Análise de log - Tela Azul devido sofware para baixar driver

Question

Ol&aacute; Pessoal,

Formatei meu computador na semana passada e ontem fui atualizar o driver da placa de v&iacute;deo atrav&eacute;s de um software.

Assim que o software iniciou come&ccedil;aram os problemas. Ele al&eacute;m de toda hora mostrar a tela azul assim que eu mexia no mouse na inicializa&ccedil;&atilde;o do Windows.

Por sorte, ontem consegui entrar no modo de seguran&ccedil;a e excluir esse software de driver.

S&oacute; que ap&oacute;s isso ele:

- Estragou os pontos de restaura&ccedil;&atilde;o. N&atilde;o pude mais usar a restaura&ccedil;&atilde;o do sistema;
- Criou um programa estranho na inicializa&ccedil;&atilde;o que mostra a loja da microsoft;
- Desabilitou o Anti-Virus;
- Corrompeu meu Oficce;
- Corrompeu o IDM;
- Corrompeu o Malwarebytes;
- Desassociou arquivos que abriam com o Windows Media Player para abrir com os navegadores e n&atilde;o dar mais a op&ccedil;&atilde;o de abrir com o Windows Media Player;
- Comprometeu a barra de tarefas na inicializa&ccedil;&atilde;o assim que abro o Windows Media Player desaparece o Rel&oacute;gio do Windows;
- Eliminou a fun&ccedil;&atilde;o do Print Screen que copiava a foto da tela.

[SPOILER=FRST.txt]
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Vers&atilde;o: 09-12-2020
Executado por User (administrador) em DESKTOP-NTM19L0 (Hewlett-Packard 18-5200br) (12-12-2020 02:59:18)
Executando a partir de D:\&Aacute;rea de Trabalho
Perfis Carregados: User
Platform: Windows 10 Pro Vers&atilde;o 1909 18363.418 (X64) Idioma: Portugu&ecirc;s (Brasil)
Navegador padr&atilde;o: Chrome
Modo da Inicializa&ccedil;&atilde;o: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for inclu&iacute;da na fixlist, o processo ser&aacute; fechado. O arquivo n&atilde;o ser&aacute; movido.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe 
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2010.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Panda Security S.L. -> Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tonec Inc.) [Arquivo n&atilde;o assinado] C:\Program Files (x86)\Internet Download Manager\IDMan.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for inclu&iacute;da na fixlist, o &iacute;tem no Registro ser&aacute; restaurado para o padr&atilde;o ou removido. O arquivo n&atilde;o ser&aacute; movido.)

HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [165120 2019-10-16] (Panda Security S.L. -> Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:workplace;emailandaccounts;sync;appsforwebsites;maps;startupapps;videoplayback;cortana-moredetails;cortana-language;cortana-notifications;cortana-permissions;cortana;cortana-talktocortana;easeofa (a entrada de dados tem 382 mais caracteres).
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri&ccedil;&atilde;o  [X]
HKU\S-1-5-19\...\RunOnce: [Edge_DisableAdobeFlashPlayer] => REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons /F /V FlashPlayerEnabled /T R (a entrada de dados tem 22 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Cookies /T REG_DWORD /D  (a entrada de dados tem 9 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Download /F /V EnableSavePrompt /T R (a entrada de dados tem 22 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows /F /V PopupMgr /T REG_SZ (a entrada de dados tem 8 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI /F /V EnableCortana /T REG (a entrada de dados tem 20 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead /F /V FPEnabled /T REG_DWO (a entrada de dados tem 16 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Use FormSuggest /T REG_SZ (a entrada de dados tem 8 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V FormSuggest Passwords /T  (a entrada de dados tem 14 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy /F /V EnableEncryptedMediaExt (a entrada de dados tem 35 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes /F /V ShowS (a entrada de dados tem 50 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter /F /V EnabledV9 /T RE (a entrada de dados tem 21 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V DoNotTrack /T REG_DWORD / (a entrada de dados tem 12 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LinksBar /F /V Enabled /T REG_DWORD  (a entrada de dados tem 13 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PivotIndex /F /V HubPanePinned /T RE (a entrada de dados tem 21 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V HomeButtonEnabled /T REG_ (a entrada de dados tem 19 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Theme /T REG_DWORD /D 00 (a entrada de dados tem 7 mais caracteres).  [X]
HKU\S-1-5-20\...\RunOnce: [Edge_DisableAdobeFlashPlayer] => REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons /F /V FlashPlayerEnabled /T R (a entrada de dados tem 22 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Cookies /T REG_DWORD /D  (a entrada de dados tem 9 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Download /F /V EnableSavePrompt /T R (a entrada de dados tem 22 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows /F /V PopupMgr /T REG_SZ (a entrada de dados tem 8 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI /F /V EnableCortana /T REG (a entrada de dados tem 20 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead /F /V FPEnabled /T REG_DWO (a entrada de dados tem 16 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Use FormSuggest /T REG_SZ (a entrada de dados tem 8 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V FormSuggest Passwords /T  (a entrada de dados tem 14 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy /F /V EnableEncryptedMediaExt (a entrada de dados tem 35 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes /F /V ShowS (a entrada de dados tem 50 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter /F /V EnabledV9 /T RE (a entrada de dados tem 21 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V DoNotTrack /T REG_DWORD / (a entrada de dados tem 12 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LinksBar /F /V Enabled /T REG_DWORD  (a entrada de dados tem 13 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PivotIndex /F /V HubPanePinned /T RE (a entrada de dados tem 21 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V HomeButtonEnabled /T REG_ (a entrada de dados tem 19 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Theme /T REG_DWORD /D 00 (a entrada de dados tem 7 mais caracteres).  C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4091960 2019-09-21] (Tonec Inc.) [Arquivo n&atilde;o assinado]
HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\Windows\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> 
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 
HKLM\Software\...\Winlogon\GPExtensions: [{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}] -> %SystemRoot%\system32\domgmt.dll
HKLM\Software\...\Winlogon\GPExtensions: [{F312195E-3D9D-447A-A3F5-08DFFA24735E}] -> dggpext.dll
HKLM\Software\...\Winlogon\GPExtensions: [{FC491EF1-C4AA-4CE1-B329-414B101DB823}] -> dggpext.dll
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk [2020-12-05]
ShortcutAndArgument: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk -> C:\Windows\system32\RunDll32.exe => C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll,RunDLLEntry SERIALNUMBER=BR11BFP1ZW05D1;CONNECTION=USB;MONITOR=1;
BootExecute: ampa

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida do Registro. O arquivo n&atilde;o ser&aacute; movido, a menos que seja colocado separadamente.)

