50,Informações,Endereço IP desapareceu do adaptador Microsoft Teredo Tunneling Adapter (endereço IP: 2001::5ef5:79fd:1cfc:367c:4c2d:f1c7).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:50,Informações,Endereço IP desapareceu do adaptador Dell Wireless 1705 802.11b|g|n (2.4GHZ) (endereço IP: fe80::d565:5368:3e1c:d8ce%2).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:50,Informações,Endereço IP desapareceu do adaptador Dell Wireless 1705 802.11b|g|n (2.4GHZ) (endereço IP: 192.168.0.3).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões


Categoria: Firewall - Atividades
Data e hora,Risco,Atividade,Status,Ação recomendada,Categoria,Nome do programa,Caminho do programa,Ação padrão,Ação tomada,Computador local,Descrição do tráfego
19/06/2016 19:06:30,Informações,Regras de firewall atualizadas  ,Detectado,Nenhuma ação necessária,Firewall - Atividades,,,,,,
19/06/2016 19:06:29,Informações,Foram criadas regras de firewall para o Farbar Recovery Scan Tool automaticamente.,Protegido,Nenhuma ação necessária,,Farbar Recovery Scan Tool,C:\Users\cwege\Desktop\FRST64.exe,Nenhuma ação necessária,Criar regras automaticamente,"192.168.0.3, 59673","Saída TCP, www-http"
19/06/2016 18:37:40,Informações,Regras de firewall atualizadas  ,Detectado,Nenhuma ação necessária,Firewall - Atividades,,,,,,
19/06/2016 18:37:37,Informações,Você permitiu o acesso aos seus recursos de rede pelo Setup/Uninstall.,Permitido,Nenhuma ação necessária,,Setup/Uninstall,C:\Users\cwege\AppData\Local\Temp\_iu14D2N.tmp,Nenhuma ação necessária,Permitir,"192.168.0.3, 57788","Saída TCP, https"


Categoria: Prevenção contra intrusões
Data e hora,Risco,Atividade,Status,Ação recomendada,Nome do alerta de IPS,Ação padrão,Ação tomada,Computador que está atacando,URL invasor,Endereço de destino,Endereço de origem,Descrição do tráfego
19/06/2016 19:02:14,Alto,Foi bloqueada uma tentativa de intrusão de

Koenntet Ihr mir bitte helfen und die Plagegeister wieder vertreiben?
Vielen Dank schon einmal,
Gruss, Carsten

burningice · 20.06.2016, 10:02

Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:

Bitte lies meine Posts komplett durch bevor du sie abarbeitest
Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
Bitte kein Crossposting
Installiere oder Deinstalliere keine Software ohne Aufforderung
Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
Wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!

Los geht's

hier gibt es in der Tat was zu tun.

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

cybercarsten · 20.06.2016, 15:26

Hallo Rafael,

danke, dass du dich des Problems angenommen hast.
Ich habe den Scan wie beschrieben durchgefuehrt. Beim ersten Mal wurde 1 Objekt gefunden, beim zweiten nichts mehr.
Leider besteht das Problem weiterhin.
Hier das Protokoll:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.06.20.03
  rootkit: v2016.05.27.01

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16942
cwege :: CARSTEN-DELL344 [administrator]

20/06/2016 08:46:20
mbar-log-2016-06-20 (08-46-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 305500
Time elapsed: 33 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{BA584971-3A74-491A-B30B-696F178BD8FA}|AutoConfigUrl (Hijack.AutoConfigURL.PrxySvrRST) -> Data: hxxp://unstops.org/wpad.dat?305f288e7dacdc3d1f6e3c8bb4792a2a9925909 -> Delete on reboot. [ce65da2591086cca99c8645e9c66da26]

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Viele Gruesse, Carsten

burningice · 20.06.2016, 15:51

Ja ich sehe auch woran das Problem liegt, das lässt sich allerdings nicht sofort in einem Schritt beheben.

Deshalb führe bitte zur Vorbereitung das folgende aus:

Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CMD: type "c:\Users\cwege\AppData\Roaming\Mozilla\Firefox\profiles.ini"
File: C:\Windows\SysWOW64\FAPF8D.tmp
File: C:\Windows\SysWOW64\FAP65C0.tmp

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

cybercarsten · 20.06.2016, 22:13

Hallo Rafael,

das ging schnell, vielleicht zu schnell?

Code:

ATTFilter

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 19-06-2016 01
Executado por cwege (2016-06-20 18:10:55) Run:2
Executando a partir de C:\Users\cwege\Desktop
Perfis Carregados: cwege (Perfis Disponíveis: cwege)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CMD: type "c:\Users\cwege\AppData\Roaming\Mozilla\Firefox\profiles.ini"
File: C:\Windows\SysWOW64\FAPF8D.tmp
File: C:\Windows\SysWOW64\FAP65C0.tmp
         
*****************


=========  type "c:\Users\cwege\AppData\Roaming\Mozilla\Firefox\profiles.ini" =========

[General]
StartWithLastProfile=1

[Profile0]
Name=default
IsRelative=1
Path=Profiles/qbtk1o0i.default


[Profile1]
Name=Firefox Default
IsRelative=1
Path=../../Profiles/41A66E7E5EE1
Default=1

========= Fim de CMD: =========


========================= File: C:\Windows\SysWOW64\FAPF8D.tmp ========================

Arquivo não assinado
MD5: 
Data de criação e modificação: 2016-06-07 18:15 - 2016-06-07 18:15
Tamanho: 0000000
Atributos: ----A
Nome Da Empresa: 
Interno Nome: 
Original Nome: 
Produto: 
Descrição: 
Arquivo Versão: 
Produto Versão: 
Copyright: 

====== Fim de File: ======


========================= File: C:\Windows\SysWOW64\FAP65C0.tmp ========================

Arquivo não assinado
MD5: 
Data de criação e modificação: 2016-06-07 07:47 - 2016-06-07 07:47
Tamanho: 0000000
Atributos: ----A
Nome Da Empresa: 
Interno Nome: 
Original Nome: 
Produto: 
Descrição: 
Arquivo Versão: 
Produto Versão: 
Copyright: 

====== Fim de File: ======


==== Fim de Fixlog 18:10:56 ====

Gruss,
Carsten

burningice · 21.06.2016, 00:02

nein super gemacht

Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

closeprocesses:
HKLM-x32\...\RunOnce: [systwin] => C:\Windows\systwin.exe [305980 2016-05-07] (                                                            )
C:\Windows\systwin.exe
HKLM-x32\...\RunOnce: [AdBlock2] => [X]
HKLM-x32\...\RunOnce: [AdBlock] => C:\Windows\AdBlock.exe [304211 2016-06-11] (                                                            )
cmd: dir C:\Windows
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}: [DhcpNameServer] 89.248.166.149 8.8.8.8
ManualProxies: 
C:\Windows\SysWOW64\FAP*.tmp
2016-06-06 13:59 - 2016-06-11 12:59 - 00304211 _____ ( ) C:\Windows\AdBlock.exe
emptytemp:
Task: {2F886772-1DB0-43E7-BFE8-FA74CBC46C33} - System32\Tasks\VirusRemover => C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe [2016-06-11] (                                                            ) <==== ATENÇÃO
Task: {517C21EB-CCD2-47DC-B384-03D629929C07} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATENÇÃO
Task: {A4E3AE10-29B3-461A-9FCA-63A245138564} - System32\Tasks\AdBlock => C:\Windows\AdBlock.exe [2016-06-11] (                                                            ) <==== ATENÇÃO
AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt: 2
Drücke bitte die

+ R Taste und schreibe folgendes in das Ausführen Fenster:

Code:

ATTFilter

c:\Users\cwege\AppData\Roaming\Mozilla\Firefox\

Du solltest im oben geannten Ordner landen. Öffne dort die profiles.ini in dem du sie mit einem Rechtsklick anwählst und auf "Bearbeiten" klickst.

Lösche nun alle Zeilen in der Datei, so dass sie danach so aussieht:

Code:

ATTFilter

[General]
StartWithLastProfile=1

[Profile0]
Name=default
IsRelative=1
Path=Profiles/qbtk1o0i.default

Speichere die Änderungen wie gewohnt, indem du entweder Strg + S drückst oder auf Datei/Speichern gehst.

Schritt: 3
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt: 4
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

cybercarsten · 21.06.2016, 01:41

Hallo Rafael,

das war schon mehr Arbeit. Hier sind die Protokolle:

Fixlog:

Code:

ATTFilter

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 19-06-2016 01
Executado por cwege (2016-06-20 20:15:09) Run:3
Executando a partir de C:\Users\cwege\Desktop
Perfis Carregados: cwege (Perfis Disponíveis: cwege)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
closeprocesses:
HKLM-x32\...\RunOnce: [systwin] => C:\Windows\systwin.exe [305980 2016-05-07] (                                                            )
C:\Windows\systwin.exe
HKLM-x32\...\RunOnce: [AdBlock2] => [X]
HKLM-x32\...\RunOnce: [AdBlock] => C:\Windows\AdBlock.exe [304211 2016-06-11] (                                                            )
cmd: dir C:\Windows
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}: [DhcpNameServer] 89.248.166.149 8.8.8.8
ManualProxies: 
C:\Windows\SysWOW64\FAP*.tmp
2016-06-06 13:59 - 2016-06-11 12:59 - 00304211 _____ ( ) C:\Windows\AdBlock.exe
emptytemp:
Task: {2F886772-1DB0-43E7-BFE8-FA74CBC46C33} - System32\Tasks\VirusRemover => C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe [2016-06-11] (                                                            ) <==== ATENÇÃO
Task: {517C21EB-CCD2-47DC-B384-03D629929C07} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATENÇÃO
Task: {A4E3AE10-29B3-461A-9FCA-63A245138564} - System32\Tasks\AdBlock => C:\Windows\AdBlock.exe [2016-06-11] (                                                            ) <==== ATENÇÃO
AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
hosts:
         
*****************

Processos fechados com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\systwin => valor removido (a) com sucesso.
C:\Windows\systwin.exe => movido com sucesso
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AdBlock2 => valor removido (a) com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\AdBlock => valor não encontrado (a).

