Windows 10 Browser oeffnen endlos neue Tabs und Fenster mit Werbung

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19-06-2016 01
Executado por cwege (administrador) em CARSTEN-DELL344 (19-06-2016 19:06:53)
Executando a partir de C:\Users\cwege\Desktop
Perfis Carregados: cwege (Perfis Disponíveis: cwege)
Platform: Windows 10 Home Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: FF)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Product Registration\PRSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTB89A.tmp
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\nsbu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
Falha ao acessar processo -> firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_192.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe
(Microsoft Corporation) C:\Windows\SysWOW64\timeout.exe


==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8468184 2015-05-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-05-21] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3877936 2015-06-12] (Dell Inc.)
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [191488 2011-04-20] (A.E.T. Europe B.V.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\RunOnce: [systwin] => C:\Windows\systwin.exe [305980 2016-05-07] (                                                            )
HKLM-x32\...\RunOnce: [AdBlock2] => [X]
HKLM-x32\...\RunOnce: [AdBlock] => C:\Windows\AdBlock.exe [304211 2016-06-11] (                                                            )
HKU\S-1-5-21-767966989-473913170-3455617934-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [52142720 2016-04-29] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWow64\CbFsMntNtf3.dll [2012-11-10] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{21041d47-eab6-45d5-9aac-c7f9a7910b67}: [DhcpNameServer] 89.248.166.149 8.8.8.8
Tcpip\..\Interfaces\{816b9e62-21bd-40c3-b5ce-43e337bdf71c}: [DhcpNameServer] 192.168.254.254
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-767966989-473913170-3455617934-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> DefaultScope {67AD6316-7576-41A2-9EBB-003E44D9FEB9} URL = 
SearchScopes: HKU\S-1-5-21-767966989-473913170-3455617934-1001 -> {B365B296-1A28-4108-A050-7C52624DA174} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=C011BR0D20160101&p={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-12-09] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-12-09] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-06-06] (Intel Security)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\cwege\AppData\Roaming\Profiles\41A66E7E5EE1
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-12-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\cwege\AppData\Roaming\Mozilla\Firefox\Profiles\qbtk1o0i.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF SearchPlugin: C:\Users\cwege\AppData\Roaming\Profiles\41A66E7E5EE1\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF Extension: Block site - C:\Users\cwege\AppData\Roaming\Profiles\41A66E7E5EE1\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-06-09]
FF Extension: Adblock Plus - C:\Users\cwege\AppData\Roaming\Profiles\41A66E7E5EE1\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-11]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon [2016-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon

Chrome: 
=======
CHR Profile: C:\Users\cwege\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-12]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Serviços (Whitelisted) ========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 0159571466366149mcinstcleanup; C:\Windows\TEMP\015957~1.EXE [922152 2016-03-02] (McAfee, Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows (R) Win 7 DDK provider)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [87888 2016-05-03] ()
R2 Dell Product Registration; C:\Program Files\Dell\Product Registration\PRSvc.exe [32104 2016-01-25] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [350312 2015-09-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Arquivo não assinado]
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Arquivo não assinado]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NSBU; C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\NSBU.exe [289080 2016-02-26] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [886096 2016-06-03] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-06-03] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-06-03] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [Arquivo não assinado]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-26] () [Arquivo não assinado]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-26] () [Arquivo não assinado]
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4301304 2015-05-18] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\BASHDefs\20160613.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R1 ccSet_NSBU; C:\Windows\system32\drivers\NSBUx64\1606000.08E\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\IPSDefs\20160617.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160619.002\ENG64.SYS [138456 2016-06-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security with Backup\NortonData\22.5.4.24\Definitions\VirusDefs\20160619.002\EX64.SYS [2148056 2016-06-15] (Symantec Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSBUx64\1606000.08E\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSBUx64\1606000.08E\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-05-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSBUx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSBUx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [48296 2015-05-29] (Synaptics Incorporated)
S3 SzCCID; C:\Windows\system32\DRIVERS\SzCCID.sys [40448 2011-01-21] (Generic)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-19 19:06 - 2016-06-19 19:07 - 00023170 _____ C:\Users\cwege\Desktop\FRST.txt
2016-06-19 19:06 - 2016-06-19 19:06 - 00000000 ____D C:\FRST
2016-06-19 19:02 - 2016-06-19 19:05 - 02387456 _____ (Farbar) C:\Users\cwege\Desktop\FRST64.exe
2016-06-19 18:42 - 2016-06-19 18:42 - 02870984 _____ (ESET) C:\Users\cwege\Desktop\esetsmartinstaller_deu(1).exe
2016-06-19 18:40 - 2016-06-19 18:40 - 00165376 _____ C:\Users\cwege\Desktop\SystemLook_x64.exe
2016-06-19 18:39 - 2016-06-19 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\cwege\Desktop\mbam-setup-2.2.1.1043.exe
2016-06-19 18:36 - 2016-06-19 18:39 - 03703360 _____ C:\Users\cwege\Desktop\AdwCleaner_5.200.exe
2016-06-18 19:55 - 2016-06-18 19:55 - 00016148 _____ C:\Windows\system32\CARSTEN-DELL344_cwege_HistoryPrediction.bin
2016-06-17 11:41 - 2016-06-17 11:41 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-15 15:23 - 2016-06-19 19:08 - 00003680 _____ C:\Windows\System32\Tasks\VirusRemover
2016-06-15 12:44 - 2016-05-28 02:02 - 06488312 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 02543784 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 02:00 - 01591304 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:52 - 22326760 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 12:44 - 2016-05-28 01:39 - 01365584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 12:44 - 2016-05-28 01:38 - 05118024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-06-15 12:44 - 2016-05-28 01:35 - 02188472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-15 12:44 - 2016-05-28 01:08 - 21860352 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 01:07 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 12:44 - 2016-05-28 01:00 - 01336832 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 12:44 - 2016-05-28 00:57 - 06788096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:56 - 12511232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:53 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:51 - 02119680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:51 - 01603584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:49 - 19330560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 12:44 - 2016-05-28 00:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:45 - 03584000 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-15 12:44 - 2016-05-28 00:44 - 04793344 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:44 - 00737792 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 12:44 - 2016-05-28 00:41 - 05160960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 12:44 - 2016-05-28 00:40 - 18797568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-15 12:44 - 2016-05-28 00:38 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 12:44 - 2016-05-28 00:36 - 01383424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 12:44 - 2016-05-28 00:35 - 02042368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 12:44 - 2016-05-28 00:32 - 03580928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 12:44 - 2016-05-28 00:31 - 11268096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 12:44 - 2016-05-28 00:30 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-15 12:44 - 2016-05-28 00:29 - 00502272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 12:43 - 2016-05-28 02:02 - 01314496 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00601344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00432360 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00421536 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 02:02 - 00158048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 12:43 - 2016-05-28 02:02 - 00113144 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 02:00 - 00327520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-15 12:43 - 2016-05-28 02:00 - 00203496 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00363872 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:59 - 00131208 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:54 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 03625416 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:53 - 00026464 _____ (Microsoft Corporation) C:\Windows\system32\browser_broker.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00613120 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:47 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-15 12:43 - 2016-05-28 01:39 - 00952968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-15 12:43 - 2016-05-28 01:39 - 00365128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00372368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00306528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 12:43 - 2016-05-28 01:38 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00183904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-06-15 12:43 - 2016-05-28 01:35 - 00112632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 12:43 - 2016-05-28 01:28 - 00467296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 20861984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 12:43 - 2016-05-28 01:27 - 02880560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 12:43 - 2016-05-28 01:21 - 00545400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-15 12:43 - 2016-05-28 01:21 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 12:43 - 2016-05-28 01:11 - 00395264 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 12:43 - 2016-05-28 01:10 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-15 12:43 - 2016-05-28 01:09 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-15 12:43 - 2016-05-28 00:58 - 00672256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 12:43 - 2016-05-28 00:58 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-06-15 12:43 - 2016-05-28 00:57 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:54 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 12:43 - 2016-05-28 00:54 - 00282112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-06-15 12:43 - 2016-05-28 00:53 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:52 - 02663424 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:51 - 02848256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:50 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:44 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-15 12:43 - 2016-05-28 00:44 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:43 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 12:43 - 2016-05-28 00:41 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 12:43 - 2016-05-28 00:40 - 00672768 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 12:43 - 2016-05-28 00:39 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 01821696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-15 12:43 - 2016-05-28 00:38 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 12:43 - 2016-05-28 00:37 - 02315776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00679936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 12:43 - 2016-05-28 00:35 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-15 12:43 - 2016-05-28 00:29 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 12:43 - 2016-05-28 00:25 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-06-07 23:37 - 2016-06-07 23:37 - 00000000 _____ C:\Windows\SysWOW64\FAPAEB6.tmp