Task: {0682DDDC-D13D-4B6E-8431-9FA803214B3A} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance -> Nenhum Arquivo  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11094192 2020-08-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {24BD3B60-0393-4497-974E-D2685CC89E5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-03] (Google LLC -> Google LLC)
Task: {2AA77C8F-89B9-405A-9EFC-F64D74D3C350} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management => {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} C:\Windows\system32\WofTasks.dll [29696 2019-03-19] (Microsoft Corporation) [Arquivo n&atilde;o assinado]
Task: {466ECA8F-AD4E-4846-A837-F3525DBFB397} - \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan -> Nenhum Arquivo  Nenhum Arquivo  Nenhum Arquivo  C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E91798E-D51A-4CE1-AE5D-EC03188D66E7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {6392CB78-AAF6-40F7-ACD2-C943C0592E66} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {66D2CBB0-974D-409B-9790-4A078497AB23} - \Microsoft\Windows\Maps\MapsUpdateTask -> Nenhum Arquivo  {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} C:\Windows\system32\WofTasks.dll [29696 2019-03-19] (Microsoft Corporation) [Arquivo n&atilde;o assinado]
Task: {7A550ACD-D20D-44ED-B2FA-5CA6FED0BB00} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> Nenhum Arquivo  C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8AC6C4AF-2D4B-45AB-BE3D-9DF92B9A5E6A} - System32\Tasks\OInstall => C:\Windows\OInstall.exe [10267696 2019-04-25] (WZTeam -> ) [Arquivo n&atilde;o assinado]
Task: {9273D15E-4365-4DE0-9D00-D83A3054B5CE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {995B36D4-0107-49D9-8810-65F78D774EBD} - \Microsoft\Windows\Windows Defender\Windows Defender Verification -> Nenhum Arquivo  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {C391351C-0F98-447E-B3F3-F932910C72FD} - \Microsoft\Windows\Feedback\Siuf\DmClient -> Nenhum Arquivo  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-03] (Google LLC -> Google LLC)
Task: {E215B699-95A9-44CD-A30F-ECEEDA4BFAE6} - \Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload -> Nenhum Arquivo  C:\Windows\System32\XblGameSaveTask.exe
Task: {F2FCCCBA-0DA2-43B1-8383-00F0D84C51F0} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe
Task: {F919EAF1-DA4B-44E2-BDE1-2462A6774590} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F983E937-6426-4EB2-BBC3-9E94E3752925} - \Microsoft\Windows\Maps\MapsToastTask -> Nenhum Arquivo  hxxps://www.youtube.com/
FF Extension: (AdBlock &mdash; o melhor bloqueador de an&uacute;ncios) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vnf2xj02.default-release\Extensions\[email]jid1-NIfFY2CA8fy1tg@jetpack.xpi[/email] [2020-12-09]
FF Extension: (IDM Integration Module) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vnf2xj02.default-release\Extensions\[email]mozilla_cc3@internetdownloadmanager.com.xpi[/email] [2020-12-09] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\Firefox\Extensions: [[email]mozilla_cc3@internetdownloadmanager.com[/email]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2019-09-19] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\SeaMonkey\Extensions: [[email]mozilla_cc@internetdownloadmanager.com[/email]] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2020-12-08] [] [n&atilde;o assinado]
FF HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\SeaMonkey\Extensions: [[email]mozilla_cc2@internetdownloadmanager.com[/email]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] []
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-12-04] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-12-04] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-12-12]
CHR DownloadDir: D:\&Aacute;rea de Trabalho
CHR HomePage: Default -> file:///D:/%C3%81rea%20de%20Trabalho/favoritos_01_12_2020.html
CHR NewTab: Default ->  Active:chrome-extension://ejbjamhkdedinncaeiackcdehpccoejm/pages/newtab.html
CHR Extension: (Google Tradutor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-12-03]
CHR Extension: (HLS Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apomkbibleomoihlhhdbeghnfioffbej [2020-12-03]
CHR Extension: (MEGA) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-12-03]
CHR Extension: (Speed Dial) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbjamhkdedinncaeiackcdehpccoejm [2020-12-03]
CHR Extension: (AdBlock &mdash; o melhor bloqueador de an&uacute;ncios) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-12-03]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-12-10]
CHR Extension: (M&eacute;liuz: Cashback e cupons em suas compras) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2020-12-10]
CHR Extension: (Video Downloader Plus by Skyload) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjbpandnkpoaeaemedhhpaibjkcoblh [2020-12-03]
CHR Extension: (Ghostery &ndash; Bloqueador de an&uacute;ncios para privacidade) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-12-03]
CHR Extension: (MeddleMonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\moihledlmchhofenpacbhphnbnpakgmo [2020-12-03]
CHR Extension: (IDM Integration Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-12-10]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-03]
CHR Extension: (Comparador EscolhaSegura) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbichgopagjidnkeaablhiediibgbmec [2020-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-08]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-08]