=========  dir C:\Windows =========

 O volume na unidade C � OS
 O N�mero de S�rie do Volume � EA4E-E983

 Pasta de C:\Windows

20/06/2016  20:15    <DIR>          .
20/06/2016  20:15    <DIR>          ..
11/06/2016  12:59           304,211 AdBlock.exe
10/07/2015  08:04    <DIR>          addins
06/12/2015  08:41    <DIR>          appcompat
14/03/2016  06:30    <DIR>          AppPatch
20/06/2016  10:35    <DIR>          AppReadiness
10/07/2015  07:59            61,952 bfsvc.exe
10/07/2015  08:04    <DIR>          Boot
10/07/2015  08:04    <DIR>          Branding
17/06/2016  04:56    <DIR>          CbsTemp
22/10/2015  03:59             1,600 comsetup.log
10/07/2015  08:00            31,816 CoreSingleLanguage.xml
22/10/2015  02:53                12 csup.txt
10/07/2015  08:04    <DIR>          Cursors
27/12/2015  09:58    <DIR>          debug
10/07/2015  08:04    <DIR>          DesktopTileResources
05/12/2015  10:39    <DIR>          DevicesFlow
22/10/2015  04:16            17,593 diagerr.xml
10/07/2015  08:04    <DIR>          diagnostics
22/10/2015  04:16            15,243 diagwrn.xml
10/07/2015  10:19    <DIR>          DigitalLocker
26/12/2015  10:14               555 DirectX.log
05/12/2015  19:07            23,096 DPINST.LOG
22/10/2015  04:19             2,814 DtcInstall.log
16/07/2015  16:24    <DIR>          en-US
28/05/2016  02:02         4,532,304 explorer.exe
11/05/2016  20:12    <DIR>          Globalization
16/07/2015  16:13    <DIR>          Help
10/07/2015  08:00           994,816 HelpPane.exe
10/07/2015  08:00            18,432 hh.exe
16/07/2015  16:13    <DIR>          IME
05/12/2015  10:21    <DIR>          ImmersiveControlPanel
15/06/2016  15:16    <DIR>          INF
10/07/2015  08:04    <DIR>          InfusedApps
10/07/2015  08:04    <DIR>          InputMethod
05/12/2015  16:21    <DIR>          L2Schemas
19/05/2016  20:24    <DIR>          LiveKernelReports
11/05/2016  15:19    <DIR>          Logs
10/07/2015  09:20             1,340 lsasetup.log
12/05/2016  22:58       614,107,854 MEMORY.DMP
10/07/2015  07:59            43,131 mib.bin
20/06/2016  17:35    <DIR>          Microsoft.NET
10/07/2015  08:04    <DIR>          Migration
12/05/2016  22:59    <DIR>          Minidump
05/12/2015  10:22    <DIR>          MiracastView
10/07/2015  08:04    <DIR>          ModemLogs
22/10/2015  03:32           215,040 notepad.exe
05/12/2015  10:37    <DIR>          OCR
10/07/2015  08:04    <DIR>          Offline Web Pages
22/10/2015  03:11    <DIR>          Options
27/05/2016  13:46    <DIR>          Panther
26/12/2015  10:12    <DIR>          PCHEALTH
10/07/2015  08:04    <DIR>          Performance
13/06/2016  04:51           785,932 PFRO.log
10/07/2015  08:04    <DIR>          PLA
16/07/2015  16:13    <DIR>          PolicyDefinitions
20/06/2016  18:26    <DIR>          Prefetch
05/12/2015  10:22    <DIR>          PrintDialog
05/12/2015  16:21    <DIR>          Provisioning
16/07/2015  16:13    <DIR>          pt-BR
05/12/2015  16:21    <DIR>          PurchaseDialog
10/07/2015  07:59           156,160 regedit.exe
11/05/2016  20:05    <DIR>          registration
15/05/2016  09:45    <DIR>          rescache
10/07/2015  08:04    <DIR>          Resources
11/03/2015  23:04         2,825,944 RtlExUpd.dll
10/07/2015  08:04    <DIR>          SchCache
10/07/2015  08:04    <DIR>          schemas
10/07/2015  08:04    <DIR>          security
10/07/2015  09:20    <DIR>          ServiceProfiles
11/05/2016  20:12    <DIR>          servicing
22/10/2015  02:51    <DIR>          Setup
09/06/2016  17:38           202,682 setupact.log
22/10/2015  04:15             1,413 setuperr.log
10/07/2015  10:16    <DIR>          ShellNew
10/07/2015  10:13    <DIR>          SKB
05/12/2015  15:03    <DIR>          SoftwareDistribution
10/07/2015  08:04    <DIR>          Speech
10/07/2015  08:04    <DIR>          Speech_OneCore
10/07/2015  08:00           128,000 splwow64.exe
05/12/2015  19:07             1,448 Synaptics.log
10/07/2015  08:04    <DIR>          System
10/07/2015  08:02               219 system.ini
20/06/2016  17:54    <DIR>          System32
10/07/2015  10:16    <DIR>          SystemApps
10/07/2015  08:04    <DIR>          SystemResources
20/06/2016  10:25    <DIR>          SysWOW64
10/07/2015  08:04    <DIR>          TAPI
27/05/2016  14:23    <DIR>          Tasks
20/06/2016  17:54    <DIR>          Temp
10/07/2015  08:04    <DIR>          tracing
10/07/2015  08:04    <DIR>          twain_32
10/07/2015  08:01            60,416 twain_32.dll
10/07/2015  08:04    <DIR>          Vss
24/10/2012  16:23    <DIR>          Web
10/07/2015  08:02                92 win.ini
20/06/2016  17:27               275 WindowsUpdate.log
10/07/2015  08:00            10,240 winhlp32.exe
17/06/2016  04:56    <DIR>          WinSxS
05/02/2013  21:56           322,048 WLXPGSS.SCR
10/07/2015  08:00           316,640 WMSysPr9.prx
10/07/2015  08:00            11,264 write.exe
              32 arquivo(s)    625,194,582 bytes
              71 pasta(s)   808,341,241,856 bytes dispon�veis

========= Fim de CMD: =========

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => valor removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}\\DhcpNameServer => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => valor removido (a) com sucesso.

=========== "C:\Windows\SysWOW64\FAP*.tmp" ==========

C:\Windows\SysWOW64\FAP107C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1838.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP18BC.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1953.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1A16.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1B48.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1BB7.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1BE8.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1BEA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1C28.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1DCF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1E1E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1EAD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1EEE.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP1F2E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP201E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP20A1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP20FA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP222C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP228C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP22F6.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP23F2.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP24CE.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP252D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP255C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP2922.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP29A9.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP2AED.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP2BDA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP2C3A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP2D79.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP2DF8.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP2FCC.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP30AF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP31B9.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3456.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3472.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3523.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP356E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3574.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3578.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP35E3.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3607.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3624.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3654.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3689.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3720.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3B0E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3B48.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3D89.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3D8D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3E36.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3E4E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3E79.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3EC4.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3F23.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3F2B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3F69.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3FDD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP3FE8.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP409E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP40D1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP416D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP41D9.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP421A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4258.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP426B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP42BB.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP42FB.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP451F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4520.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP458F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP45D0.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP461.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4610.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4670.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4674.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP46B1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP46C6.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP46F1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP46F9.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4732.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP479C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4805.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4915.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP49BF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP49F8.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4A27.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4A85.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4B23.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4B62.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4BC0.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4C5E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4D1A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4D67.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP4F9E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP503E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5178.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP529D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5416.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5433.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP55C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP575B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5832.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5848.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5BF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5D47.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5D8D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5ECE.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP5FF9.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6035.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6112.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP619A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP629E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP633.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP63AA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP63FD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6414.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP64C2.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6522.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP65C0.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP65D7.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6611.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP662F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP669F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP66EF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP66FD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP672E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP675E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP676E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP67DD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP67DE.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6817.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6848.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP684C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP687B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6898.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP689F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP68C9.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP68CB.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP691C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP698B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP69FA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6A22.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6A2F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6A42.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6A66.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6ADD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6B5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6BBA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6C5D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6D3C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6E6.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6E91.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6F5C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP6FE2.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP70E7.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP7164.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP717.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP71D4.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP72FF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP735E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP7372.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP73ED.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP73F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP743D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP749D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP749E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP750C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP757.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP757C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP75A6.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP761A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP767A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP769A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP7766.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP77B6.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP78B2.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP7CED.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP7E21.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP7E37.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP7FDF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8013.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8196.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP819C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8237.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8241.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP824D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP825.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP82BC.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP82F5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8356.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP83FA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8515.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP871.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP87A1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8908.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP89A7.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP89F7.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8A23.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8B35.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8BB6.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8BED.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8C41.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8C74.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8CFE.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP8D3.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP90A0.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP90EF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP919.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9304.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9345.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9395.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP93D5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9477.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9535.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP96CB.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP972C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9776.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9814.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9815.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP988D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP994A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9A32.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9C1D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9C47.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9CC9.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9D48.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9E80.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9E9E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9EB1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9ED5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9EF1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9F32.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9F64.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9FD0.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9FEB.tmp => movido com sucesso
C:\Windows\SysWOW64\FAP9FF2.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA024.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA145.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA224.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA349.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA3F4.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA67B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA686.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA733.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA852.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA883.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA8A0.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA8B5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA8C4.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA904.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA9B6.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA9F0.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPA9F7.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPAA37.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPAA68.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPAAC8.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPABB1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPAC05.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPAC85.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPACE1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPAD80.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPADDA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPAEB6.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPAEFD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB0.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB154.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB202.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB21E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB4FF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB55F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB62E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB7EC.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB80A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPB964.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPBB19.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPBE39.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPBF03.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPBF24.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPBFCB.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC01E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC0E5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC105.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC149.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC174.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC1B5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC234.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC274.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC2A5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC34A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC3C7.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC4D3.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC581.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC61F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC67F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC6DF.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC79C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC80B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC87B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC919.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC93C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC988.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC9E8.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPC9E9.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPCA6C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPCA8A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPCA96.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPCACC.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPCB0C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPCB44.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPCB5D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPCC60.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPCDC3.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD1B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD1DD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD1E4.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD2CA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD30A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD35A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD362.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD38B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD3FB.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD42B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD447.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD46E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD4A2.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD536.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD674.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPD985.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPDA44.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPDB11.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPDC37.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPDCE5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPE0D5.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPE192.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPE1AA.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPE2B6.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPE72A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPE734.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPE9D2.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPEB9F.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPED16.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPEDA1.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF1E.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF3B9.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF3CD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF40A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF43A.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF46B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF555.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF5C3.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF5F4.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF625.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF675.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF6FB.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF77B.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF8D.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF930.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPF9EE.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPFA7C.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPFAAD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPFAFD.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPFB94.tmp => movido com sucesso
C:\Windows\SysWOW64\FAPFE64.tmp => movido com sucesso

========= Fim -> "C:\Windows\SysWOW64\FAP*.tmp" ========

C:\Windows\AdBlock.exe => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F886772-1DB0-43E7-BFE8-FA74CBC46C33}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F886772-1DB0-43E7-BFE8-FA74CBC46C33}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\VirusRemover => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VirusRemover" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{517C21EB-CCD2-47DC-B384-03D629929C07}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517C21EB-CCD2-47DC-B384-03D629929C07}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4E3AE10-29B3-461A-9FCA-63A245138564}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4E3AE10-29B3-461A-9FCA-63A245138564}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\AdBlock => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdBlock" => chave removido (a) com sucesso.
"C:\Users\cwege\Documents\familia avo.jpg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS não encontrado (a).
C:\Users\cwege\Documents\familia avo.jpg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removido (a) com sucesso..
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 294349 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 72590935 B
Java, Flash, Steam htmlcache => 22780 B
Windows/system/drivers => 45412642 B
Edge => 109701416 B
Chrome => 0 B
Firefox => 30711903 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 150371 B
systemprofile32 => 0 B
LocalService => 4540100 B
NetworkService => 22908 B
cwege => 124257090 B

RecycleBin => 1529064446 B
EmptyTemp: => 1.8 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 20:30:21 ====

AdwareCleaner (2x, weil ich beim ersten Mal nicht alle 5 Haekchen gesetzt hatte:

Code:

ATTFilter

# AdwCleaner v5.200 - Relatório criado 20/06/2016 às 20:46:16
# Atualizado 14/06/2016 por ToolsLib
# Banco de dados : 2016-06-20.3 [Servidor]
# Sistema operacional : Windows 10 Home Single Language  (X64)
# Usuário : cwege - CARSTEN-DELL344
# Executando de : C:\Users\cwege\Desktop\AdwCleaner_5.200.exe
# Opção : Limpar
# Apoio : https://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****

[-] Pasta Excluído : C:\Users\Public\Documents\dmp
[-] Pasta Excluído : C:\Users\cwege\AppData\Roaming\Profiles\41A66E7E5EE1

***** [ Arquivos ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

[-] Chave Excluída : HKCU\Software\INSTALLPATH\STATUS
[-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mpc.am
[-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.mpc.am
[-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mpc.am
[-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.mpc.am

***** [ Navegadores ] *****


*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2198 bytes] - [14/05/2016 15:56:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [1893 bytes] - [20/06/2016 20:46:16]
C:\AdwCleaner\AdwCleaner[S1].txt - [1005 bytes] - [22/03/2016 10:23:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [1079 bytes] - [22/03/2016 11:03:28]
C:\AdwCleaner\AdwCleaner[S3].txt - [2247 bytes] - [14/05/2016 15:50:49]
C:\AdwCleaner\AdwCleaner[S4].txt - [2239 bytes] - [20/06/2016 20:43:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2258 bytes] ##########

Code:

ATTFilter

# AdwCleaner v5.200 - Relatório criado 20/06/2016 às 21:03:50
# Atualizado 14/06/2016 por ToolsLib
# Banco de dados : 2016-06-20.3 [Servidor]
# Sistema operacional : Windows 10 Home Single Language  (X64)
# Usuário : cwege - CARSTEN-DELL344
# Executando de : C:\Users\cwege\Desktop\AdwCleaner_5.200.exe
# Opção : Limpar
# Apoio : https://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****


***** [ Arquivos ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****


*************************

:: Chaves "Tracing" excluídas
:: Configurações Proxy restauradas
:: Configurações Winsock restauradas
:: Políticas do IE excluídas
:: Políticas do Chrome excluídas

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2198 bytes] - [14/05/2016 15:56:58]
C:\AdwCleaner\AdwCleaner[C2].txt - [2337 bytes] - [20/06/2016 20:46:16]
C:\AdwCleaner\AdwCleaner[C3].txt - [1027 bytes] - [20/06/2016 21:03:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [1005 bytes] - [22/03/2016 10:23:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [1079 bytes] - [22/03/2016 11:03:28]
C:\AdwCleaner\AdwCleaner[S3].txt - [2247 bytes] - [14/05/2016 15:50:49]
C:\AdwCleaner\AdwCleaner[S4].txt - [2239 bytes] - [20/06/2016 20:43:37]
C:\AdwCleaner\AdwCleaner[S5].txt - [1264 bytes] - [20/06/2016 21:02:23]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1465 bytes] ##########