2016-06-07 23:37 - 2016-06-07 23:37 - 00000000 _____ C:\Windows\SysWOW64\FAPADDA.tmp
2016-06-07 23:35 - 2016-06-07 23:35 - 00000000 _____ C:\Windows\SysWOW64\FAP3B0E.tmp
2016-06-07 23:35 - 2016-06-07 23:35 - 00000000 _____ C:\Windows\SysWOW64\FAP356E.tmp
2016-06-07 23:35 - 2016-06-07 23:35 - 00000000 _____ C:\Windows\SysWOW64\FAP3472.tmp
2016-06-07 18:35 - 2016-06-07 18:35 - 00000000 _____ C:\Windows\SysWOW64\FAP5D8D.tmp
2016-06-07 18:35 - 2016-06-07 18:35 - 00000000 _____ C:\Windows\SysWOW64\FAP3523.tmp
2016-06-07 18:35 - 2016-06-07 18:35 - 00000000 _____ C:\Windows\SysWOW64\FAP3456.tmp
2016-06-07 18:31 - 2016-06-07 18:31 - 00000000 _____ C:\Windows\SysWOW64\FAPBE39.tmp
2016-06-07 18:31 - 2016-06-07 18:31 - 00000000 _____ C:\Windows\SysWOW64\FAP9C47.tmp
2016-06-07 18:31 - 2016-06-07 18:31 - 00000000 _____ C:\Windows\SysWOW64\FAP9A32.tmp
2016-06-07 18:26 - 2016-06-07 18:26 - 00000000 _____ C:\Windows\SysWOW64\FAPF930.tmp
2016-06-07 18:25 - 2016-06-07 18:25 - 00000000 _____ C:\Windows\SysWOW64\FAPD674.tmp
2016-06-07 18:25 - 2016-06-07 18:25 - 00000000 _____ C:\Windows\SysWOW64\FAPCC60.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAPAD80.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP819C.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP8013.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP49BF.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP2DF8.tmp
2016-06-07 18:24 - 2016-06-07 18:24 - 00000000 _____ C:\Windows\SysWOW64\FAP2D79.tmp
2016-06-07 18:20 - 2016-06-07 18:20 - 00000000 _____ C:\Windows\SysWOW64\FAPAAC8.tmp
2016-06-07 18:20 - 2016-06-07 18:20 - 00000000 _____ C:\Windows\SysWOW64\FAP82BC.tmp
2016-06-07 18:20 - 2016-06-07 18:20 - 00000000 _____ C:\Windows\SysWOW64\FAP824D.tmp
2016-06-07 18:15 - 2016-06-07 18:15 - 00000000 _____ C:\Windows\SysWOW64\FAPF8D.tmp
2016-06-07 18:15 - 2016-06-07 18:15 - 00000000 _____ C:\Windows\SysWOW64\FAPF1E.tmp
2016-06-07 18:15 - 2016-06-07 18:15 - 00000000 _____ C:\Windows\SysWOW64\FAP2922.tmp
2016-06-07 18:13 - 2016-06-07 18:13 - 00000000 _____ C:\Windows\SysWOW64\FAP4D67.tmp
2016-06-07 18:13 - 2016-06-07 18:13 - 00000000 _____ C:\Windows\SysWOW64\FAP228C.tmp
2016-06-07 18:13 - 2016-06-07 18:13 - 00000000 _____ C:\Windows\SysWOW64\FAP222C.tmp
2016-06-07 18:12 - 2016-06-07 18:12 - 00000000 _____ C:\Windows\SysWOW64\FAP4BC0.tmp
2016-06-07 18:12 - 2016-06-07 18:12 - 00000000 _____ C:\Windows\SysWOW64\FAP3F69.tmp
2016-06-07 18:11 - 2016-06-07 18:11 - 00000000 _____ C:\Windows\SysWOW64\FAPDCE5.tmp
2016-06-07 18:11 - 2016-06-07 18:11 - 00000000 _____ C:\Windows\SysWOW64\FAPDC37.tmp
2016-06-07 18:11 - 2016-06-07 18:11 - 00000000 _____ C:\Windows\SysWOW64\FAPD985.tmp
2016-06-07 18:06 - 2016-06-07 18:06 - 00000000 _____ C:\Windows\SysWOW64\FAP1953.tmp
2016-06-07 18:05 - 2016-06-07 18:05 - 00000000 _____ C:\Windows\SysWOW64\FAP6FE2.tmp
2016-06-07 18:03 - 2016-06-07 18:03 - 00000000 _____ C:\Windows\SysWOW64\FAP20A1.tmp
2016-06-07 18:02 - 2016-06-07 18:02 - 00000000 _____ C:\Windows\SysWOW64\FAP8B35.tmp
2016-06-07 18:02 - 2016-06-07 18:02 - 00000000 _____ C:\Windows\SysWOW64\FAP30AF.tmp
2016-06-07 18:01 - 2016-06-07 18:01 - 00000000 _____ C:\Windows\SysWOW64\FAP972C.tmp
2016-06-07 17:57 - 2016-06-07 17:57 - 00000000 _____ C:\Windows\SysWOW64\FAPE9D2.tmp
2016-06-07 17:47 - 2016-06-07 17:47 - 00000000 _____ C:\Windows\SysWOW64\FAP90A0.tmp
2016-06-07 17:43 - 2016-06-07 17:43 - 00000000 _____ C:\Windows\SysWOW64\FAPB55F.tmp
2016-06-07 17:40 - 2016-06-07 17:40 - 00000000 _____ C:\Windows\SysWOW64\FAP9FEB.tmp
2016-06-07 17:35 - 2016-06-07 17:35 - 00000000 _____ C:\Windows\SysWOW64\FAPB7EC.tmp
2016-06-07 17:35 - 2016-06-07 17:35 - 00000000 _____ C:\Windows\SysWOW64\FAP5BF.tmp
2016-06-07 17:03 - 2016-06-07 17:03 - 00000000 _____ C:\Windows\SysWOW64\FAPAEFD.tmp
2016-06-07 17:03 - 2016-06-07 17:03 - 00000000 _____ C:\Windows\SysWOW64\FAP4A27.tmp
2016-06-07 17:01 - 2016-06-07 17:01 - 00000000 _____ C:\Windows\SysWOW64\FAPEB9F.tmp
2016-06-07 17:01 - 2016-06-07 17:01 - 00000000 _____ C:\Windows\SysWOW64\FAPA145.tmp
2016-06-07 17:00 - 2016-06-07 17:00 - 00000000 _____ C:\Windows\SysWOW64\FAPED16.tmp
2016-06-07 16:55 - 2016-06-07 16:55 - 00000000 _____ C:\Windows\SysWOW64\FAPFB94.tmp
2016-06-07 16:54 - 2016-06-07 16:54 - 00000000 _____ C:\Windows\SysWOW64\FAPC93C.tmp
2016-06-07 16:44 - 2016-06-07 16:44 - 00000000 _____ C:\Windows\SysWOW64\FAP2AED.tmp
2016-06-07 16:42 - 2016-06-07 16:42 - 00000000 _____ C:\Windows\SysWOW64\FAP55C.tmp
2016-06-07 16:41 - 2016-06-07 16:41 - 00000000 _____ C:\Windows\SysWOW64\FAP4805.tmp
2016-06-07 16:41 - 2016-06-07 16:41 - 00000000 _____ C:\Windows\SysWOW64\FAP46F9.tmp
2016-06-07 16:40 - 2016-06-07 16:40 - 00000000 _____ C:\Windows\SysWOW64\FAPABB1.tmp
2016-06-07 16:40 - 2016-06-07 16:40 - 00000000 _____ C:\Windows\SysWOW64\FAP63AA.tmp
2016-06-07 16:40 - 2016-06-07 16:40 - 00000000 _____ C:\Windows\SysWOW64\FAP629E.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAPE2B6.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAPE1AA.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAPB0.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAP8C74.tmp
2016-06-07 16:37 - 2016-06-07 16:37 - 00000000 _____ C:\Windows\SysWOW64\FAP8BB6.tmp
2016-06-07 16:36 - 2016-06-07 16:36 - 00000000 _____ C:\Windows\SysWOW64\FAP4D1A.tmp
2016-06-07 16:35 - 2016-06-07 16:35 - 00000000 _____ C:\Windows\SysWOW64\FAP252D.tmp
2016-06-07 16:35 - 2016-06-07 16:35 - 00000000 _____ C:\Windows\SysWOW64\FAP23F2.tmp
2016-06-07 16:35 - 2016-06-07 16:35 - 00000000 _____ C:\Windows\SysWOW64\FAP22F6.tmp
2016-06-07 16:31 - 2016-06-07 16:31 - 00000000 _____ C:\Windows\SysWOW64\FAP7E37.tmp
2016-06-07 16:31 - 2016-06-07 16:31 - 00000000 _____ C:\Windows\SysWOW64\FAP7CED.tmp
2016-06-07 16:28 - 2016-06-07 16:28 - 00000000 _____ C:\Windows\SysWOW64\FAP749E.tmp
2016-06-07 16:28 - 2016-06-07 16:28 - 00000000 _____ C:\Windows\SysWOW64\FAP7372.tmp
2016-06-07 16:28 - 2016-06-07 16:28 - 00000000 _____ C:\Windows\SysWOW64\FAP20FA.tmp
2016-06-07 16:28 - 2016-06-07 16:28 - 00000000 _____ C:\Windows\SysWOW64\FAP201E.tmp
2016-06-07 16:27 - 2016-06-07 16:27 - 00000000 _____ C:\Windows\SysWOW64\FAP3FDD.tmp
2016-06-07 16:26 - 2016-06-07 16:26 - 00000000 _____ C:\Windows\SysWOW64\FAP3689.tmp
2016-06-07 16:26 - 2016-06-07 16:26 - 00000000 _____ C:\Windows\SysWOW64\FAP1A16.tmp
2016-06-07 16:26 - 2016-06-07 16:26 - 00000000 _____ C:\Windows\SysWOW64\FAP18BC.tmp
2016-06-07 16:25 - 2016-06-07 16:25 - 00000000 _____ C:\Windows\SysWOW64\FAPB964.tmp
2016-06-07 16:25 - 2016-06-07 16:25 - 00000000 _____ C:\Windows\SysWOW64\FAPB80A.tmp
2016-06-07 16:09 - 2016-06-07 16:09 - 00000000 _____ C:\Windows\SysWOW64\FAPE192.tmp
2016-06-07 16:09 - 2016-06-07 16:09 - 00000000 _____ C:\Windows\SysWOW64\FAPE0D5.tmp
2016-06-07 16:08 - 2016-06-07 16:08 - 00000000 _____ C:\Windows\SysWOW64\FAPB62E.tmp
2016-06-07 16:08 - 2016-06-07 16:08 - 00000000 _____ C:\Windows\SysWOW64\FAP9815.tmp
2016-06-07 16:08 - 2016-06-07 16:08 - 00000000 _____ C:\Windows\SysWOW64\FAP8BED.tmp
2016-06-07 16:07 - 2016-06-07 16:07 - 00000000 _____ C:\Windows\SysWOW64\FAP89F7.tmp
2016-06-07 16:07 - 2016-06-07 16:07 - 00000000 _____ C:\Windows\SysWOW64\FAP89A7.tmp
2016-06-07 16:07 - 2016-06-07 16:07 - 00000000 _____ C:\Windows\SysWOW64\FAP87A1.tmp
2016-06-07 15:42 - 2016-06-07 15:42 - 00000000 _____ C:\Windows\SysWOW64\FAPC2A5.tmp
2016-06-07 15:42 - 2016-06-07 15:42 - 00000000 _____ C:\Windows\SysWOW64\FAP8CFE.tmp
2016-06-07 15:42 - 2016-06-07 15:42 - 00000000 _____ C:\Windows\SysWOW64\FAP8C41.tmp
2016-06-07 15:40 - 2016-06-07 15:40 - 00000000 _____ C:\Windows\SysWOW64\FAP3B48.tmp
2016-06-07 15:37 - 2016-06-07 15:37 - 00000000 _____ C:\Windows\SysWOW64\FAP461.tmp
2016-06-07 15:35 - 2016-06-07 15:35 - 00000000 _____ C:\Windows\SysWOW64\FAPF555.tmp
2016-06-07 15:32 - 2016-06-07 15:32 - 00000000 _____ C:\Windows\SysWOW64\FAP5832.tmp
2016-06-07 15:29 - 2016-06-07 15:29 - 00000000 _____ C:\Windows\SysWOW64\FAP8356.tmp
2016-06-07 15:22 - 2016-06-07 15:22 - 00000000 _____ C:\Windows\SysWOW64\FAP4F9E.tmp
2016-06-07 15:18 - 2016-06-07 15:18 - 00000000 _____ C:\Windows\SysWOW64\FAP9FF2.tmp
2016-06-07 15:18 - 2016-06-07 15:18 - 00000000 _____ C:\Windows\SysWOW64\FAP9F64.tmp
2016-06-07 15:18 - 2016-06-07 15:18 - 00000000 _____ C:\Windows\SysWOW64\FAP9ED5.tmp
2016-06-07 15:14 - 2016-06-07 15:14 - 00000000 _____ C:\Windows\SysWOW64\FAP6C5D.tmp
2016-06-07 15:14 - 2016-06-07 15:14 - 00000000 _____ C:\Windows\SysWOW64\FAP5D47.tmp
2016-06-07 15:14 - 2016-06-07 15:14 - 00000000 _____ C:\Windows\SysWOW64\FAP3720.tmp
2016-06-07 15:14 - 2016-06-07 15:14 - 00000000 _____ C:\Windows\SysWOW64\FAP3578.tmp
2016-06-07 15:05 - 2016-06-07 15:05 - 00000000 _____ C:\Windows\SysWOW64\FAP871.tmp
2016-06-07 15:03 - 2016-06-07 15:03 - 00000000 _____ C:\Windows\SysWOW64\FAPD4A2.tmp
2016-06-07 14:58 - 2016-06-07 14:58 - 00000000 _____ C:\Windows\SysWOW64\FAPCDC3.tmp
2016-06-07 14:58 - 2016-06-07 14:58 - 00000000 _____ C:\Windows\SysWOW64\FAP8241.tmp
2016-06-07 14:57 - 2016-06-07 14:57 - 00000000 _____ C:\Windows\SysWOW64\FAPA349.tmp