==================== Servi&ccedil;os (Whitelisted) ===================

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida do Registro. O arquivo n&atilde;o ser&aacute; movido, a menos que seja colocado separadamente.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9105800 2020-12-01] (Microsoft Corporation -> Microsoft Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [109536 2019-10-16] (Panda Security S.L. -> Panda Security, S.L.)
S3 Panda VPN Service; C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe [320848 2017-11-19] (AnchorFree Inc -> )
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [84176 2019-02-19] (Panda Security S.L. -> Panda Security, S.L.)
R2 pselamsvc; C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe [189448 2018-07-25] (Panda Security S.L. -> Panda Security S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48784 2019-10-16] (Panda Security S.L. -> Panda Security, S.L.)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [79440 2020-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida do Registro. O arquivo n&atilde;o ser&aacute; movido, a menos que seja colocado separadamente.)

R3 aftap0901; C:\Windows\System32\drivers\aftap0901.sys [48624 2017-11-16] (AnchorFree Inc -> The OpenVPN Project)
S3 amdkmdan; C:\Windows\system32\DRIVERS\atikmnag.sys [20267024 2020-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] (ChengDu AoMei Tech Co., Ltd -> ) [Arquivo n&atilde;o assinado]
R1 NNSALPC; C:\Windows\system32\DRIVERS\NNSALPC.sys [111384 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSDNS; C:\Windows\system32\DRIVERS\NNSDNS.sys [104728 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\system32\DRIVERS\NNSHTTP.sys [211736 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\system32\DRIVERS\NNSHTTPS.sys [125720 2019-03-06] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSIDS; C:\Windows\system32\DRIVERS\NNSIDS.sys [132888 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [95472 2018-07-16] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPICC; C:\Windows\system32\DRIVERS\NNSPICC.sys [149784 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\system32\DRIVERS\NNSPIHSW.sys [95000 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\system32\DRIVERS\NNSPOP3.sys [135448 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPROT; C:\Windows\system32\DRIVERS\NNSPROT.sys [346392 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSPRV; C:\Windows\system32\DRIVERS\NNSPRV.sys [290584 2019-05-30] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\system32\DRIVERS\NNSSMTP.sys [123160 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\system32\DRIVERS\NNSSTRM.sys [295192 2019-05-30] (Panda Security S.L. -> Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\system32\DRIVERS\NNSTLSC.sys [132376 2019-03-05] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [198424 2019-06-11] (Panda Security S.L. -> Panda Security, S.L.)
S0 psinelam; C:\Windows\System32\DRIVERS\psinelam.sys [21952 2019-01-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [160536 2019-06-11] (Panda Security S.L. -> Panda Security, S.L.)
R1 PSINKNC; C:\Windows\system32\DRIVERS\PSINKNC.sys [215320 2019-03-04] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [147224 2019-06-11] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [159512 2019-06-11] (Panda Security S.L. -> Panda Security, S.L.)
R2 PSINReg; C:\Windows\system32\DRIVERS\PSINReg.sys [129304 2019-06-11] (Panda Security S.L. -> Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [72648 2017-05-22] (Panda Security S.L. -> Panda Security, S.L.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [347704 2020-12-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
S3 mshidumdf; \SystemRoot\System32\drivers\mshidumdf.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida do Registro. O arquivo n&atilde;o ser&aacute; movido, a menos que seja colocado separadamente.)

==================== Tr&ecirc;s meses (criados) (Whitelisted) =========

(Se uma entrada for inclu&iacute;da na fixlist, o arquivo/pasta ser&aacute; movido.)