Und noch FRST:

Code:

ATTFilter

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19-06-2016 01
Executado por cwege (administrador) em CARSTEN-DELL344 (20-06-2016 21:24:30)
Executando a partir de C:\Users\cwege\Desktop
Perfis Carregados: cwege (Perfis Disponíveis: cwege)
Platform: Windows 10 Home Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8468184 2015-05-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Dell Inc.)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [191488 2011-04-20] (A.E.T. Europe B.V.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-767966989-473913170-3455617934-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{816b9e62-21bd-40c3-b5ce-43e337bdf71c}: [DhcpNameServer] 192.168.254.254
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> DefaultScope {67AD6316-7576-41A2-9EBB-003E44D9FEB9} URL = 
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> {B365B296-1A28-4108-A050-7C52624DA174} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20160101&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-12-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-12-09] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\cwege\AppData\Roaming\Mozilla\Firefox\Profiles\qbtk1o0i.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\cwege\AppData\Roaming\Mozilla\Firefox\Profiles\qbtk1o0i.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon [2016-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon

Chrome: 
=======
CHR Profile: C:\Users\cwege\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows (R) Win 7 DDK provider)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [87888 2016-05-03] ()
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Arquivo não assinado]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Arquivo não assinado]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe [289080 2016-02-26] (Symantec Corporation)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-05-26] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [886096 2016-06-03] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-06-03] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-06-03] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [Arquivo não assinado]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [Arquivo não assinado]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [Arquivo não assinado]
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4301304 2015-05-18] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\BASHDefs\20160613.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1606000.08E\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\IPSDefs\20160617.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160620.002\ENG64.SYS [138456 2016-06-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160620.002\EX64.SYS [2148056 2016-06-15] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [48296 2015-05-29] (Synaptics Incorporated)
S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-20 21:08 - 2016-06-20 21:08 - 00001547 _____ C:\Users\cwege\Desktop\AdwCleaner[C3].txt
2016-06-20 21:07 - 2016-06-20 21:07 - 00016148 _____ C:\Windows\system32\CARSTEN-DELL344_cwege_HistoryPrediction.bin
2016-06-20 20:50 - 2016-06-20 20:50 - 00002340 _____ C:\Users\cwege\Desktop\AdwCleaner[C2].txt
2016-06-20 20:18 - 2016-06-20 20:27 - 00003680 _____ C:\Windows\System32\Tasks\VirusRemover
2016-06-20 18:08 - 2016-06-20 20:30 - 00030696 _____ C:\Users\cwege\Desktop\Fixlog.txt
2016-06-20 18:06 - 2016-06-20 18:08 - 02387456 _____ (Farbar) C:\Users\cwege\Desktop\FRST64.exe
2016-06-20 08:46 - 2016-06-20 20:31 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable)
2016-06-20 08:46 - 2016-06-20 20:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-20 08:46 - 2016-06-20 10:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-20 08:44 - 2016-06-20 10:40 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-20 08:43 - 2016-06-20 08:43 - 00000000 ____D C:\Users\cwege\Desktop\mbar-1.09.3.1001
2016-06-20 08:39 - 2016-06-20 08:40 - 16563352 _____ (Malwarebytes Corp.) C:\Users\cwege\Desktop\mbar-1.09.3.1001.exe
2016-06-19 19:14 - 2016-06-19 19:25 - 00483740 _____ C:\Users\cwege\Desktop\Histórico recente.txt
2016-06-19 19:08 - 2016-06-19 19:11 - 00032870 _____ C:\Users\cwege\Desktop\Addition.txt
2016-06-19 19:06 - 2016-06-20 21:25 - 00020548 _____ C:\Users\cwege\Desktop\FRST.txt
2016-06-19 19:06 - 2016-06-20 21:24 - 00000000 ____D C:\FRST
2016-06-19 18:42 - 2016-06-19 18:42 - 02870984 _____ (ESET) C:\Users\cwege\Desktop\esetsmartinstaller_deu(1).exe
2016-06-19 18:40 - 2016-06-19 18:40 - 00165376 _____ C:\Users\cwege\Desktop\SystemLook_x64.exe
2016-06-19 18:39 - 2016-06-19 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\cwege\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-19 18:36 - 2016-06-20 20:43 - 03703360 _____ C:\Users\cwege\Desktop\AdwCleaner_5.200.exe
2016-06-17 11:41 - 2016-06-17 11:41 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-15 12:44 - 2016-05-28 02:02 - 06488312 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 02543784 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 01591304 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:52 - 22326760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 12:44 - 2016-05-28 01:39 - 01365584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:38 - 05118024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 01:35 - 02188472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 01:08 - 21860352 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 01:07 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 12:44 - 2016-05-28 01:00 - 01336832 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 06788096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:56 - 12511232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:53 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:51 - 02119680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:51 - 01603584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:49 - 19330560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 12:44 - 2016-05-28 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 03584000 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-15 12:44 - 2016-05-28 00:44 - 04793344 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:44 - 00737792 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 12:44 - 2016-05-28 00:41 - 05160960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:40 - 18797568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 00:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:36 - 01383424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:35 - 02042368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:32 - 03580928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:31 - 11268096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:30 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:29 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 12:43 - 2016-05-28 02:02 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00601344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00432360 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00421536 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00158048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00113144 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 02:00 - 00327520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-15 12:43 - 2016-05-28 02:00 - 00203496 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00363872 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00131208 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:54 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 03625416 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 00026464 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00613120 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 12:43 - 2016-05-28 01:39 - 00952968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 00365128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00372368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00306528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00112632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:28 - 00467296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 20861984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 02880560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:21 - 00545400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:21 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:11 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-15 12:43 - 2016-05-28 01:09 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 00672256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-06-15 12:43 - 2016-05-28 00:57 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 12:43 - 2016-05-28 00:54 - 00282112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 00:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:52 - 02663424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:51 - 02848256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:44 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-15 12:43 - 2016-05-28 00:44 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:43 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 12:43 - 2016-05-28 00:41 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 12:43 - 2016-05-28 00:40 - 00672768 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 01821696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:37 - 02315776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00679936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-15 12:43 - 2016-05-28 00:29 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:25 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-06-07 14:09 - 2016-06-13 04:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-03 18:43 - 2016-06-03 18:43 - 00875192 _____ (Amazon) C:\Users\cwege\Downloads\AmazonCloudDriveSetup.exe
2016-06-03 13:48 - 2016-06-03 13:48 - 00001086 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-05-27 14:37 - 2016-06-08 06:15 - 00000000 ____D C:\Users\cwege\AppData\Local\tkdata
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Users\Todos os Usuários\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\ProgramData\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-05-27 14:35 - 2016-06-19 16:56 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00001227 _____ C:\Users\Public\Desktop\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00000000 ____D C:\Program Files\Intel Security
2016-05-27 14:33 - 2016-06-20 10:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-27 14:33 - 2016-05-28 02:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-05-27 14:27 - 2016-05-27 14:27 - 00000000 ____D C:\Users\cwege\AppData\Local\Macromedia
2016-05-27 14:25 - 2016-05-27 14:23 - 00000030 _____ C:\AVScanner.ini
2016-05-27 14:23 - 2016-06-20 20:41 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 14:23 - 2016-06-20 10:25 - 00000000 ____D C:\Program Files\TrueKey
2016-05-27 14:23 - 2016-06-17 11:41 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-26 10:07 - 2016-05-26 10:23 - 00000000 ____D C:\Users\cwege\AppData\Local\NPE
2016-05-23 20:22 - 2016-06-20 10:28 - 00000000 ___HD C:\OneDriveTemp

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-20 21:20 - 2015-12-12 10:29 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Skype
2016-06-20 21:10 - 2016-05-12 23:08 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2016-06-20 21:07 - 2015-12-05 10:24 - 00000000 ___RD C:\Users\cwege\OneDrive
2016-06-20 21:07 - 2015-12-05 10:21 - 00000000 __SHD C:\Users\cwege\IntelGraphicsProfiles
2016-06-20 21:07 - 2015-12-05 10:16 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-20 21:05 - 2015-07-10 09:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-20 21:04 - 2015-07-10 06:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-20 21:03 - 2016-03-22 10:23 - 00000000 ____D C:\AdwCleaner
2016-06-20 20:40 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-20 20:40 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\AppReadiness
2016-06-20 20:18 - 2015-12-16 11:02 - 00000000 ____D C:\Users\cwege\AppData\LocalLow\Temp
2016-06-20 18:15 - 2015-12-05 19:36 - 00000000 ____D C:\Carsten
2016-06-20 16:27 - 2015-12-05 14:01 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F7C92D93-B2FB-4112-A628-A72D18F1E197}
2016-06-20 15:39 - 2015-12-05 17:41 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-06-20 15:39 - 2015-12-05 10:24 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-06-20 15:39 - 2015-10-22 03:21 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-06-20 10:40 - 2015-10-22 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-20 10:40 - 2015-10-22 03:13 - 00000000 ____D C:\Users\Todos os Usuários\Dell
2016-06-20 10:40 - 2015-10-22 03:13 - 00000000 ____D C:\ProgramData\Dell
2016-06-20 10:40 - 2015-10-22 03:13 - 00000000 ____D C:\Program Files\Dell
2016-06-20 10:40 - 2015-10-22 02:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-20 10:38 - 2015-12-12 10:28 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-06-20 10:38 - 2015-12-12 10:28 - 00000000 ____D C:\ProgramData\Skype
2016-06-20 10:30 - 2015-07-10 06:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-06-20 08:46 - 2016-05-09 14:59 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-06-20 08:46 - 2016-05-09 14:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-19 18:40 - 2016-05-14 16:05 - 01610816 _____ (Malwarebytes) C:\Users\cwege\Desktop\JRT.exe
2016-06-18 12:05 - 2015-12-16 11:00 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Nitro PDF
2016-06-17 09:06 - 2016-05-16 20:35 - 00000000 ____D C:\Users\cwege\AppData\Local\CrashDumps
2016-06-17 04:56 - 2015-07-10 07:55 - 00000000 ____D C:\Windows\CbsTemp
2016-06-16 19:37 - 2015-12-05 16:29 - 00000000 ___RD C:\Users\cwege\Documents\Scanned Documents
2016-06-15 15:20 - 2015-10-22 03:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 15:16 - 2015-07-10 09:20 - 00206344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 15:16 - 2015-07-10 08:02 - 00000000 ____D C:\Windows\INF
2016-06-15 15:13 - 2015-07-10 08:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-15 13:34 - 2015-12-05 14:18 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 13:27 - 2015-12-05 14:18 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 11:19 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 04:51 - 2016-05-09 15:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-10 12:40 - 2015-12-26 19:38 - 00000000 ____D C:\Monica
2016-06-09 17:42 - 2015-10-22 02:47 - 01810446 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-09 17:42 - 2015-07-16 16:14 - 00796654 _____ C:\Windows\system32\prfh0416.dat
2016-06-09 17:42 - 2015-07-16 16:14 - 00157592 _____ C:\Windows\system32\prfc0416.dat
2016-06-05 08:17 - 2016-01-23 22:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00000000 ____D C:\Program Files\paint.net
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\ProgramData\McAfee
2016-05-27 14:40 - 2015-12-05 13:56 - 00000000 ____D C:\Users\cwege\AppData\Local\Adobe
2016-05-27 14:35 - 2015-10-22 03:07 - 00000000 ____D C:\Program Files\Intel
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-27 14:33 - 2016-05-12 23:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-27 13:46 - 2015-10-22 02:51 - 00000000 ____D C:\Windows\Panther
2016-05-27 13:42 - 2016-04-27 09:13 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-26 23:18 - 2015-12-12 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\Users\Todos os Usuários\Norton
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\ProgramData\Norton
2016-05-23 20:22 - 2015-12-05 10:24 - 00002371 _____ C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Arquivos na raiz de alguns diretórios =======

2015-12-11 18:40 - 2015-12-11 18:41 - 6557455 _____ () C:\Program Files (x86)\paint.net.4.0.6.install.zip
2016-01-10 15:33 - 2016-01-10 15:33 - 0003584 _____ () C:\Users\cwege\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-22 03:06 - 2015-10-22 03:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-22 03:05 - 2015-10-22 03:05 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-10-22 02:52 - 2015-10-22 02:53 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-10-22 03:00 - 2015-10-22 03:05 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-10-22 02:54 - 2015-10-22 02:59 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