2016-06-07 14:20 - 2016-06-07 14:20 - 00000000 _____ C:\Windows\SysWOW64\FAP769A.tmp
2016-06-07 14:20 - 2016-06-07 14:20 - 00000000 _____ C:\Windows\SysWOW64\FAP4B23.tmp
2016-06-07 14:20 - 2016-06-07 14:20 - 00000000 _____ C:\Windows\SysWOW64\FAP49F8.tmp
2016-06-07 14:19 - 2016-06-07 14:19 - 00000000 _____ C:\Windows\SysWOW64\FAP107C.tmp
2016-06-07 14:18 - 2016-06-07 14:18 - 00000000 _____ C:\Windows\SysWOW64\FAPA9F0.tmp
2016-06-07 14:18 - 2016-06-07 14:18 - 00000000 _____ C:\Windows\SysWOW64\FAPA8B5.tmp
2016-06-07 14:18 - 2016-06-07 14:18 - 00000000 _____ C:\Windows\SysWOW64\FAP4258.tmp
2016-06-07 14:18 - 2016-06-07 14:18 - 00000000 _____ C:\Windows\SysWOW64\FAP41D9.tmp
2016-06-07 14:09 - 2016-06-13 04:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-07 12:02 - 2016-06-07 12:02 - 00000000 _____ C:\Windows\SysWOW64\FAPA8A0.tmp
2016-06-07 12:02 - 2016-06-07 12:02 - 00000000 _____ C:\Windows\SysWOW64\FAP9535.tmp
2016-06-07 12:02 - 2016-06-07 12:02 - 00000000 _____ C:\Windows\SysWOW64\FAP9477.tmp
2016-06-07 11:58 - 2016-06-07 11:58 - 00000000 _____ C:\Windows\SysWOW64\FAP6A66.tmp
2016-06-07 11:58 - 2016-06-07 11:58 - 00000000 _____ C:\Windows\SysWOW64\FAP689F.tmp
2016-06-07 11:57 - 2016-06-07 11:57 - 00000000 _____ C:\Windows\SysWOW64\FAPC34A.tmp
2016-06-07 11:56 - 2016-06-07 11:56 - 00000000 _____ C:\Windows\SysWOW64\FAPACE1.tmp
2016-06-07 11:56 - 2016-06-07 11:56 - 00000000 _____ C:\Windows\SysWOW64\FAPAC05.tmp
2016-06-07 11:54 - 2016-06-07 11:54 - 00000000 _____ C:\Windows\SysWOW64\FAP73F.tmp
2016-06-07 11:54 - 2016-06-07 11:54 - 00000000 _____ C:\Windows\SysWOW64\FAP684C.tmp
2016-06-07 11:54 - 2016-06-07 11:54 - 00000000 _____ C:\Windows\SysWOW64\FAP633.tmp
2016-06-07 11:52 - 2016-06-07 11:52 - 00000000 _____ C:\Windows\SysWOW64\FAP4B62.tmp
2016-06-07 11:52 - 2016-06-07 11:52 - 00000000 _____ C:\Windows\SysWOW64\FAP4A85.tmp
2016-06-07 11:48 - 2016-06-07 11:48 - 00000000 _____ C:\Windows\SysWOW64\FAP6A2F.tmp
2016-06-07 11:48 - 2016-06-07 11:48 - 00000000 _____ C:\Windows\SysWOW64\FAP46C6.tmp
2016-06-07 11:48 - 2016-06-07 11:48 - 00000000 _____ C:\Windows\SysWOW64\FAP451F.tmp
2016-06-07 11:47 - 2016-06-07 11:47 - 00000000 _____ C:\Windows\SysWOW64\FAPD447.tmp
2016-06-07 11:47 - 2016-06-07 11:47 - 00000000 _____ C:\Windows\SysWOW64\FAPC149.tmp
2016-06-07 11:47 - 2016-06-07 11:47 - 00000000 _____ C:\Windows\SysWOW64\FAPC01E.tmp
2016-06-07 11:46 - 2016-06-07 11:46 - 00000000 _____ C:\Windows\SysWOW64\FAP8D3.tmp
2016-06-07 11:46 - 2016-06-07 11:46 - 00000000 _____ C:\Windows\SysWOW64\FAP825.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP6E91.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP5848.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP575B.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP255C.tmp
2016-06-07 11:42 - 2016-06-07 11:42 - 00000000 _____ C:\Windows\SysWOW64\FAP24CE.tmp
2016-06-07 11:41 - 2016-06-07 11:41 - 00000000 _____ C:\Windows\SysWOW64\FAP4C5E.tmp
2016-06-07 11:41 - 2016-06-07 11:41 - 00000000 _____ C:\Windows\SysWOW64\FAP3FE8.tmp
2016-06-07 11:41 - 2016-06-07 11:41 - 00000000 _____ C:\Windows\SysWOW64\FAP3F2B.tmp
2016-06-07 11:39 - 2016-06-07 11:39 - 00000000 _____ C:\Windows\SysWOW64\FAPE72A.tmp
2016-06-07 11:39 - 2016-06-07 11:39 - 00000000 _____ C:\Windows\SysWOW64\FAPD536.tmp
2016-06-07 11:39 - 2016-06-07 11:39 - 00000000 _____ C:\Windows\SysWOW64\FAPD42B.tmp
2016-06-07 11:37 - 2016-06-07 11:37 - 00000000 _____ C:\Windows\SysWOW64\FAPBF24.tmp
2016-06-07 11:37 - 2016-06-07 11:37 - 00000000 _____ C:\Windows\SysWOW64\FAP994A.tmp
2016-06-07 11:37 - 2016-06-07 11:37 - 00000000 _____ C:\Windows\SysWOW64\FAP988D.tmp
2016-06-07 11:36 - 2016-06-07 11:36 - 00000000 _____ C:\Windows\SysWOW64\FAPAC85.tmp
2016-06-07 11:36 - 2016-06-07 11:36 - 00000000 _____ C:\Windows\SysWOW64\FAP8515.tmp
2016-06-07 11:35 - 2016-06-07 11:35 - 00000000 _____ C:\Windows\SysWOW64\FAPC105.tmp
2016-06-07 11:35 - 2016-06-07 11:35 - 00000000 _____ C:\Windows\SysWOW64\FAPBFCB.tmp
2016-06-07 11:35 - 2016-06-07 11:35 - 00000000 _____ C:\Windows\SysWOW64\FAP83FA.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAPD46E.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAPD362.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAP6F5C.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAP4915.tmp
2016-06-07 11:33 - 2016-06-07 11:33 - 00000000 _____ C:\Windows\SysWOW64\FAP479C.tmp
2016-06-07 11:30 - 2016-06-07 11:30 - 00000000 _____ C:\Windows\SysWOW64\FAP70E7.tmp
2016-06-07 11:30 - 2016-06-07 11:30 - 00000000 _____ C:\Windows\SysWOW64\FAP5416.tmp
2016-06-07 11:30 - 2016-06-07 11:30 - 00000000 _____ C:\Windows\SysWOW64\FAP529D.tmp
2016-06-07 11:28 - 2016-06-07 11:28 - 00000000 _____ C:\Windows\SysWOW64\FAPC9E9.tmp
2016-06-07 11:28 - 2016-06-07 11:28 - 00000000 _____ C:\Windows\SysWOW64\FAP9D48.tmp
2016-06-07 11:28 - 2016-06-07 11:28 - 00000000 _____ C:\Windows\SysWOW64\FAP9CC9.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAPF6FB.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAPCA8A.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAP2C3A.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAP2BDA.tmp
2016-06-07 11:27 - 2016-06-07 11:27 - 00000000 _____ C:\Windows\SysWOW64\FAP1BEA.tmp
2016-06-07 11:19 - 2016-06-07 11:19 - 00000000 _____ C:\Windows\SysWOW64\FAP6112.tmp
2016-06-07 11:19 - 2016-06-07 11:19 - 00000000 _____ C:\Windows\SysWOW64\FAP6035.tmp
2016-06-07 10:31 - 2016-06-07 10:31 - 00000000 _____ C:\Windows\SysWOW64\FAP75A6.tmp
2016-06-07 10:31 - 2016-06-07 10:31 - 00000000 _____ C:\Windows\SysWOW64\FAP5FF9.tmp
2016-06-07 10:31 - 2016-06-07 10:31 - 00000000 _____ C:\Windows\SysWOW64\FAP5ECE.tmp
2016-06-07 10:30 - 2016-06-07 10:30 - 00000000 _____ C:\Windows\SysWOW64\FAPB202.tmp
2016-06-07 10:30 - 2016-06-07 10:30 - 00000000 _____ C:\Windows\SysWOW64\FAPB154.tmp
2016-06-07 08:16 - 2016-06-07 08:16 - 00000000 _____ C:\Windows\SysWOW64\FAP4674.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAPA024.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP82F5.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP8237.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP3EC4.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP3D89.tmp
2016-06-07 08:00 - 2016-06-07 08:00 - 00000000 _____ C:\Windows\SysWOW64\FAP2FCC.tmp
2016-06-07 07:53 - 2016-06-07 07:53 - 00000000 _____ C:\Windows\SysWOW64\FAPD3FB.tmp
2016-06-07 07:53 - 2016-06-07 07:53 - 00000000 _____ C:\Windows\SysWOW64\FAPD38B.tmp
2016-06-07 07:53 - 2016-06-07 07:53 - 00000000 _____ C:\Windows\SysWOW64\FAPD1E4.tmp
2016-06-07 07:52 - 2016-06-07 07:52 - 00000000 _____ C:\Windows\SysWOW64\FAP409E.tmp
2016-06-07 07:52 - 2016-06-07 07:52 - 00000000 _____ C:\Windows\SysWOW64\FAP3E79.tmp
2016-06-07 07:52 - 2016-06-07 07:52 - 00000000 _____ C:\Windows\SysWOW64\FAP3D8D.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPFE64.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPD35A.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPD30A.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPD2CA.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPD1DD.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPCB44.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPCA96.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC9E8.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC988.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC919.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC87B.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC80B.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC79C.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC6DF.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC67F.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC61F.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC581.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC4D3.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPC3C7.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPBF03.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAPBB19.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9F32.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9EF1.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9EB1.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9E80.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP9C1D.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP757.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP717.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP6E6.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP6B5.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP6A42.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP5A.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP5178.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP503E.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP29A9.tmp