2020-12-12 02:58 - 2020-12-12 03:00 - 000000000 ____D C:\FRST
2020-12-12 01:01 - 2020-12-12 01:01 - 000003710 _____ C:\Windows\system32\Tasks\OInstall
2020-12-12 01:01 - 2019-04-25 02:03 - 010267696 _____ C:\Windows\OInstall.exe
2020-12-12 00:58 - 2020-12-12 00:58 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2020-12-12 00:58 - 2020-12-12 00:58 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2020-12-12 00:58 - 2020-12-12 00:58 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2020-12-12 00:58 - 2020-12-12 00:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-12-12 00:57 - 2020-12-12 00:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2020-12-12 00:48 - 2020-12-12 00:58 - 000000000 ____D C:\Program Files\Microsoft Office
2020-12-12 00:48 - 2020-12-12 00:48 - 000000000 ____D C:\Program Files\Microsoft Office 15
2020-12-11 17:26 - 2020-12-11 17:26 - 000000000 ____D C:\Users\Public\TechGainer
2020-12-11 17:18 - 2020-12-11 17:18 - 000000000 ____D C:\sources
2020-12-11 12:02 - 2020-12-11 12:02 - 047785472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 039714816 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 030752256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 027535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 025299968 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 022318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 021622272 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2020-12-11 12:02 - 2020-12-11 12:02 - 015716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 014302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 011948704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 010094152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 009102336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 008893160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 008779872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 007929616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 007500800 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 007408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2020-12-11 12:02 - 2020-12-11 12:02 - 003437632 _____ C:\Windows\system32\atiumd6a.cap
2020-12-11 12:02 - 2020-12-11 12:02 - 001445224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 001247744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 001193904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 001187342 _____ C:\Windows\system32\amdocl_as64.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 001061902 _____ C:\Windows\system32\amdocl_ld64.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000672768 _____ (AMD) C:\Windows\system32\atieclxx.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000665088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2020-12-11 12:02 - 2020-12-11 12:02 - 000660912 _____ C:\Windows\SysWOW64\atiapfxx.blb
2020-12-11 12:02 - 2020-12-11 12:02 - 000660912 _____ C:\Windows\system32\atiapfxx.blb
2020-12-11 12:02 - 2020-12-11 12:02 - 000442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000246784 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000235008 _____ C:\Windows\system32\clinfo.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000169152 _____ C:\Windows\system32\ativce03.dat
2020-12-11 12:02 - 2020-12-11 12:02 - 000160256 _____ C:\Windows\system32\atieah64.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000143872 _____ C:\Windows\SysWOW64\atieah32.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000102912 _____ C:\Windows\system32\hsa-thunk64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000100816 _____ C:\Windows\system32\ativce02.dat
2020-12-11 12:02 - 2020-12-11 12:02 - 000089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2020-12-11 12:02 - 2020-12-11 12:02 - 000050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000047664 _____ C:\Windows\system32\kapp_ci.sbin
2020-12-11 12:02 - 2020-12-11 12:02 - 000043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000043408 _____ C:\Windows\system32\kapp_si.sbin