Alguns arquivos em TEMP:
====================
C:\Users\cwege\AppData\Local\Temp\libeay32.dll
C:\Users\cwege\AppData\Local\Temp\msvcr120.dll
C:\Users\cwege\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-06-10 12:49

==================== Fim de FRST.txt ============================

Addition:

Code:

ATTFilter

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 19-06-2016 01
Executado por cwege (2016-06-20 21:25:40)
Executando a partir de C:\Users\cwege\Desktop
Windows 10 Home Single Language (X64) (2015-12-05 13:15:49)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-767966989-473913170-3455617934-500 - Administrator - Disabled)
Convidado (S-1-5-21-767966989-473913170-3455617934-501 - Limited - Disabled)
cwege (S-1-5-21-767966989-473913170-3455617934-1001 - Administrator - Enabled) => C:\Users\cwege
DefaultAccount (S-1-5-21-767966989-473913170-3455617934-503 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Norton Security com Backup (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security com Backup (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security com Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Any Video Converter 5.8.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AssinadorLivre (HKLM-x32\...\{369B7318-9434-4938-9595-58DB0200AD12}) (Version: 1.0.4 - PJERJ)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
calibre 64bit (HKLM\...\{D8905AF6-9F72-4BD8-BF37-51C5760B3CD5}) (Version: 2.48.0 - Kovid Goyal)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{694AFFC3-93D4-4049-AF26-78739488EB4D}) (Version: 3.0.97.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.2.131.1 - Intel Security)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Maxx Audio Installer (x64) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
Norton Security com Backup (HKLM-x32\...\NSBU) (Version: 22.6.0.142 - Symantec Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Product Registration (Version: 3.0.97.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
SafeSign 64-bits (HKLM\...\{66913111-2F8A-4950-AA93-51C26182FC35}) (Version: 3.0.45 - A.E.T. Europe B.V.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Software de dispositivo do Chipset Intel® (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
XMedia Recode Version 3.2.7.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.7.0 - XMedia Recode)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-767966989-473913170-3455617934-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {264FB661-4391-4D9F-A35F-4E6C06CA8055} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2970D737-D999-4982-A443-2C425EB3EA50} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {45BDA5A8-15A2-43ED-869F-79317DF5DD61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {496DC9B4-0DC2-4564-8818-0E4E0B7617DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {7D2EF843-50F8-4081-8FEE-197552ABBA41} - System32\Tasks\Norton Security with Backup\Norton Autofix => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {9DD8D688-1574-4CA6-97B2-250020773404} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security com Backup\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {9FEC4113-C748-43DC-BF09-125EB634F061} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A32E0AA3-54F3-4024-99AD-E6590AFAE95E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28] (Realtek Semiconductor)
Task: {D136D80D-B0FE-4F7D-95FD-629F7AB8A9EF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-29] (Synaptics Incorporated)
Task: {D6BA068F-3D96-4AB5-9C07-D2E695BD8CAA} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {E0C4634E-BBF1-4418-9668-1601841297C2} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {E2DBFA14-A2AF-4C08-9451-A80F5ACA40CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EFFA3837-5636-4587-83BF-67ACB45BF3D5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {FE27E495-3669-4351-BC07-1184DB5CEC6A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)
Task: {FE32A2A9-212A-4CC5-A39E-30827EA58BD8} - System32\Tasks\VirusRemover => C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe <==== ATENÇÃO

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2015-07-10 08:00 - 2015-07-10 08:00 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-05-19 13:11 - 2015-05-19 13:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2015-10-22 02:58 - 2014-04-14 22:59 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00959168 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-10-22 03:12 - 2015-09-07 18:43 - 00395880 _____ () C:\Windows\system32\igfxTray.exe
2015-12-05 14:13 - 2015-09-17 02:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2015-12-08 21:00 - 2015-11-25 01:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-05 14:15 - 2015-09-17 02:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00306904 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00241368 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00118488 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00962264 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2016-05-13 17:15 - 2015-02-26 00:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00679624 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-26 10:26 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-26 10:26 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-10-22 02:53 - 2014-12-08 04:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 19:28 - 2014-12-08 19:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2015-06-23 20:26 - 2015-06-23 20:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-24 05:07 - 2015-06-24 05:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:3or4kl4x13tuuug3Byamue2s4b [83]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2016-06-20 20:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-767966989-473913170-3455617934-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 89.248.166.149 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D177353D-E445-4C8E-9A75-E45E90F2704B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{DFDE7270-7B9C-489A-827C-696E9D9D84D9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{AE1224D1-DBA8-4D02-A1D5-18E47DC8815A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CF17050-B9D8-4213-9037-3FC25F2A6C8D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A8A3BBAF-89A3-4599-A6A3-E53A66529026}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5503F6A8-C4E8-4BBF-8C3F-83CD82B4C79F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFC754C6-488E-4C17-8508-33D5DD3FCC2A}] => (Allow) LPort=2869
FirewallRules: [{CC9DB1F8-AEE9-4806-9FFC-2EDC2B1EFB04}] => (Allow) LPort=1900

==================== Pontos de Restauração =========================

27-05-2016 14:34:04 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
03-06-2016 13:46:44 paint.net v4.0.9
13-06-2016 10:38:47 Ponto de Verificação Agendado
17-06-2016 04:53:37 Windows Update
20-06-2016 10:23:06 Malwarebytes Anti-Rootkit Restore Point

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (06/20/2016 09:11:14 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5916) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/20/2016 09:11:14 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5916) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/20/2016 09:11:04 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5916) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/20/2016 09:11:04 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5916) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/20/2016 09:10:54 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5916) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/20/2016 09:10:54 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5916) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/20/2016 09:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa SearchUI.exe versão 10.0.10240.16603 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle Segurança e Manutenção.

ID do Processo: 16ac

Hora de Início: 01d1cb50dd36a088

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

ID do Relatório: 9543d743-3744-11e6-9c00-3417ebfff34f

Nome completo do pacote com falha: Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy

ID do aplicativo relativo ao pacote com falha: CortanaUI

Error: (06/20/2016 09:10:43 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5916) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/20/2016 09:10:43 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5916) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/20/2016 09:10:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: CARSTEN-DELL344)
Description: O pacote Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI foi terminado porque levou muito tempo para ser suspenso.


Erros de Sistema:
=============
Error: (06/20/2016 09:05:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Service Installer TrueKey devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/20/2016 09:04:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Windows Search devido ao seguinte erro: 
%%1069 = Não foi possível iniciar o serviço devido a uma falha de logon.


Error: (06/20/2016 09:04:18 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: O serviço WSearch não pôde fazer logon como NT AUTHORITY\SYSTEM com a senha configurada atualmente devido ao seguinte erro: 
%%50 = Não há suporte para o pedido.


Para verificar se o serviço está configurado corretamente, use o snap-in de Serviços do Console de Gerenciamento Microsoft.

Error: (06/20/2016 09:04:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)
Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente.

Caminho do Módulo: C:\Windows\system32\athihvs.dll

Error: (06/20/2016 09:04:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)
Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente.

Caminho do Módulo: C:\Windows\system32\athihvs.dll

Error: (06/20/2016 09:04:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)
Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente.

Caminho do Módulo: C:\Windows\system32\athihvs.dll

Error: (06/20/2016 09:04:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Acesso a Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/20/2016 09:04:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Armazenamento de Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/20/2016 09:04:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Dados de Contato_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/20/2016 09:04:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.


CodeIntegrity:
===================================
  Date: 2016-05-09 14:37:47.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:33.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:25.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:35:11.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentagem de memória em uso: 58%
RAM física total: 4000.18 MB
RAM física disponível: 1677.59 MB
Virtual Total: 8352.18 MB
Virtual disponível: 5593.72 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.63 GB) (Free:754.58 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1157C999)

Partition: GPT.

==================== Fim de Addition.txt ============================

Die Probleme sind deutlich geringer, keine wilden neuen Tabs mehr, nur noch Pop-ups (viele russische?), die beim Wegklicken ein neues Browserfenster oeffnen. Normal?
Kann ich den Ad-Blocker fuer Firefox wieder installieren?

Viele Gruesse,
Carsten

burningice · 21.06.2016, 10:18

Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

closeprocesses:
cmd: powershell Get-DNSClientServerAddress
Task: {FE32A2A9-212A-4CC5-A39E-30827EA58BD8} - System32\Tasks\VirusRemover => C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe <==== ATENÇÃO
C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}: [DhcpNameServer] 89.248.166.149 8.8.8.8
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt: 2

Starte bitte wieder Malwarebytes Anti-Malware

Klicke auf die Einstellungen / Erkennung und Schutz und setze dabei den Haken bei "Nach Rootkits suchen"
Klicke im Anschluss auf Dashboard und klicke unter dem Punkt Datenbankversion auf "Jetzt aktualisieren"
Wechsle zum Reiter Scannen und wähle den Bedrohungssuchlauf aus und klicke im Anschluss auf Suchlauf starten
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlaufprotokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt: 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

cybercarsten · 21.06.2016, 15:58

Hallo Rafael,

alles erledigt. Hier die Protokolle:

Fixlog:

Code:

ATTFilter

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 19-06-2016 01
Executado por cwege (2016-06-21 10:48:58) Run:4
Executando a partir de C:\Users\cwege\Desktop
Perfis Carregados: cwege (Perfis Disponíveis: cwege)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
closeprocesses:
cmd: powershell Get-DNSClientServerAddress
Task: {FE32A2A9-212A-4CC5-A39E-30827EA58BD8} - System32\Tasks\VirusRemover => C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe <==== ATENÇÃO
C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}: [DhcpNameServer] 89.248.166.149 8.8.8.8
cmd: ipconfig /release
cmd: ipconfig /renew
cmd: ipconfig /flushdns
emptytemp:
         
*****************

Processos fechados com sucesso.

=========  powershell Get-DNSClientServerAddress =========


InterfaceAlias               Interface Address ServerAddresses                                                         
                             Index     Family                                                                          
--------------               --------- ------- ---------------                                                         
Ethernet                             6 IPv4    {192.168.254.254}                                                       
Ethernet                             6 IPv6    {}                                                                      
Conex�o Local* 1                     3 IPv4    {}                                                                      
Conex�o Local* 1                     3 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}                  
Wi-Fi                                2 IPv4    {89.248.166.149, 8.8.8.8}                                               
Wi-Fi                                2 IPv6    {}                                                                      
Loopback Pseudo-Interface 1          1 IPv4    {}                                                                      
Loopback Pseudo-Interface 1          1 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}                  
Conex�o Local* 3                    11 IPv4    {}                                                                      
Conex�o Local* 3                    11 IPv6    {}                                                                      
isatap.{21041D47-EAB6-45D...         8 IPv4    {89.248.166.149, 8.8.8.8}                                               
isatap.{21041D47-EAB6-45D...         8 IPv6    {}                                                                      



========= Fim de CMD: =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE32A2A9-212A-4CC5-A39E-30827EA58BD8}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE32A2A9-212A-4CC5-A39E-30827EA58BD8}" => chave removido (a) com sucesso.
C:\Windows\System32\Tasks\VirusRemover => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VirusRemover" => chave removido (a) com sucesso.
"C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe" => não encontrado (a).
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => valor removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}\\DhcpNameServer => valor removido (a) com sucesso.

=========  ipconfig /release =========


Configura��o de IP do Windows

Nenhuma opera��o pode ser executada em Ethernet enquanto a 
m�dia estiver desconectada.
Nenhuma opera��o pode ser executada em Conex�o Local* 1 enquanto a 
m�dia estiver desconectada.

Adaptador Ethernet Ethernet:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : domain.invalid

Adaptador de Rede sem Fio Conex�o Local* 1:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : 

Adaptador de Rede sem Fio Wi-Fi:

   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Endere�o IPv6 de link local . . . . . . . . : fe80::d565:5368:3e1c:d8ce%2
   Gateway Padr�o. . . . . . . . . . . . . . . : 

Adaptador de t�nel Conex�o Local* 3:

   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Endere�o IPv6 . . . . . . . . . . : 2001:0:9d38:6ab8:3035:351a:4c2d:f1c7
   Endere�o IPv6 de link local . . . . . . . . : fe80::3035:351a:4c2d:f1c7%11
   Gateway Padr�o. . . . . . . . . . . . . . . : ::

Adaptador de t�nel isatap.{21041D47-EAB6-45D5-9AAC-C7F9A7910B67}:

   Estado da m�dia . . . . . . . . . . . . . . : m�dia n�o operacional
   Sufixo DNS espec�fico de conex�o. . . . . . : 

========= Fim de CMD: =========


=========  ipconfig /renew =========


Configura��o de IP do Windows

Nenhuma opera��o pode ser executada em Ethernet enquanto a 
m�dia estiver desconectada.
Nenhuma opera��o pode ser executada em Conex�o Local* 1 enquanto a 
m�dia estiver desconectada.