2016-06-07 07:50 - 2016-06-07 07:50 - 00000000 _____ C:\Windows\SysWOW64\FAP1DCF.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPFAFD.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPFAAD.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPFA7C.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF9EE.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF77B.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF46B.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF43A.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF40A.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPF3B9.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPE734.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPC274.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPC234.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPC1B5.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPC174.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPB4FF.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAPB21E.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP96CB.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP919.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP78B2.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP77B6.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP7766.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP767A.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP761A.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP757C.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP750C.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP749D.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP743D.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP73ED.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP735E.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP72FF.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP71D4.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP7164.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP6D3C.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP65D7.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP4732.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP46F1.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP46B1.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP4670.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP4610.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP45D0.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP458F.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP4520.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP3F23.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP3E36.tmp
2016-06-07 07:49 - 2016-06-07 07:49 - 00000000 _____ C:\Windows\SysWOW64\FAP3607.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPD1B.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPCB5D.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPCB0C.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPCACC.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPCA6C.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA904.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA8C4.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA883.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA852.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA67B.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAPA224.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP9FD0.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP8A23.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP8908.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP6BBA.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP6ADD.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP67DE.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP676E.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP672E.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP66FD.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP63FD.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP619A.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP40D1.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1F2E.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1EEE.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1EAD.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1E1E.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1C28.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1BE8.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1BB7.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1B48.tmp
2016-06-07 07:48 - 2016-06-07 07:48 - 00000000 _____ C:\Windows\SysWOW64\FAP1838.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF675.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF625.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF5F4.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF5C3.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPF3CD.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPEDA1.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPDB11.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPC0E5.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAPA3F4.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP93D5.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP9395.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP9345.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP9304.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP90EF.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP7E21.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP69FA.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP698B.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP691C.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP68CB.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP687B.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP67DD.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP675E.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP66EF.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP669F.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP662F.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP65C0.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP6522.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP64C2.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP6414.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP5433.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP42FB.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP42BB.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP426B.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP421A.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP416D.tmp
2016-06-07 07:47 - 2016-06-07 07:47 - 00000000 _____ C:\Windows\SysWOW64\FAP3E4E.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPDA44.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPAA68.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPAA37.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPA9F7.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPA9B6.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPA733.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAPA686.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP8196.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP7FDF.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6A22.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP68C9.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6898.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6848.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6817.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP6611.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP3654.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP3624.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP35E3.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP3574.tmp
2016-06-07 07:46 - 2016-06-07 07:46 - 00000000 _____ C:\Windows\SysWOW64\FAP31B9.tmp
2016-06-07 07:45 - 2016-06-07 07:45 - 00000000 _____ C:\Windows\SysWOW64\FAP9E9E.tmp
2016-06-07 07:45 - 2016-06-07 07:45 - 00000000 _____ C:\Windows\SysWOW64\FAP9814.tmp
2016-06-07 07:45 - 2016-06-07 07:45 - 00000000 _____ C:\Windows\SysWOW64\FAP9776.tmp
2016-06-06 13:59 - 2016-06-11 12:59 - 00304211 _____ ( ) C:\Windows\AdBlock.exe
2016-06-03 18:43 - 2016-06-03 18:43 - 00875192 _____ (Amazon) C:\Users\cwege\Downloads\AmazonCloudDriveSetup.exe
2016-06-03 13:48 - 2016-06-03 13:48 - 00001086 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-06-02 18:45 - 2016-06-15 15:23 - 00003350 _____ C:\Windows\System32\Tasks\AdBlock
2016-05-27 14:37 - 2016-06-08 06:15 - 00000000 ____D C:\Users\cwege\AppData\Local\tkdata
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Users\Todos os Usuários\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\ProgramData\TrueKey
2016-05-27 14:36 - 2016-05-27 14:36 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-05-27 14:35 - 2016-06-19 16:56 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00001227 _____ C:\Users\Public\Desktop\True Key.lnk
2016-05-27 14:35 - 2016-05-27 14:35 - 00000000 ____D C:\Program Files\Intel Security
2016-05-27 14:33 - 2016-06-19 16:55 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-27 14:33 - 2016-05-28 02:36 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-05-27 14:27 - 2016-05-27 14:27 - 00000000 ____D C:\Users\cwege\AppData\Local\Macromedia
2016-05-27 14:25 - 2016-05-27 14:23 - 00000030 _____ C:\AVScanner.ini
2016-05-27 14:23 - 2016-06-19 18:41 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-27 14:23 - 2016-06-19 16:56 - 00000000 ____D C:\Program Files\TrueKey
2016-05-27 14:23 - 2016-06-17 11:41 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-26 10:07 - 2016-05-26 10:23 - 00000000 ____D C:\Users\cwege\AppData\Local\NPE
2016-05-23 20:22 - 2016-06-05 10:15 - 00000000 ___HD C:\OneDriveTemp
2016-05-20 22:16 - 2016-05-20 22:16 - 00002215 _____ C:\Users\Public\Desktop\Dell Help & Support.lnk