2020-12-11 12:02 - 2020-12-11 12:02 - 000039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2020-12-11 12:02 - 2020-12-11 12:02 - 000029696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2020-12-11 12:01 - 2020-12-11 12:02 - 000458472 _____ C:\Windows\system32\amdmiracast.dll
2020-12-11 12:01 - 2020-12-11 12:01 - 000833798 _____ C:\Windows\system32\amdicdxx.dat
2020-12-11 12:01 - 2020-12-11 12:01 - 000297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2020-12-11 12:01 - 2020-12-11 12:01 - 000204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2020-12-11 12:01 - 2020-12-11 12:01 - 000189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2020-12-11 12:01 - 2020-12-11 12:01 - 000167456 _____ C:\Windows\system32\amde31a.dat
2020-12-11 12:01 - 2020-12-11 12:01 - 000141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2020-12-11 12:01 - 2020-12-11 12:01 - 000134656 _____ C:\Windows\system32\amdhdl64.dll
2020-12-11 12:01 - 2020-12-11 12:01 - 000128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2020-12-11 12:01 - 2020-12-11 12:01 - 000123392 _____ C:\Windows\SysWOW64\amdhdl32.dll
2020-12-11 12:01 - 2020-12-11 12:01 - 000107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2020-12-11 12:01 - 2020-12-11 12:01 - 000100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2020-12-11 11:28 - 2020-12-11 12:06 - 000065058 _____ C:\Windows\ntbtlog.txt
2020-12-11 11:28 - 2020-12-11 11:30 - 000432500 _____ C:\Windows\Minidump\121120-24671-01.dmp
2020-12-11 11:23 - 2020-12-11 11:23 - 000000000 _____ C:\Windows\Minidump\121120-26000-01.dmp
2020-12-11 11:04 - 2020-12-11 11:04 - 000000000 _____ C:\Windows\Minidump\121120-33531-01.dmp
2020-12-11 07:44 - 2020-12-11 07:44 - 000000000 __SHD C:\found.000
2020-12-11 03:28 - 2020-12-11 03:28 - 000000000 _____ C:\Windows\Minidump\121120-31453-01.dmp
2020-12-11 03:27 - 2020-12-11 03:27 - 000000000 ____D C:\Users\User\AppData\Roaming\DriveTheLife2013
2020-12-11 03:26 - 2020-12-11 03:26 - 000000000 _____ C:\Windows\Minidump\121120-33875-01.dmp
2020-12-11 01:16 - 2020-12-11 11:28 - 376650549 _____ C:\Windows\MEMORY.DMP
2020-12-10 17:59 - 2020-12-10 17:59 - 020267024 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmnag.sys
2020-12-10 17:58 - 2020-12-10 17:58 - 000003194 _____ C:\Windows\system32\Tasks\RTKCPL
2020-12-10 17:57 - 2020-12-11 11:56 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2020-12-10 17:57 - 2020-12-11 02:20 - 000000000 ____D C:\Windows\system32\SRSLabs
2020-12-10 17:57 - 2020-12-11 02:20 - 000000000 ____D C:\Program Files\Realtek
2020-12-10 17:56 - 2020-12-10 17:56 - 004113624 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2020-12-10 17:56 - 2020-12-10 17:56 - 000085704 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2020-12-10 17:56 - 2020-12-10 17:56 - 000043720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2020-12-10 17:56 - 2011-11-22 12:28 - 000014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2020-12-10 17:55 - 2020-12-10 17:55 - 000110080 _____ (TODO: ) C:\Windows\system32\DelayAPO.dll
2020-12-10 17:55 - 2020-12-10 17:55 - 000096256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2020-12-10 12:47 - 2020-12-10 12:47 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\WinaeroTweaker
2020-12-10 12:47 - 2020-12-10 12:47 - 000000000 ____D C:\ProgramData\WinaeroTweaker
2020-12-10 01:09 - 2020-12-10 01:09 - 000000000 ____D C:\Users\User\AppData\Roaming\MPC-HC
2020-12-09 15:52 - 2020-12-11 19:42 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2020-12-09 15:52 - 2020-12-09 15:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2020-12-09 15:50 - 2020-12-11 19:41 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\Mozilla
2020-12-09 15:50 - 2020-12-11 19:41 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-09 15:50 - 2020-12-09 15:50 - 000001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-12-09 15:50 - 2020-12-09 15:50 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-12-09 15:50 - 2020-12-09 15:50 - 000000000 ____D C:\Users\User\AppData\Local\Mozilla
2020-12-09 15:50 - 2020-12-09 15:50 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-12-09 02:51 - 2020-12-09 12:10 - 000000000 ____D C:\Users\User\Downloads\MEmu Download
2020-12-09 02:50 - 2020-12-09 02:51 - 000000000 ____D C:\Users\User\.android