Adaptador Ethernet Ethernet:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : domain.invalid

Adaptador de Rede sem Fio Conex�o Local* 1:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : 

Adaptador de Rede sem Fio Wi-Fi:

   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Endere�o IPv6 de link local . . . . . . . . : fe80::d565:5368:3e1c:d8ce%2
   Endere�o IPv4. . . . . . . .  . . . . . . . : 192.168.0.3
   M�scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
   Gateway Padr�o. . . . . . . . . . . . . . . : 192.168.0.1

Adaptador de t�nel Conex�o Local* 3:

   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Endere�o IPv6 . . . . . . . . . . : 2001:0:9d38:6ab8:3c9a:1f1:4c2d:f1c7
   Endere�o IPv6 de link local . . . . . . . . : fe80::3c9a:1f1:4c2d:f1c7%11
   Gateway Padr�o. . . . . . . . . . . . . . . : ::

Adaptador de t�nel isatap.{21041D47-EAB6-45D5-9AAC-C7F9A7910B67}:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : 

========= Fim de CMD: =========


=========  ipconfig /flushdns =========


Configura��o de IP do Windows

Libera��o do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 857693 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4310360 B
Java, Flash, Steam htmlcache => 696 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 163543871 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 2450 B
NetworkService => 0 B
cwege => 14926221 B

RecycleBin => 30792 B
EmptyTemp: => 175.2 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 10:50:53 ====

MBAM:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 21/06/2016
Suchlaufzeit: 11:07
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.06.21.04
Rootkit-Datenbank: v2016.05.27.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: cwege

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 295717
Abgelaufene Zeit: 22 Min., 29 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

FRST:

Code:

ATTFilter

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19-06-2016 01
Executado por cwege (administrador) em CARSTEN-DELL344 (21-06-2016 11:48:46)
Executando a partir de C:\Users\cwege\Desktop
Perfis Carregados: cwege (Perfis Disponíveis: cwege)
Platform: Windows 10 Home Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8468184 2015-05-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Dell Inc.)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [191488 2011-04-20] (A.E.T. Europe B.V.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-767966989-473913170-3455617934-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{816b9e62-21bd-40c3-b5ce-43e337bdf71c}: [DhcpNameServer] 192.168.254.254
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> DefaultScope {67AD6316-7576-41A2-9EBB-003E44D9FEB9} URL = 
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> {B365B296-1A28-4108-A050-7C52624DA174} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20160101&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-12-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-12-09] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\cwege\AppData\Roaming\Mozilla\Firefox\Profiles\qbtk1o0i.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\cwege\AppData\Roaming\Mozilla\Firefox\Profiles\qbtk1o0i.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon [2016-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon

Chrome: 
=======
CHR Profile: C:\Users\cwege\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows (R) Win 7 DDK provider)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [87888 2016-05-03] ()
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Arquivo não assinado]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Arquivo não assinado]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe [289080 2016-02-26] (Symantec Corporation)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-05-26] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [886096 2016-06-03] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-06-03] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-06-03] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [Arquivo não assinado]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [Arquivo não assinado]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [Arquivo não assinado]
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4301304 2015-05-18] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\BASHDefs\20160613.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1606000.08E\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\IPSDefs\20160620.003\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160621.001\ENG64.SYS [138456 2016-06-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160621.001\EX64.SYS [2148056 2016-06-15] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [48296 2015-05-29] (Synaptics Incorporated)
S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-21 11:47 - 2016-06-21 11:47 - 00001194 _____ C:\Users\cwege\Desktop\mbam.txt
2016-06-21 11:41 - 2016-06-21 11:41 - 00016148 _____ C:\Windows\system32\CARSTEN-DELL344_cwege_HistoryPrediction.bin
2016-06-21 11:41 - 2016-06-21 11:41 - 00000000 ___HD C:\OneDriveTemp
2016-06-21 11:00 - 2016-06-21 11:00 - 00001173 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-21 11:00 - 2016-06-21 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-21 11:00 - 2016-06-21 11:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-06-21 11:00 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-21 11:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-21 10:48 - 2016-06-21 10:50 - 00007386 _____ C:\Users\cwege\Desktop\Fixlog.txt
2016-06-20 21:31 - 2016-06-20 21:31 - 00043031 _____ C:\Users\cwege\Desktop\FRST 2.txt
2016-06-20 21:31 - 2016-06-20 21:31 - 00030305 _____ C:\Users\cwege\Desktop\Addition 2.txt
2016-06-20 21:08 - 2016-06-20 21:08 - 00001547 _____ C:\Users\cwege\Desktop\AdwCleaner[C3].txt
2016-06-20 20:50 - 2016-06-20 20:50 - 00002340 _____ C:\Users\cwege\Desktop\AdwCleaner[C2].txt
2016-06-20 18:06 - 2016-06-20 18:08 - 02387456 _____ (Farbar) C:\Users\cwege\Desktop\FRST64.exe
2016-06-20 08:46 - 2016-06-21 11:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-20 08:46 - 2016-06-20 20:31 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable)
2016-06-20 08:46 - 2016-06-20 20:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-20 08:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-20 08:43 - 2016-06-20 08:43 - 00000000 ____D C:\Users\cwege\Desktop\mbar-1.09.3.1001
2016-06-20 08:39 - 2016-06-20 08:40 - 16563352 _____ (Malwarebytes Corp.) C:\Users\cwege\Desktop\mbar-1.09.3.1001.exe
2016-06-19 19:14 - 2016-06-19 19:25 - 00483740 _____ C:\Users\cwege\Desktop\Histórico recente.txt
2016-06-19 19:08 - 2016-06-20 21:27 - 00030305 _____ C:\Users\cwege\Desktop\Addition alt.txt
2016-06-19 19:06 - 2016-06-21 11:49 - 00020366 _____ C:\Users\cwege\Desktop\FRST alt.txt
2016-06-19 19:06 - 2016-06-21 11:48 - 00000000 ____D C:\FRST
2016-06-19 18:42 - 2016-06-19 18:42 - 02870984 _____ (ESET) C:\Users\cwege\Desktop\esetsmartinstaller_deu(1).exe
2016-06-19 18:40 - 2016-06-19 18:40 - 00165376 _____ C:\Users\cwege\Desktop\SystemLook_x64.exe
2016-06-19 18:39 - 2016-06-19 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\cwege\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-19 18:36 - 2016-06-20 20:43 - 03703360 _____ C:\Users\cwege\Desktop\AdwCleaner_5.200.exe
2016-06-17 11:41 - 2016-06-17 11:41 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-15 12:44 - 2016-05-28 02:02 - 06488312 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 02543784 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 01591304 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:52 - 22326760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 12:44 - 2016-05-28 01:39 - 01365584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:38 - 05118024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 01:35 - 02188472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 01:08 - 21860352 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 01:07 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 12:44 - 2016-05-28 01:00 - 01336832 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 06788096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:56 - 12511232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:53 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:51 - 02119680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:51 - 01603584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:49 - 19330560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 12:44 - 2016-05-28 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 03584000 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-15 12:44 - 2016-05-28 00:44 - 04793344 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:44 - 00737792 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 12:44 - 2016-05-28 00:41 - 05160960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:40 - 18797568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 00:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:36 - 01383424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:35 - 02042368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:32 - 03580928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:31 - 11268096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:30 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:29 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 12:43 - 2016-05-28 02:02 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00601344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00432360 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00421536 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00158048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00113144 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 02:00 - 00327520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-15 12:43 - 2016-05-28 02:00 - 00203496 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00363872 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00131208 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:54 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 03625416 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 00026464 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00613120 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 12:43 - 2016-05-28 01:39 - 00952968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 00365128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00372368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00306528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00112632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:28 - 00467296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 20861984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 02880560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:21 - 00545400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:21 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:11 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-15 12:43 - 2016-05-28 01:09 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 00672256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-06-15 12:43 - 2016-05-28 00:57 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 12:43 - 2016-05-28 00:54 - 00282112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 00:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:52 - 02663424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:51 - 02848256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:44 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-15 12:43 - 2016-05-28 00:44 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:43 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 12:43 - 2016-05-28 00:41 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 12:43 - 2016-05-28 00:40 - 00672768 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 01821696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:37 - 02315776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00679936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-15 12:43 - 2016-05-28 00:29 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:25 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-06-07 14:09 - 2016-06-13 04:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-03 18:43 - 2016-06-03 18:43 - 00875192 _____ (Amazon) C:\Users\cwege\Downloads\AmazonCloudDriveSetup.exe
2016-06-03 13:48 - 2016-06-03 13:48 - 00001086 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-05-27 14:37 - 2016-06-08 06:15 - 00000000 ____D C:\Users\cwege\AppData\Local\tkdata
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Users\Todos os Usuários\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\ProgramData\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-05-27 14:35 - 2016-06-19 16:56 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00001227 _____ C:\Users\Public\Desktop\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00000000 ____D C:\Program Files\Intel Security
2016-05-27 14:33 - 2016-06-20 10:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-27 14:33 - 2016-05-28 02:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-05-27 14:27 - 2016-05-27 14:27 - 00000000 ____D C:\Users\cwege\AppData\Local\Macromedia
2016-05-27 14:25 - 2016-05-27 14:23 - 00000030 _____ C:\AVScanner.ini
2016-05-27 14:23 - 2016-06-21 11:41 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 14:23 - 2016-06-20 10:25 - 00000000 ____D C:\Program Files\TrueKey
2016-05-27 14:23 - 2016-06-17 11:41 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-26 10:07 - 2016-05-26 10:23 - 00000000 ____D C:\Users\cwege\AppData\Local\NPE

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-21 11:48 - 2016-05-12 23:08 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2016-06-21 11:42 - 2015-12-12 10:29 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Skype
2016-06-21 11:41 - 2015-12-05 10:24 - 00000000 ___RD C:\Users\cwege\OneDrive
2016-06-21 11:41 - 2015-12-05 10:21 - 00000000 __SHD C:\Users\cwege\IntelGraphicsProfiles
2016-06-21 11:41 - 2015-12-05 10:16 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-21 11:40 - 2015-07-10 09:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-21 11:39 - 2015-07-10 06:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-21 10:23 - 2015-12-05 17:41 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-06-21 10:23 - 2015-12-05 10:24 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-06-21 10:23 - 2015-10-22 03:21 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-06-21 10:14 - 2015-12-05 14:01 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F7C92D93-B2FB-4112-A628-A72D18F1E197}
2016-06-21 09:08 - 2015-12-26 19:38 - 00000000 ____D C:\Monica
2016-06-21 07:47 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-21 07:47 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\AppReadiness
2016-06-20 23:03 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\rescache
2016-06-20 21:03 - 2016-03-22 10:23 - 00000000 ____D C:\AdwCleaner
2016-06-20 20:18 - 2015-12-16 11:02 - 00000000 ____D C:\Users\cwege\AppData\LocalLow\Temp
2016-06-20 18:15 - 2015-12-05 19:36 - 00000000 ____D C:\Carsten
2016-06-20 10:40 - 2015-10-22 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-20 10:40 - 2015-10-22 03:13 - 00000000 ____D C:\Users\Todos os Usuários\Dell
2016-06-20 10:40 - 2015-10-22 03:13 - 00000000 ____D C:\ProgramData\Dell
2016-06-20 10:40 - 2015-10-22 03:13 - 00000000 ____D C:\Program Files\Dell
2016-06-20 10:40 - 2015-10-22 02:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-20 10:38 - 2015-12-12 10:28 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-06-20 10:38 - 2015-12-12 10:28 - 00000000 ____D C:\ProgramData\Skype
2016-06-20 10:30 - 2015-07-10 06:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-06-20 08:46 - 2016-05-09 14:59 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-06-20 08:46 - 2016-05-09 14:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-19 18:40 - 2016-05-14 16:05 - 01610816 _____ (Malwarebytes) C:\Users\cwege\Desktop\JRT.exe
2016-06-18 12:05 - 2015-12-16 11:00 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Nitro PDF
2016-06-17 09:06 - 2016-05-16 20:35 - 00000000 ____D C:\Users\cwege\AppData\Local\CrashDumps
2016-06-17 04:56 - 2015-07-10 07:55 - 00000000 ____D C:\Windows\CbsTemp
2016-06-16 19:37 - 2015-12-05 16:29 - 00000000 ___RD C:\Users\cwege\Documents\Scanned Documents
2016-06-15 15:20 - 2015-10-22 03:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 15:16 - 2015-07-10 09:20 - 00206344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 15:16 - 2015-07-10 08:02 - 00000000 ____D C:\Windows\INF
2016-06-15 15:13 - 2015-07-10 08:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-15 13:34 - 2015-12-05 14:18 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 13:27 - 2015-12-05 14:18 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 11:19 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 04:51 - 2016-05-09 15:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 17:42 - 2015-10-22 02:47 - 01810446 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-09 17:42 - 2015-07-16 16:14 - 00796654 _____ C:\Windows\system32\prfh0416.dat
2016-06-09 17:42 - 2015-07-16 16:14 - 00157592 _____ C:\Windows\system32\prfc0416.dat
2016-06-05 08:17 - 2016-01-23 22:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00000000 ____D C:\Program Files\paint.net
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\ProgramData\McAfee
2016-05-27 14:40 - 2015-12-05 13:56 - 00000000 ____D C:\Users\cwege\AppData\Local\Adobe
2016-05-27 14:35 - 2015-10-22 03:07 - 00000000 ____D C:\Program Files\Intel
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-27 14:33 - 2016-05-12 23:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-27 13:46 - 2015-10-22 02:51 - 00000000 ____D C:\Windows\Panther
2016-05-27 13:42 - 2016-04-27 09:13 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-26 23:18 - 2015-12-12 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\Users\Todos os Usuários\Norton
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\ProgramData\Norton
2016-05-23 20:22 - 2015-12-05 10:24 - 00002371 _____ C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Arquivos na raiz de alguns diretórios =======