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2016-06-19 18:59 - 2015-12-12 10:29 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Skype
2016-06-19 18:40 - 2016-05-14 16:05 - 01610816 _____ (Malwarebytes) C:\Users\cwege\Desktop\JRT.exe
2016-06-19 18:37 - 2016-05-09 14:59 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2016-06-19 16:05 - 2016-05-12 23:08 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security with Backup
2016-06-19 14:45 - 2015-12-05 14:01 - 00004180 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F7C92D93-B2FB-4112-A628-A72D18F1E197}
2016-06-19 11:58 - 2015-12-05 17:41 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-06-19 11:58 - 2015-12-05 10:24 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-06-19 11:58 - 2015-10-22 03:21 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-06-18 12:05 - 2015-12-16 11:00 - 00000000 ____D C:\Users\cwege\AppData\Roaming\Nitro PDF
2016-06-17 09:06 - 2016-05-16 20:35 - 00000000 ____D C:\Users\cwege\AppData\Local\CrashDumps
2016-06-17 05:05 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\AppReadiness
2016-06-17 05:00 - 2015-07-10 08:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-17 04:56 - 2015-07-10 07:55 - 00000000 ____D C:\Windows\CbsTemp
2016-06-16 19:37 - 2015-12-05 16:29 - 00000000 ___RD C:\Users\cwege\Documents\Scanned Documents
2016-06-15 15:21 - 2015-12-05 10:24 - 00000000 ___RD C:\Users\cwege\OneDrive
2016-06-15 15:20 - 2015-12-05 10:21 - 00000000 __SHD C:\Users\cwege\IntelGraphicsProfiles
2016-06-15 15:20 - 2015-12-05 10:16 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-15 15:20 - 2015-10-22 03:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 15:17 - 2015-07-10 09:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-15 15:16 - 2015-07-10 09:20 - 00206344 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 15:16 - 2015-07-10 08:02 - 00000000 ____D C:\Windows\INF
2016-06-15 15:15 - 2015-07-10 06:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-15 15:13 - 2015-07-10 08:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-15 13:34 - 2015-12-05 14:18 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 13:27 - 2015-12-05 14:18 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:32 - 2015-07-10 08:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 11:19 - 2015-07-10 08:04 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 04:55 - 2015-07-10 06:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-06-13 04:51 - 2016-05-09 15:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-10 12:40 - 2015-12-26 19:38 - 00000000 ____D C:\Monica
2016-06-09 17:42 - 2015-10-22 02:47 - 01810446 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-09 17:42 - 2015-07-16 16:14 - 00796654 _____ C:\Windows\system32\prfh0416.dat
2016-06-09 17:42 - 2015-07-16 16:14 - 00157592 _____ C:\Windows\system32\prfc0416.dat
2016-06-05 08:17 - 2016-01-23 22:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00001098 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-06-03 13:48 - 2015-12-11 18:44 - 00000000 ____D C:\Program Files\paint.net
2016-06-02 18:51 - 2015-10-22 03:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-02 18:51 - 2015-10-22 03:13 - 00000000 ____D C:\Program Files\Dell
2016-06-02 17:12 - 2015-12-05 19:36 - 00000000 ____D C:\Carsten
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2016-05-29 02:36 - 2015-10-22 03:25 - 00000000 ____D C:\ProgramData\McAfee
2016-05-27 14:40 - 2015-12-05 13:56 - 00000000 ____D C:\Users\cwege\AppData\Local\Adobe
2016-05-27 14:35 - 2015-10-22 03:07 - 00000000 ____D C:\Program Files\Intel
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\Users\Todos os Usuários\Package Cache
2016-05-27 14:34 - 2015-10-22 03:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-27 14:33 - 2016-05-12 23:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-27 13:46 - 2015-10-22 02:51 - 00000000 ____D C:\Windows\Panther
2016-05-27 13:42 - 2016-04-27 09:13 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-26 23:18 - 2015-12-12 10:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\Users\Todos os Usuários\Norton
2016-05-26 10:08 - 2016-05-10 16:25 - 00000000 ____D C:\ProgramData\Norton
2016-05-23 20:22 - 2015-12-05 10:24 - 00002371 _____ C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-21 14:36 - 2015-12-12 10:28 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2016-05-21 14:36 - 2015-12-12 10:28 - 00000000 ____D C:\ProgramData\Skype
2016-05-20 22:16 - 2016-02-24 10:01 - 00000168 _____ C:\Windows\SysWOW64\DLC_Debug_log.txt
2016-05-20 22:16 - 2015-10-22 02:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