2015-12-11 18:40 - 2015-12-11 18:41 - 6557455 _____ () C:\Program Files (x86)\paint.net.4.0.6.install.zip
2016-01-10 15:33 - 2016-01-10 15:33 - 0003584 _____ () C:\Users\cwege\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-22 03:06 - 2015-10-22 03:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-22 03:05 - 2015-10-22 03:05 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-10-22 02:52 - 2015-10-22 02:53 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-10-22 03:00 - 2015-10-22 03:05 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-10-22 02:54 - 2015-10-22 02:59 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

Addition:

Code:

ATTFilter

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 19-06-2016 01
Executado por cwege (2016-06-21 11:49:50)
Executando a partir de C:\Users\cwege\Desktop
Windows 10 Home Single Language (X64) (2015-12-05 13:15:49)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-767966989-473913170-3455617934-500 - Administrator - Disabled)
Convidado (S-1-5-21-767966989-473913170-3455617934-501 - Limited - Disabled)
cwege (S-1-5-21-767966989-473913170-3455617934-1001 - Administrator - Enabled) => C:\Users\cwege
DefaultAccount (S-1-5-21-767966989-473913170-3455617934-503 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Norton Security com Backup (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security com Backup (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security com Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Any Video Converter 5.8.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AssinadorLivre (HKLM-x32\...\{369B7318-9434-4938-9595-58DB0200AD12}) (Version: 1.0.4 - PJERJ)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
calibre 64bit (HKLM\...\{D8905AF6-9F72-4BD8-BF37-51C5760B3CD5}) (Version: 2.48.0 - Kovid Goyal)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{694AFFC3-93D4-4049-AF26-78739488EB4D}) (Version: 3.0.97.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.2.131.1 - Intel Security)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
Norton Security com Backup (HKLM-x32\...\NSBU) (Version: 22.6.0.142 - Symantec Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Product Registration (Version: 3.0.97.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
SafeSign 64-bits (HKLM\...\{66913111-2F8A-4950-AA93-51C26182FC35}) (Version: 3.0.45 - A.E.T. Europe B.V.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Software de dispositivo do Chipset Intel® (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
XMedia Recode Version 3.2.7.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.7.0 - XMedia Recode)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-767966989-473913170-3455617934-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {264FB661-4391-4D9F-A35F-4E6C06CA8055} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2970D737-D999-4982-A443-2C425EB3EA50} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {45BDA5A8-15A2-43ED-869F-79317DF5DD61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {496DC9B4-0DC2-4564-8818-0E4E0B7617DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {9DD8D688-1574-4CA6-97B2-250020773404} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security com Backup\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {9FEC4113-C748-43DC-BF09-125EB634F061} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A32E0AA3-54F3-4024-99AD-E6590AFAE95E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28] (Realtek Semiconductor)
Task: {B66B01D1-706A-4006-8004-B4F6DE851B1B} - System32\Tasks\Norton Security with Backup\Norton Autofix => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {D136D80D-B0FE-4F7D-95FD-629F7AB8A9EF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-29] (Synaptics Incorporated)
Task: {D6BA068F-3D96-4AB5-9C07-D2E695BD8CAA} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {E0C4634E-BBF1-4418-9668-1601841297C2} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {E2DBFA14-A2AF-4C08-9451-A80F5ACA40CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EFFA3837-5636-4587-83BF-67ACB45BF3D5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {FE27E495-3669-4351-BC07-1184DB5CEC6A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2015-07-10 08:00 - 2015-07-10 08:00 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-05-19 13:11 - 2015-05-19 13:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2015-10-22 02:58 - 2014-04-14 22:59 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00959168 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-10-22 03:12 - 2015-09-07 18:43 - 00395880 _____ () C:\Windows\system32\igfxTray.exe
2015-12-05 14:13 - 2015-09-17 02:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-08 21:00 - 2015-11-25 01:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-05 14:15 - 2015-09-17 02:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-05-13 17:15 - 2015-09-15 17:56 - 00306904 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00241368 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00118488 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00962264 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2016-05-13 17:15 - 2015-02-26 00:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00679624 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-26 10:26 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-26 10:26 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-10-22 02:53 - 2014-12-08 04:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 19:28 - 2014-12-08 19:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2015-06-23 20:26 - 2015-06-23 20:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-24 05:07 - 2015-06-24 05:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:3or4kl4x13tuuug3Byamue2s4b [83]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2016-06-20 20:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-767966989-473913170-3455617934-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 89.248.166.149 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D177353D-E445-4C8E-9A75-E45E90F2704B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{DFDE7270-7B9C-489A-827C-696E9D9D84D9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{AE1224D1-DBA8-4D02-A1D5-18E47DC8815A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CF17050-B9D8-4213-9037-3FC25F2A6C8D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A8A3BBAF-89A3-4599-A6A3-E53A66529026}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5503F6A8-C4E8-4BBF-8C3F-83CD82B4C79F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFC754C6-488E-4C17-8508-33D5DD3FCC2A}] => (Allow) LPort=2869
FirewallRules: [{CC9DB1F8-AEE9-4806-9FFC-2EDC2B1EFB04}] => (Allow) LPort=1900

==================== Pontos de Restauração =========================

03-06-2016 13:46:44 paint.net v4.0.9
13-06-2016 10:38:47 Ponto de Verificação Agendado
17-06-2016 04:53:37 Windows Update
20-06-2016 10:23:06 Malwarebytes Anti-Rootkit Restore Point

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (06/21/2016 11:39:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARSTEN-DELL344)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/21/2016 10:58:02 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (8396) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/21/2016 10:58:02 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (8396) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/21/2016 10:57:50 AM) (Source: ESENT) (EventID: 454) (User: )
Description: SettingSyncHost (8396) {1124694C-B809-455A-BF92-994C6EA4E359}: Falha na recuperação/restauração do banco de dados com erro inesperado -1216.

Error: (06/21/2016 10:57:50 AM) (Source: ESENT) (EventID: 494) (User: )
Description: SettingSyncHost (8396) {1124694C-B809-455A-BF92-994C6EA4E359}: A recuperação do banco de dados falhou com o erro -1216 porque encontrou referências a um banco de dados, 'C:\Users\cwege\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb', que não existe mais. Ele não foi trazido a um estado de Desligamento Normal antes de ser removido (ou possivelmente movido ou renomeado). O mecanismo de banco de dados não permitirá a conclusão da recuperação dessa instância até que o banco de dados ausente seja reinstalado. Se realmente o banco de dados não estiver mais disponível e não for mais necessário, os procedimentos para a recuperação deste erro estarão disponíveis na Base de Dados de Conhecimento Microsoft ou seguindo o link de "mais informações" na parte inferior desta mensagem.

Error: (06/21/2016 10:57:50 AM) (Source: ESENT) (EventID: 490) (User: )
Description: SettingSyncHost (8396) {1124694C-B809-455A-BF92-994C6EA4E359}: Falha ao tentar abrir o arquivo "C:\Users\cwege\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" para acesso de leitura/gravação com o erro de sistema 32 (0x00000020): "O arquivo já está sendo usado por outro processo. ". A operação de abertura do arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/21/2016 10:51:59 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3900) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/21/2016 10:51:59 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3900) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/21/2016 10:51:49 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3900) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/21/2016 10:51:49 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3900) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).


Erros de Sistema:
=============
Error: (06/21/2016 11:40:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Service Installer TrueKey devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/21/2016 11:39:32 AM) (Source: DCOM) (EventID: 10010) (User: CARSTEN-DELL344)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (06/21/2016 11:39:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Acesso a Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/21/2016 11:39:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Armazenamento de Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/21/2016 11:39:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Dados de Contato_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/21/2016 11:39:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/21/2016 10:54:51 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSERVIÇO LOCALS-1-5-19LocalHost (Usando LRPC)Não DisponívelNão Disponível

Error: (06/21/2016 10:53:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Service Installer TrueKey devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/21/2016 10:52:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)
Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente.

Caminho do Módulo: C:\Windows\system32\athihvs.dll

Error: (06/21/2016 10:52:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT)
Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente.

Caminho do Módulo: C:\Windows\system32\athihvs.dll


CodeIntegrity:
===================================
  Date: 2016-05-09 14:37:47.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:33.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:25.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:35:11.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentagem de memória em uso: 57%
RAM física total: 4000.18 MB
RAM física disponível: 1684.11 MB
Virtual Total: 8352.18 MB
Virtual disponível: 5802.73 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.63 GB) (Free:754.76 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1157C999)

Partition: GPT.

==================== Fim de Addition.txt ============================

Soweit ich es bis jetzt ausprobieren konnte, gibt es immer noch ein paar unerwuenschte Pop-ups.

Viele Gruesse,
Carsten

burningice · 21.06.2016, 17:01

ja paar Sachen sind noch ungewöhnlich. In welcher Region der Erde wohnst du etwa?

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

cmd: powershell Get-DNSClientServerAddress
cmd: powershell "Set-DnsClientServerAddress -InterfaceIndex 2 -ResetServerAddresses"
cmd: powershell Get-DNSClientServerAddress
cmd: ipconfig /all
reboot:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

cybercarsten · 21.06.2016, 20:49

Hallo Rafael,

ich wohne in Brasilien, Rio de Janeiro, der Rechner wurde hier gekauft, mit portugiesischem Betriebssystem. Deshalb finde ich es auch komisch, dass ich ausgerechnet russische Pop-ups bekomme (sind immer noch da, auf werbeintensiven Seiten, z.B. bild.de).