==================== Arquivos na raiz de alguns diretórios =======

2015-12-11 18:40 - 2015-12-11 18:41 - 6557455 _____ () C:\Program Files (x86)\paint.net.4.0.6.install.zip
2016-01-10 15:33 - 2016-01-10 15:33 - 0003584 _____ () C:\Users\cwege\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-22 03:06 - 2015-10-22 03:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-22 03:05 - 2015-10-22 03:05 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-10-22 02:52 - 2015-10-22 02:53 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-10-22 03:00 - 2015-10-22 03:05 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-10-22 02:54 - 2015-10-22 02:59 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

Alguns arquivos em TEMP:
====================
C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe


==================== Bamital & volsnap =================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\Windows\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\Windows\system32\wininit.exe => O arquivo é assinado digitalmente
C:\Windows\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\Windows\system32\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\Windows\system32\services.exe => O arquivo é assinado digitalmente
C:\Windows\system32\User32.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\Windows\system32\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\Windows\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\Windows\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\Windows\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente


LastRegBack: 2016-06-10 12:49

==================== Fim de FRST.txt ============================
         

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 19-06-2016 01
Executado por cwege (2016-06-19 19:08:43)
Executando a partir de C:\Users\cwege\Desktop
Windows 10 Home Single Language (X64) (2015-12-05 13:15:49)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-767966989-473913170-3455617934-500 - Administrator - Disabled)
Convidado (S-1-5-21-767966989-473913170-3455617934-501 - Limited - Disabled)
cwege (S-1-5-21-767966989-473913170-3455617934-1001 - Administrator - Enabled) => C:\Users\cwege
DefaultAccount (S-1-5-21-767966989-473913170-3455617934-503 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Norton Security com Backup (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security com Backup (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security com Backup (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.1.0.243 - Amazon)
Any Video Converter 5.8.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AssinadorLivre (HKLM-x32\...\{369B7318-9434-4938-9595-58DB0200AD12}) (Version: 1.0.4 - PJERJ)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
calibre 64bit (HKLM\...\{D8905AF6-9F72-4BD8-BF37-51C5760B3CD5}) (Version: 2.48.0 - Kovid Goyal)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{32483B20-13B2-4747-9D34-15E588CE8034}) (Version: 2.1.78.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.78.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.4 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.2.131.1 - Intel Security)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4274 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
IsoBuster 3.7 (HKLM-x32\...\IsoBuster_is1) (Version: 3.7 - Smart Projects)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Maxx Audio Installer (x64) (Version: 2.6.6168.1 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-GB)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Nitro Reader 3 (HKLM\...\{4756C731-B54E-451A-9AF1-86E8AB1BEBBB}) (Version: 3.5.6.5 - Nitro)
Norton Security com Backup (HKLM-x32\...\NSBU) (Version: 22.6.0.142 - Symantec Corporation)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
Product Registration (HKLM-x32\...\InstallShield_{C1600AC7-74E3-4BB5-8B42-B13653792252}) (Version: 2.2.38.0 - Dell Inc.)
Product Registration (Version: 2.2.38.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.31 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7520 - Realtek Semiconductor Corp.)
SafeSign 64-bits (HKLM\...\{66913111-2F8A-4950-AA93-51C26182FC35}) (Version: 3.0.45 - A.E.T. Europe B.V.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Software de dispositivo do Chipset Intel® (x32 Version: 10.1.1.7 - Intel(R) Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
XMedia Recode Version 3.2.7.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.7.0 - XMedia Recode)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-767966989-473913170-3455617934-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {264FB661-4391-4D9F-A35F-4E6C06CA8055} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2970D737-D999-4982-A443-2C425EB3EA50} - System32\Tasks\Norton Security with Backup\Norton Error Analyzer => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {2F886772-1DB0-43E7-BFE8-FA74CBC46C33} - System32\Tasks\VirusRemover => C:\Users\cwege\AppData\Local\Temp\VirusRemover.exe [2016-06-11] (                                                            ) <==== ATENÇÃO
Task: {45BDA5A8-15A2-43ED-869F-79317DF5DD61} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {496DC9B4-0DC2-4564-8818-0E4E0B7617DC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {517C21EB-CCD2-47DC-B384-03D629929C07} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATENÇÃO
Task: {77F15C2A-F531-4241-9CDB-F3C1A7A0D055} - System32\Tasks\Norton Security with Backup\Norton Autofix => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {9DD8D688-1574-4CA6-97B2-250020773404} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security com Backup\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {9FEC4113-C748-43DC-BF09-125EB634F061} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {A32E0AA3-54F3-4024-99AD-E6590AFAE95E} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-04-28] (Realtek Semiconductor)
Task: {A4E3AE10-29B3-461A-9FCA-63A245138564} - System32\Tasks\AdBlock => C:\Windows\AdBlock.exe [2016-06-11] (                                                            ) <==== ATENÇÃO
Task: {D136D80D-B0FE-4F7D-95FD-629F7AB8A9EF} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-29] (Synaptics Incorporated)
Task: {D6BA068F-3D96-4AB5-9C07-D2E695BD8CAA} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {E0C4634E-BBF1-4418-9668-1601841297C2} - System32\Tasks\Norton Security with Backup\Norton Error Processor => C:\Program Files (x86)\Norton Security with Backup\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {E2DBFA14-A2AF-4C08-9451-A80F5ACA40CD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {EFFA3837-5636-4587-83BF-67ACB45BF3D5} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {FE27E495-3669-4351-BC07-1184DB5CEC6A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-15] (Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2015-07-10 08:00 - 2015-07-10 08:00 - 00028160 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-10-22 03:32 - 2015-10-22 03:32 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-10-22 02:58 - 2014-04-14 22:59 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-05-03 19:20 - 2016-05-03 19:20 - 00087888 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-12 21:16 - 2016-03-16 01:55 - 02495768 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00959168 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-10-22 03:12 - 2015-09-07 18:43 - 00395880 _____ () C:\Windows\system32\igfxTray.exe
2015-12-05 14:13 - 2015-09-17 02:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-05 14:13 - 2015-09-17 03:04 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-07-10 07:59 - 2015-07-10 07:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-08 21:00 - 2015-11-25 01:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-08 21:00 - 2015-11-25 01:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-05 14:15 - 2015-09-17 02:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00306904 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00241368 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00118488 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00962264 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2016-05-13 17:15 - 2015-02-26 00:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2016-05-13 17:15 - 2015-09-15 17:56 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-06-23 20:26 - 2015-06-23 20:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-06-24 05:07 - 2015-06-24 05:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-05-23 20:21 - 2016-05-23 20:21 - 00679624 _____ () C:\Users\cwege\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2015-12-26 10:26 - 2014-09-11 17:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-12-26 10:26 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2016-05-27 16:19 - 2016-05-27 16:19 - 22345912 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2016-05-03 11:41 - 2016-05-03 11:41 - 00322232 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2016-05-03 11:41 - 2016-05-03 11:41 - 46476472 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\cwege\Documents\familia avo.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)


==================== Hosts Conteúdo: ==========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2016-05-27 14:25 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-767966989-473913170-3455617934-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cwege\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 89.248.166.149 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)


==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D177353D-E445-4C8E-9A75-E45E90F2704B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{DFDE7270-7B9C-489A-827C-696E9D9D84D9}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{AE1224D1-DBA8-4D02-A1D5-18E47DC8815A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0CF17050-B9D8-4213-9037-3FC25F2A6C8D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A8A3BBAF-89A3-4599-A6A3-E53A66529026}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5503F6A8-C4E8-4BBF-8C3F-83CD82B4C79F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EFC754C6-488E-4C17-8508-33D5DD3FCC2A}] => (Allow) LPort=2869
FirewallRules: [{CC9DB1F8-AEE9-4806-9FFC-2EDC2B1EFB04}] => (Allow) LPort=1900

==================== Pontos de Restauração =========================

27-05-2016 14:34:04 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
03-06-2016 13:46:44 paint.net v4.0.9
13-06-2016 10:38:47 Ponto de Verificação Agendado
17-06-2016 04:53:37 Windows Update

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (06/19/2016 06:43:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (06/19/2016 06:42:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (06/19/2016 06:42:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1". Erro no arquivo de manifesto ou de política "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2", na linha C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.
Os componentes conflitantes são:
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (06/18/2016 01:22:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARSTEN-DELL344)
Description: Falha na ativação do aplicativo Microsoft.Windows.Photos_8wekyb3d8bbwe!App com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/17/2016 09:06:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: ShellExperienceHost.exe, versão: 10.0.10240.16766, carimbo de data/hora: 0x56e8dba8
Nome do módulo com falha: CoreUIComponents.dll, versão: 0.0.0.0, carimbo de data/hora: 0x56e8ccaf
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000000000060624
ID do processo com falha: 0x18a8
Hora de início do aplicativo com falha: 0xShellExperienceHost.exe0
Caminho do aplicativo com falha: ShellExperienceHost.exe1
Caminho do módulo com falha: ShellExperienceHost.exe2
ID do Relatório: ShellExperienceHost.exe3
Nome completo do pacote com falha: ShellExperienceHost.exe4
ID do aplicativo relativo ao pacote com falha: ShellExperienceHost.exe5

Error: (06/17/2016 07:54:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: plugin-container.exe, versão: 47.0.0.5999, carimbo de data/hora: 0x5753660e
Nome do módulo com falha: mozglue.dll, versão: 47.0.0.5999, carimbo de data/hora: 0x57535438
Código de exceção: 0x80000003
Deslocamento da falha: 0x0000f3ad
ID do processo com falha: 0x2a04
Hora de início do aplicativo com falha: 0xplugin-container.exe0
Caminho do aplicativo com falha: plugin-container.exe1
Caminho do módulo com falha: plugin-container.exe2
ID do Relatório: plugin-container.exe3
Nome completo do pacote com falha: plugin-container.exe4
ID do aplicativo relativo ao pacote com falha: plugin-container.exe5

Error: (06/17/2016 04:58:06 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6428) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/17/2016 04:58:06 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6428) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).

Error: (06/17/2016 04:57:55 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (6428) Não é possível criar um novo arquivo de log porque o banco de dados não pode gravar na unidade de log. Talvez a unidade seja somente leitura, tenha espaço em disco insuficiente, esteja mal configurada ou esteja corrompida. Erro -1032.

Error: (06/17/2016 04:57:55 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (6428) Uma tentativa de criar o arquivo "C:\Windows\system32\edbtmp.log" falhou com o erro de sistema 5 (0x00000005): "Acesso negado. ". A operação para criar o arquivo falhará com o erro -1032 (0xfffffbf8).


Erros de Sistema:
=============
Error: (06/19/2016 04:56:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Detecção de Serviços Interativos terminou com o erro: 
%%1 = Função incorreta.


Error: (06/18/2016 01:22:15 PM) (Source: DCOM) (EventID: 10010) (User: CARSTEN-DELL344)
Description: App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca

Error: (06/17/2016 04:13:59 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/17/2016 04:12:42 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/17/2016 04:09:15 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/17/2016 04:09:14 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/17/2016 04:09:14 PM) (Source: SCardSvr) (EventID: 610) (User: )
Description: Função incorreta.Giesecke & Devrient GmbH StarSign CUT 00x313520XX XX XX XX

Error: (06/15/2016 03:21:42 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSERVIÇO LOCALS-1-5-19LocalHost (Usando LRPC)Não DisponívelNão Disponível

Error: (06/15/2016 03:17:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Service Installer TrueKey devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/15/2016 03:15:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço Central de Segurança terminou com o erro: 
%%1747 = Serviço de autenticação desconhecido.