Hier die Protokolle:

Fixlog:

Code:

ATTFilter

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 20-06-2016 01
Executado por cwege (2016-06-21 16:17:17) Run:5
Executando a partir de C:\Users\cwege\Desktop
Perfis Carregados: cwege (Perfis Disponíveis: cwege)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
cmd: powershell Get-DNSClientServerAddress
cmd: powershell "Set-DnsClientServerAddress -InterfaceIndex 2 -ResetServerAddresses"
cmd: powershell Get-DNSClientServerAddress
cmd: ipconfig /all
reboot:
         
*****************


=========  powershell Get-DNSClientServerAddress =========


InterfaceAlias               Interface Address ServerAddresses                                                         
                             Index     Family                                                                          
--------------               --------- ------- ---------------                                                         
Ethernet                             6 IPv4    {192.168.254.254}                                                       
Ethernet                             6 IPv6    {}                                                                      
Conex�o Local* 1                     3 IPv4    {}                                                                      
Conex�o Local* 1                     3 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}                  
Wi-Fi                                2 IPv4    {89.248.166.149, 8.8.8.8}                                               
Wi-Fi                                2 IPv6    {}                                                                      
Loopback Pseudo-Interface 1          1 IPv4    {}                                                                      
Loopback Pseudo-Interface 1          1 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}                  
Conex�o Local* 3                    11 IPv4    {}                                                                      
Conex�o Local* 3                    11 IPv6    {}                                                                      
isatap.{21041D47-EAB6-45D...         8 IPv4    {89.248.166.149, 8.8.8.8}                                               
isatap.{21041D47-EAB6-45D...         8 IPv6    {}                                                                      



========= Fim de CMD: =========


=========  powershell "Set-DnsClientServerAddress -InterfaceIndex 2 -ResetServerAddresses" =========


========= Fim de CMD: =========


=========  powershell Get-DNSClientServerAddress =========


InterfaceAlias               Interface Address ServerAddresses                                                         
                             Index     Family                                                                          
--------------               --------- ------- ---------------                                                         
Ethernet                             6 IPv4    {192.168.254.254}                                                       
Ethernet                             6 IPv6    {}                                                                      
Conex�o Local* 1                     3 IPv4    {}                                                                      
Conex�o Local* 1                     3 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}                  
Wi-Fi                                2 IPv4    {89.248.166.149, 8.8.8.8}                                               
Wi-Fi                                2 IPv6    {}                                                                      
Loopback Pseudo-Interface 1          1 IPv4    {}                                                                      
Loopback Pseudo-Interface 1          1 IPv6    {fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3}                  
Conex�o Local* 3                    11 IPv4    {}                                                                      
Conex�o Local* 3                    11 IPv6    {}                                                                      
isatap.{21041D47-EAB6-45D...         8 IPv4    {89.248.166.149, 8.8.8.8}                                               
isatap.{21041D47-EAB6-45D...         8 IPv6    {}                                                                      



========= Fim de CMD: =========


=========  ipconfig /all =========


Configura��o de IP do Windows

   Nome do host. . . . . . . . . . . . . . . . : CARSTEN-DELL3442
   Sufixo DNS prim�rio . . . . . . . . . . . . : 
   Tipo de n�. . . . . . . . . . . . . . . . . : desconhecido
   Roteamento de IP ativado. . . . . . . . . . : n�o
   Proxy WINS ativado. . . . . . . . . . . . . : n�o

Adaptador Ethernet Ethernet:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : domain.invalid
   Descri��o . . . . . . . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Endere�o F�sico . . . . . . . . . . . . . . : 34-17-EB-FF-F3-4F
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura��o Autom�tica Habilitada. . . . . : Sim

Adaptador de Rede sem Fio Conex�o Local* 1:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Descri��o . . . . . . . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Endere�o F�sico . . . . . . . . . . . . . . : 1A-4F-32-69-BE-25
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura��o Autom�tica Habilitada. . . . . : Sim

Adaptador de Rede sem Fio Wi-Fi:

   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Descri��o . . . . . . . . . . . . . . . . . : Dell Wireless 1705 802.11b|g|n (2.4GHZ)
   Endere�o F�sico . . . . . . . . . . . . . . : 18-4F-32-69-BE-25
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura��o Autom�tica Habilitada. . . . . : Sim
   Endere�o IPv6 de link local . . . . . . . . : fe80::d565:5368:3e1c:d8ce%2(Preferencial) 
   Endere�o IPv4. . . . . . . .  . . . . . . . : 192.168.0.3(Preferencial) 
   M�scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
   Concess�o Obtida. . . . . . . . . . . . . . : 21 June 2016 13:37:24
   Concess�o Expira. . . . . . . . . . . . . . : 21 June 2016 17:04:08
   Gateway Padr�o. . . . . . . . . . . . . . . : 192.168.0.1
   Servidor DHCP . . . . . . . . . . . . . . . : 192.168.0.1
   IAID de DHCPv6. . . . . . . . . . . . . . . : 35147570
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-1D-BA-2F-22-34-17-EB-FF-F3-4F
   Servidores DNS. . . . . . . . . . . . . . . : 89.248.166.149
                                                 8.8.8.8
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador de t�nel Conex�o Local* 3:

   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Descri��o . . . . . . . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Endere�o F�sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : N�o
   Configura��o Autom�tica Habilitada. . . . . : Sim
   Endere�o IPv6 . . . . . . . . . . : 2001:0:5ef5:79fb:485:12b4:4c2d:f1c7(Preferencial) 
   Endere�o IPv6 de link local . . . . . . . . : fe80::485:12b4:4c2d:f1c7%11(Preferencial) 
   Gateway Padr�o. . . . . . . . . . . . . . . : ::
   IAID de DHCPv6. . . . . . . . . . . . . . . : 318767104
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-1D-BA-2F-22-34-17-EB-FF-F3-4F
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Desabilitado

Adaptador de t�nel isatap.{21041D47-EAB6-45D5-9AAC-C7F9A7910B67}:

   Estado da m�dia. . . . . . . . . . . . . .  : m�dia desconectada
   Sufixo DNS espec�fico de conex�o. . . . . . : 
   Descri��o . . . . . . . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Endere�o F�sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : N�o
   Configura��o Autom�tica Habilitada. . . . . : Sim

========= Fim de CMD: =========



O sistema precisou ser reiniciado.

==== Fim de Fixlog 16:17:37 ====

FRST:

Code:

ATTFilter

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20-06-2016 01
Executado por cwege (administrador) em CARSTEN-DELL344 (21-06-2016 16:22:35)
Executando a partir de C:\Users\cwege\Desktop
Perfis Carregados: cwege (Perfis Disponíveis: cwege)
Platform: Windows 10 Home Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8468184 2015-05-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Dell Inc.)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [191488 2011-04-20] (A.E.T. Europe B.V.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-767966989-473913170-3455617934-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{816b9e62-21bd-40c3-b5ce-43e337bdf71c}: [DhcpNameServer] 192.168.254.254
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> DefaultScope {67AD6316-7576-41A2-9EBB-003E44D9FEB9} URL = 
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> {B365B296-1A28-4108-A050-7C52624DA174} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20160101&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-12-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-12-09] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\cwege\AppData\Roaming\Mozilla\Firefox\Profiles\qbtk1o0i.default
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\cwege\AppData\Roaming\Mozilla\Firefox\Profiles\qbtk1o0i.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon [2016-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon

Chrome: 
=======
CHR Profile: C:\Users\cwege\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows (R) Win 7 DDK provider)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [87888 2016-05-03] ()
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Arquivo não assinado]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Arquivo não assinado]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe [289080 2016-02-26] (Symantec Corporation)
S2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-05-26] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [886096 2016-06-03] (McAfee, Inc.)
S2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-06-03] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-06-03] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [Arquivo não assinado]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [Arquivo não assinado]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [Arquivo não assinado]
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4301304 2015-05-18] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\BASHDefs\20160613.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1606000.08E\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\IPSDefs\20160620.003\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160621.001\ENG64.SYS [138456 2016-06-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160621.001\EX64.SYS [2148056 2016-06-15] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [48296 2015-05-29] (Synaptics Incorporated)
S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-21 16:22 - 2016-06-21 16:22 - 00019974 _____ C:\Users\cwege\Desktop\FRST.txt
2016-06-21 16:20 - 2016-06-21 16:20 - 00016148 _____ C:\Windows\system32\CARSTEN-DELL344_cwege_HistoryPrediction.bin
2016-06-21 16:20 - 2016-06-21 16:20 - 00000000 ___HD C:\OneDriveTemp
2016-06-21 16:17 - 2016-06-21 16:17 - 00008375 _____ C:\Users\cwege\Desktop\Fixlog.txt
2016-06-21 16:17 - 2016-06-21 16:17 - 00000000 ____D C:\Users\cwege\Desktop\FRST-OlderVersion
2016-06-21 11:00 - 2016-06-21 11:00 - 00001173 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-06-21 11:00 - 2016-06-21 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-06-21 11:00 - 2016-06-21 11:00 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-06-21 11:00 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-06-21 11:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-06-20 18:06 - 2016-06-21 16:17 - 02387456 _____ (Farbar) C:\Users\cwege\Desktop\FRST64.exe
2016-06-20 08:46 - 2016-06-21 11:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-20 08:46 - 2016-06-20 20:31 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes' Anti-Malware (portable)
2016-06-20 08:46 - 2016-06-20 20:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-06-20 08:44 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-06-20 08:43 - 2016-06-20 08:43 - 00000000 ____D C:\Users\cwege\Desktop\mbar-1.09.3.1001
2016-06-20 08:39 - 2016-06-20 08:40 - 16563352 _____ (Malwarebytes Corp.) C:\Users\cwege\Desktop\mbar-1.09.3.1001.exe
2016-06-19 19:14 - 2016-06-19 19:25 - 00483740 _____ C:\Users\cwege\Desktop\Histórico recente.txt
2016-06-19 19:06 - 2016-06-21 16:22 - 00000000 ____D C:\FRST
2016-06-19 18:42 - 2016-06-19 18:42 - 02870984 _____ (ESET) C:\Users\cwege\Desktop\esetsmartinstaller_deu(1).exe
2016-06-19 18:40 - 2016-06-19 18:40 - 00165376 _____ C:\Users\cwege\Desktop\SystemLook_x64.exe
2016-06-19 18:39 - 2016-06-19 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\cwege\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-19 18:36 - 2016-06-20 20:43 - 03703360 _____ C:\Users\cwege\Desktop\AdwCleaner_5.200.exe
2016-06-17 11:41 - 2016-06-17 11:41 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-15 12:44 - 2016-05-28 02:02 - 06488312 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 02543784 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 01591304 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:52 - 22326760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 12:44 - 2016-05-28 01:39 - 01365584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:38 - 05118024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 01:35 - 02188472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 01:08 - 21860352 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 01:07 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 12:44 - 2016-05-28 01:00 - 01336832 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 06788096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:56 - 12511232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:53 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:51 - 02119680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:51 - 01603584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:49 - 19330560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 12:44 - 2016-05-28 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 03584000 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-15 12:44 - 2016-05-28 00:44 - 04793344 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:44 - 00737792 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 12:44 - 2016-05-28 00:41 - 05160960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:40 - 18797568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 00:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:36 - 01383424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:35 - 02042368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:32 - 03580928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:31 - 11268096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:30 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:29 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 12:43 - 2016-05-28 02:02 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00601344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00432360 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00421536 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00158048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00113144 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 02:00 - 00327520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-15 12:43 - 2016-05-28 02:00 - 00203496 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00363872 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00131208 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:54 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 03625416 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 00026464 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00613120 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 12:43 - 2016-05-28 01:39 - 00952968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 00365128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00372368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00306528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00112632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:28 - 00467296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 20861984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 02880560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:21 - 00545400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:21 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:11 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-15 12:43 - 2016-05-28 01:09 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 00672256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-06-15 12:43 - 2016-05-28 00:57 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 12:43 - 2016-05-28 00:54 - 00282112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 00:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:52 - 02663424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:51 - 02848256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:44 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-15 12:43 - 2016-05-28 00:44 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:43 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 12:43 - 2016-05-28 00:41 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 12:43 - 2016-05-28 00:40 - 00672768 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 01821696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:37 - 02315776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00679936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-15 12:43 - 2016-05-28 00:29 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:25 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-06-07 14:09 - 2016-06-13 04:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-03 18:43 - 2016-06-03 18:43 - 00875192 _____ (Amazon) C:\Users\cwege\Downloads\AmazonCloudDriveSetup.exe
2016-06-03 13:48 - 2016-06-03 13:48 - 00001086 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-05-27 14:37 - 2016-06-08 06:15 - 00000000 ____D C:\Users\cwege\AppData\Local\tkdata
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Users\Todos os Usuários\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\ProgramData\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-05-27 14:35 - 2016-06-19 16:56 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00001227 _____ C:\Users\Public\Desktop\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00000000 ____D C:\Program Files\Intel Security
2016-05-27 14:33 - 2016-06-20 10:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-27 14:33 - 2016-05-28 02:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-05-27 14:27 - 2016-05-27 14:27 - 00000000 ____D C:\Users\cwege\AppData\Local\Macromedia
2016-05-27 14:25 - 2016-05-27 14:23 - 00000030 _____ C:\AVScanner.ini
2016-05-27 14:23 - 2016-06-21 15:41 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 14:23 - 2016-06-20 10:25 - 00000000 ____D C:\Program Files\TrueKey
2016-05-27 14:23 - 2016-06-17 11:41 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-26 10:07 - 2016-05-26 10:23 - 00000000 ____D C:\Users\cwege\AppData\Local\NPE