CodeIntegrity:
===================================
  Date: 2016-05-09 14:37:47.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:33.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:36:25.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:35:11.115
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.200
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-09 14:34:52.020
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentagem de memória em uso: 80%
RAM física total: 4000.18 MB
RAM física disponível: 782.22 MB
Virtual Total: 9114.15 MB
Virtual disponível: 1533.44 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:917.63 GB) (Free:753.56 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1157C999)

Partition: GPT.

==================== Fim de Addition.txt ============================
         

Categoria: Resultados da verificação
Data e hora,Risco,Atividade,Status,Tempo de verificação (d:h:m:s),Total de itens verificados,Arquivos e diretórios,Entradas do Registro,Itens de processos e inicialização,Itens de rede e navegador,Outros,Arquivos confiáveis,Arquivos ignorados,Total de riscos à segurança detectados,Total de riscos à segurança resolvidos,Total de riscos à segurança que exigem atenção
19/06/2016 12:04:31,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:05:57,"8,772","5,307",780,"1,876",803,6,705,0,0,0,0
18/06/2016 20:20:46,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:06:46,"8,772","5,309",780,"1,875",802,6,707,0,0,0,0
17/06/2016 20:19:40,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:05:47,"9,041","5,310",780,"2,145",800,6,708,0,0,0,0
17/06/2016 13:44:58,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:02:49,"8,575","5,276",780,"1,715",798,6,675,72,0,0,0
17/06/2016 06:08:56,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:02:55,"8,564","5,275",780,"1,705",798,6,674,72,0,0,0
16/06/2016 13:55:31,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:18,"8,675","5,301",780,"1,790",798,6,699,0,0,0,0
16/06/2016 04:47:24,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:19,"8,666","5,300",780,"1,782",798,6,698,0,0,0,0
15/06/2016 22:34:25,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:35,"8,686","5,302",780,"1,800",798,6,699,0,0,0,0
15/06/2016 12:52:04,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:33,"8,718","5,309",778,"1,827",798,6,709,0,0,0,0
15/06/2016 06:18:14,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:13,"8,717","5,311",778,"1,824",798,6,711,0,0,0,0
15/06/2016 00:32:24,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:05:20,"8,597","5,276",778,"1,739",798,6,681,72,0,0,0
14/06/2016 12:28:04,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:49,"9,034","5,306",778,"2,146",798,6,710,0,0,0,0
14/06/2016 05:15:53,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:04:18,"8,830","5,302",778,"1,946",798,6,705,0,0,0,0
13/06/2016 22:26:33,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:03:17,"8,823","5,302",778,"1,939",798,6,706,0,0,0,0
13/06/2016 17:43:09,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:02:42,"8,686","5,266",778,"1,840",796,6,677,74,0,0,0
13/06/2016 10:16:53,Informações,Resultados do(a) Verificação rápida,Concluído,0:00:04:04,"8,548","5,270",778,"1,703",791,6,681,72,0,0,0


Categoria: Riscos à segurança resolvidos
Data e hora,Risco,Atividade,Status,Ação recomendada,Atividade
17/06/2016 15:24:20,Alto,bit2faf.tmp (Suspicious.Cloud.9.B) detectado por Auto-Protect,Em quarentena,Resolvido - Nenhuma ação necessária,Ações de ameaças executadas: 1


Categoria: Quarentena
Data e hora,Risco,Atividade,Status,Ação recomendada,Atividade
17/06/2016 15:24:20,Alto,bit2faf.tmp (Suspicious.Cloud.9.B) detectado por Auto-Protect,Em quarentena,Resolvido - Nenhuma ação necessária,Ações de ameaças executadas: 1


Categoria: Firewall - Rede e conexões
Data e hora,Risco,Atividade,Status,Ação recomendada,Categoria
19/06/2016 18:44:00,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Microsoft Teredo Tunneling Adapter\" (endereço IP: 2001::9d38:90d7:207e:1ac2:4c2d:f1c7).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:59,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Microsoft Teredo Tunneling Adapter\" (endereço IP: fe80::207e:1ac2:4c2d:f1c7%10).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:59,Informações,Endereço IP desapareceu do adaptador Microsoft Teredo Tunneling Adapter (endereço IP: fe80::30ed:1ac2:3f57:fffc%10).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:59,Informações,Endereço IP desapareceu do adaptador Microsoft Teredo Tunneling Adapter (endereço IP: 2001::9d38:90d7:30ed:1ac2:3f57:fffc).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:56,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Microsoft Teredo Tunneling Adapter\" (endereço IP: 2001::9d38:90d7:30ed:1ac2:3f57:fffc).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:56,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Microsoft Teredo Tunneling Adapter\" (endereço IP: fe80::30ed:1ac2:3f57:fffc%10).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:55,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Dell Wireless 1705 802.11b|g|n (2.4GHZ)\" (endereço IP: fe80::d565:5368:3e1c:d8ce%2).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:55,Informações,"Protegendo sua conexão a uma rede detectada recentemente no adaptador \"Dell Wireless 1705 802.11b|g|n (2.4GHZ)\" (endereço IP: 192.168.0.3).",Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:50,Informações,Endereço IP desapareceu do adaptador Microsoft Teredo Tunneling Adapter (endereço IP: fe80::1cfc:367c:4c2d:f1c7%10).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:50,Informações,Endereço IP desapareceu do adaptador Microsoft Teredo Tunneling Adapter (endereço IP: 2001::5ef5:79fd:1cfc:367c:4c2d:f1c7).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:50,Informações,Endereço IP desapareceu do adaptador Dell Wireless 1705 802.11b|g|n (2.4GHZ) (endereço IP: fe80::d565:5368:3e1c:d8ce%2).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões
19/06/2016 18:43:50,Informações,Endereço IP desapareceu do adaptador Dell Wireless 1705 802.11b|g|n (2.4GHZ) (endereço IP: 192.168.0.3).,Detectado,Nenhuma ação necessária,Firewall - Rede e conexões


Categoria: Firewall - Atividades
Data e hora,Risco,Atividade,Status,Ação recomendada,Categoria,Nome do programa,Caminho do programa,Ação padrão,Ação tomada,Computador local,Descrição do tráfego
19/06/2016 19:06:30,Informações,Regras de firewall atualizadas  ,Detectado,Nenhuma ação necessária,Firewall - Atividades,,,,,,
19/06/2016 19:06:29,Informações,Foram criadas regras de firewall para o Farbar Recovery Scan Tool automaticamente.,Protegido,Nenhuma ação necessária,,Farbar Recovery Scan Tool,C:\Users\cwege\Desktop\FRST64.exe,Nenhuma ação necessária,Criar regras automaticamente,"192.168.0.3, 59673","Saída TCP, www-http"
19/06/2016 18:37:40,Informações,Regras de firewall atualizadas  ,Detectado,Nenhuma ação necessária,Firewall - Atividades,,,,,,
19/06/2016 18:37:37,Informações,Você permitiu o acesso aos seus recursos de rede pelo Setup/Uninstall.,Permitido,Nenhuma ação necessária,,Setup/Uninstall,C:\Users\cwege\AppData\Local\Temp\_iu14D2N.tmp,Nenhuma ação necessária,Permitir,"192.168.0.3, 57788","Saída TCP, https"


Categoria: Prevenção contra intrusões
Data e hora,Risco,Atividade,Status,Ação recomendada,Nome do alerta de IPS,Ação padrão,Ação tomada,Computador que está atacando,URL invasor,Endereço de destino,Endereço de origem,Descrição do tráfego
19/06/2016 19:02:14,Alto,Foi bloqueada uma tentativa de intrusão de