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-21 16:21 - 2015-12-12 10:29 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Skype
2016-06-21 16:20 - 2015-12-05 10:24 - 00000000 ___RD C:\Users\cwege\OneDrive
2016-06-21 16:20 - 2015-12-05 10:21 - 00000000 __SHD C:\Users\cwege\IntelGraphicsProfiles
2016-06-21 16:20 - 2015-12-05 10:16 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-21 16:19 - 2015-07-10 09:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-21 16:18 - 2015-07-10 06:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-21 15:22 - 2015-12-05 14:01 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F7C92D93-B2FB-4112-A628-A72D18F1E197}
2016-06-21 13:55 - 2016-05-12 23:08 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2016-06-21 10:23 - 2015-12-05 17:41 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-06-21 10:23 - 2015-12-05 10:24 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-06-21 10:23 - 2015-10-22 03:21 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-06-21 09:08 - 2015-12-26 19:38 - 00000000 ____D C:\Monica
2016-06-21 07:47 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-21 07:47 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\AppReadiness
2016-06-20 23:03 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\rescache
2016-06-20 21:03 - 2016-03-22 10:23 - 00000000 ____D C:\AdwCleaner
2016-06-20 20:18 - 2015-12-16 11:02 - 00000000 ____D C:\Users\cwege\AppData\LocalLow\Temp
2016-06-20 18:15 - 2015-12-05 19:36 - 00000000 ____D C:\Carsten
2016-06-20 10:40 - 2015-10-22 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-20 10:40 - 2015-10-22 03:13 - 00000000 ____D C:\Users\Todos os Usuários\Dell
2016-06-20 10:40 - 2015-10-22 03:13 - 00000000 ____D C:\ProgramData\Dell
2016-06-20 10:40 - 2015-10-22 03:13 - 00000000 ____D C:\Program Files\Dell
2016-06-20 10:40 - 2015-10-22 02:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-20 10:38 - 2015-12-12 10:28 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-06-20 10:38 - 2015-12-12 10:28 - 00000000 ____D C:\ProgramData\Skype
2016-06-20 10:30 - 2015-07-10 06:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-06-20 08:46 - 2016-05-09 14:59 - 00000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2016-06-20 08:46 - 2016-05-09 14:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-19 18:40 - 2016-05-14 16:05 - 01610816 _____ (Malwarebytes) C:\Users\cwege\Desktop\JRT.exe
2016-06-18 12:05 - 2015-12-16 11:00 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Nitro PDF
2016-06-17 09:06 - 2016-05-16 20:35 - 00000000 ____D C:\Users\cwege\AppData\Local\CrashDumps
2016-06-17 04:56 - 2015-07-10 07:55 - 00000000 ____D C:\Windows\CbsTemp
2016-06-16 19:37 - 2015-12-05 16:29 - 00000000 ___RD C:\Users\cwege\Documents\Scanned Documents
2016-06-15 15:20 - 2015-10-22 03:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 15:16 - 2015-07-10 09:20 - 00206344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 15:16 - 2015-07-10 08:02 - 00000000 ____D C:\Windows\INF
2016-06-15 15:13 - 2015-07-10 08:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-15 13:34 - 2015-12-05 14:18 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 13:27 - 2015-12-05 14:18 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 11:19 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 04:51 - 2016-05-09 15:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-09 17:42 - 2015-10-22 02:47 - 01810446 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-09 17:42 - 2015-07-16 16:14 - 00796654 _____ C:\Windows\system32\prfh0416.dat
2016-06-09 17:42 - 2015-07-16 16:14 - 00157592 _____ C:\Windows\system32\prfc0416.dat
2016-06-05 08:17 - 2016-01-23 22:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00000000 ____D C:\Program Files\paint.net
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\ProgramData\McAfee
2016-05-27 14:40 - 2015-12-05 13:56 - 00000000 ____D C:\Users\cwege\AppData\Local\Adobe
2016-05-27 14:35 - 2015-10-22 03:07 - 00000000 ____D C:\Program Files\Intel
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-27 14:33 - 2016-05-12 23:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-27 13:46 - 2015-10-22 02:51 - 00000000 ____D C:\Windows\Panther
2016-05-27 13:42 - 2016-04-27 09:13 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-26 23:18 - 2015-12-12 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\Users\Todos os Usuários\Norton
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\ProgramData\Norton
2016-05-23 20:22 - 2015-12-05 10:24 - 00002371 _____ C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Arquivos na raiz de alguns diretórios =======

2015-12-11 18:40 - 2015-12-11 18:41 - 6557455 _____ () C:\Program Files (x86)\paint.net.4.0.6.install.zip
2016-01-10 15:33 - 2016-01-10 15:33 - 0003584 _____ () C:\Users\cwege\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-22 03:06 - 2015-10-22 03:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-22 03:05 - 2015-10-22 03:05 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-10-22 02:52 - 2015-10-22 02:53 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-10-22 03:00 - 2015-10-22 03:05 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-10-22 02:54 - 2015-10-22 02:59 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-06-20 21:47

==================== Fim de FRST.txt ============================

Addition:

Code:

ATTFilter

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 20-06-2016 01
Executado por cwege (2016-06-21 16:24:11)
Executando a partir de C:\Users\cwege\Desktop
Windows 10 Home Single Language (X64) (2015-12-05 13:15:49)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-767966989-473913170-3455617934-500 - Administrator - Disabled)
Convidado (S-1-5-21-767966989-473913170-3455617934-501 - Limited - Disabled)
cwege (S-1-5-21-767966989-473913170-3455617934-1001 - Administrator - Enabled) => C:\Users\cwege
DefaultAccount (S-1-5-21-767966989-473913170-3455617934-503 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Norton Security com Backup (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security com Backup (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security com Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Any Video Converter 5.8.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AssinadorLivre (HKLM-x32\...\{369B7318-9434-4938-9595-58DB0200AD12}) (Version: 1.0.4 - PJERJ)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
calibre 64bit (HKLM\...\{D8905AF6-9F72-4BD8-BF37-51C5760B3CD5}) (Version: 2.48.0 - Kovid Goyal)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{694AFFC3-93D4-4049-AF26-78739488EB4D}) (Version: 3.0.97.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.2.131.1 - Intel Security)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
Norton Security com Backup (HKLM-x32\...\NSBU) (Version: 22.6.0.142 - Symantec Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Product Registration (Version: 3.0.97.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
SafeSign 64-bits (HKLM\...\{66913111-2F8A-4950-AA93-51C26182FC35}) (Version: 3.0.45 - A.E.T. Europe B.V.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Software de dispositivo do Chipset Intel® (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
XMedia Recode Version 3.2.7.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.7.0 - XMedia Recode)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-767966989-473913170-3455617934-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {264FB661-4391-4D9F-A35F-4E6C06CA8055} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2970D737-D999-4982-A443-2C425EB3EA50} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {45BDA5A8-15A2-43ED-869F-79317DF5DD61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {496DC9B4-0DC2-4564-8818-0E4E0B7617DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {9DD8D688-1574-4CA6-97B2-250020773404} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security com Backup\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {9FEC4113-C748-43DC-BF09-125EB634F061} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A32E0AA3-54F3-4024-99AD-E6590AFAE95E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28] (Realtek Semiconductor)
Task: {D136D80D-B0FE-4F7D-95FD-629F7AB8A9EF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-29] (Synaptics Incorporated)
Task: {D6BA068F-3D96-4AB5-9C07-D2E695BD8CAA} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {DAAB2BE3-998F-478D-B848-DE8D6B409834} - System32\Tasks\Norton Security with Backup\Norton Autofix => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {E0C4634E-BBF1-4418-9668-1601841297C2} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {E2DBFA14-A2AF-4C08-9451-A80F5ACA40CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EFFA3837-5636-4587-83BF-67ACB45BF3D5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {FE27E495-3669-4351-BC07-1184DB5CEC6A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2015-07-10 08:00 - 2015-07-10 08:00 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-05-19 13:11 - 2015-05-19 13:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2015-10-22 02:58 - 2014-04-14 22:59 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00959168 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-04-12 21:16 - 2016-03-16 01:46 - 02642272 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-04-12 21:15 - 2016-03-16 01:46 - 02107744 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-12-05 14:13 - 2015-09-17 02:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-08 21:00 - 2015-11-25 01:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-05 14:15 - 2015-09-17 02:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-22 03:12 - 2015-09-07 18:43 - 00395880 _____ () C:\Windows\system32\igfxTray.exe
2015-05-29 20:12 - 2015-05-29 20:12 - 00505200 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-05-13 17:15 - 2015-09-15 17:56 - 00306904 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00241368 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00118488 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00962264 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2016-05-13 17:15 - 2015-02-26 00:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00679624 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-26 10:26 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-12-26 10:26 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-05-29 20:11 - 2015-05-29 20:11 - 00214384 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2015-05-29 20:12 - 2015-05-29 20:12 - 00114032 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2015-10-22 02:53 - 2014-12-08 04:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 19:28 - 2014-12-08 19:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2015-06-23 20:26 - 2015-06-23 20:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-24 05:07 - 2015-06-24 05:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-10-22 02:53 - 2015-05-07 09:21 - 00865720 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\UNO.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:3or4kl4x13tuuug3Byamue2s4b [83]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2016-06-20 20:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-767966989-473913170-3455617934-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 89.248.166.149 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D177353D-E445-4C8E-9A75-E45E90F2704B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{DFDE7270-7B9C-489A-827C-696E9D9D84D9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{AE1224D1-DBA8-4D02-A1D5-18E47DC8815A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CF17050-B9D8-4213-9037-3FC25F2A6C8D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A8A3BBAF-89A3-4599-A6A3-E53A66529026}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5503F6A8-C4E8-4BBF-8C3F-83CD82B4C79F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFC754C6-488E-4C17-8508-33D5DD3FCC2A}] => (Allow) LPort=2869
FirewallRules: [{CC9DB1F8-AEE9-4806-9FFC-2EDC2B1EFB04}] => (Allow) LPort=1900

==================== Pontos de Restauração =========================

03-06-2016 13:46:44 paint.net v4.0.9
13-06-2016 10:38:47 Ponto de Verificação Agendado
17-06-2016 04:53:37 Windows Update
20-06-2016 10:23:06 Malwarebytes Anti-Rootkit Restore Point

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (06/21/2016 04:27:42 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1848) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/21/2016 04:27:42 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1848) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/21/2016 04:27:31 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1848) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/21/2016 04:27:31 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1848) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/21/2016 04:27:21 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1848) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/21/2016 04:27:21 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1848) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/21/2016 04:27:11 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1848) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/21/2016 04:27:11 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1848) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/21/2016 04:27:00 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (1848) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/21/2016 04:27:00 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (1848) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).


Erros de Sistema:
=============
Error: (06/21/2016 04:25:58 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Intel(R) Management and Security Application Local Management Service suspenso ao iniciar.

Error: (06/21/2016 04:19:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Service Installer TrueKey devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/21/2016 04:18:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Acesso a Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/21/2016 04:18:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Armazenamento de Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/21/2016 04:18:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Dados de Contato_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/21/2016 04:18:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/21/2016 11:40:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Service Installer TrueKey devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/21/2016 11:39:32 AM) (Source: DCOM) (EventID: 10010) (User: CARSTEN-DELL344)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (06/21/2016 11:39:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Acesso a Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/21/2016 11:39:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Armazenamento de Dados de Usuário_Session1 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.


CodeIntegrity:
===================================
  Date: 2016-05-09 14:37:47.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:33.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:25.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:35:11.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentagem de memória em uso: 53%
RAM física total: 4000.18 MB
RAM física disponível: 1867.45 MB
Virtual Total: 8352.18 MB
Virtual disponível: 6133.63 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.63 GB) (Free:754.56 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1157C999)

Partition: GPT.

==================== Fim de Addition.txt ============================

Viele Gruesse,
Carsten

burningice · 21.06.2016, 21:46

bitte setze mal deinen Wlan-Router zurück auf Werkeinstellungen, starte deinen PC neu und mache den Fix von eben noch einmal bitte

cybercarsten · 23.06.2016, 00:28

Hallo Rafael,

dem Router werde ich mich besser widmen, wenn ich etwas Zeit habe, morge nabend vielleicht. Das Geraet hier ist leider nicht so servicefreundlich wie eine FRITZ!-Box und mit dem portugiesischen Interface muss ich erstmal klar kommen. Bitte hab also etwas Geduld.
Gruss,
Carsten

burningice · 23.06.2016, 19:08

haha okay - melde dich dann einfach wieder

23.06.2016, 19:08	#14
burningice /// Malwareteam	Windows 10 Browser oeffnen endlos neue Tabs und Fenster mit Werbung haha okay - melde dich dann einfach wieder __________________ Mfg, Rafael ~ I'm storm. I'm calm. I'm fire. I'm ice. I'm burningice. ~ Unterstütze uns mit einer Spende ......... Lob, Kritik oder Wünsche ......... .......... Folge uns auf Facebook ..........

Windows 10 Browser oeffnen endlos neue Tabs und Fenster mit Werbung

Log-Analyse und Auswertung: Windows 10 Browser oeffnen endlos neue Tabs und Fenster mit Werbung