2020-12-09 01:10 - 2020-12-09 01:12 - 000000000 ____D C:\Users\User\AppData\Roaming\Youtube Downloader HD
2020-12-08 18:29 - 2020-12-08 18:29 - 000000000 ____D C:\Users\User\AppData\Roaming\AMD
2020-12-08 18:29 - 2020-12-08 18:29 - 000000000 ____D C:\Users\User\AppData\Local\4kdownload.com
2020-12-08 17:50 - 2020-12-11 21:01 - 000000000 ____D C:\Users\User\AppData\Roaming\DMCache
2020-12-08 17:47 - 2020-12-09 12:47 - 000000000 ____D C:\Users\User\AppData\Roaming\IDM
2020-12-08 17:47 - 2020-12-08 17:47 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\IDM
2020-12-08 17:47 - 2020-12-08 17:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2020-12-08 17:47 - 2020-12-08 17:47 - 000000000 ____D C:\ProgramData\IDM
2020-12-08 17:47 - 2018-12-20 10:05 - 000229296 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2020-12-08 17:46 - 2020-12-08 17:47 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2020-12-08 17:35 - 2020-12-08 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2020-12-08 17:35 - 2020-12-08 17:35 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2020-12-08 13:03 - 2020-12-11 11:35 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2020-12-08 13:02 - 2020-12-08 13:02 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\Malwarebytes
2020-12-08 13:02 - 2020-12-08 13:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2020-12-08 13:02 - 2020-12-08 13:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-08 13:02 - 2020-12-08 13:02 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2020-12-08 13:02 - 2016-03-10 14:09 - 000065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2020-12-08 13:02 - 2016-03-10 14:08 - 000140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2020-12-08 13:02 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-12-08 02:43 - 2020-12-12 00:32 - 001018002 _____ C:\Windows\SysWOW64\rootpa.e2e
2020-12-08 02:43 - 2020-12-08 02:43 - 000000000 ____D C:\Windows\tbaseregistry
2020-12-08 02:37 - 2020-12-11 02:20 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2020-12-08 02:37 - 2020-12-08 02:37 - 000000000 _____ C:\Windows\ativpsrm.bin
2020-12-08 02:37 - 2015-06-03 21:07 - 000073976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmpfd.sys
2020-12-08 02:20 - 2020-12-08 02:20 - 009908856 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2020-12-08 02:20 - 2020-12-08 02:20 - 002994768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\rootpacommon.dll
2020-12-08 02:20 - 2020-12-08 02:20 - 000298776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\Drivers\amdpsp.sys
2020-12-08 02:20 - 2020-12-08 02:20 - 000146528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\tbaseregistry64.dll
2020-12-08 02:20 - 2020-12-08 02:20 - 000127568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\tbaseregistry32.dll
2020-12-08 02:20 - 2020-12-08 02:20 - 000127040 _____ (AMD) C:\Windows\system32\pspcoins.dll
2020-12-08 02:20 - 2020-12-08 02:20 - 000114456 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\Drivers\amdkmcsp.sys
2020-12-08 02:20 - 2020-12-08 02:20 - 000106576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdumcsp.dll
2020-12-08 02:20 - 2020-12-08 02:20 - 000088672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdumcsp.dll
2020-12-08 02:20 - 2020-12-08 02:20 - 000079440 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
2020-12-08 02:20 - 2020-12-08 02:20 - 000044112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\t-base_client_api.dll
2020-12-08 02:20 - 2020-12-08 02:20 - 000040016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\t-base_client_api.dll
2020-12-08 02:20 - 2020-12-08 02:20 - 000021007 _____ C:\Windows\SysWOW64\07010000000000000000000000000000.tlbin
2020-12-08 02:20 - 2020-12-08 02:20 - 000002473 _____ C:\Windows\SysWOW64\tbaseprovisioning.exe.config
2020-12-08 02:20 - 2020-12-08 02:20 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2020-12-08 01:18 - 2020-12-08 01:21 - 000000000 ____D C:\AdwCleaner
2020-12-07 20:49 - 2020-12-07 20:49 - 000002033 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\DriverHub.lnk
2020-12-07 20:48 - 2020-12-07 20:48 - 000000000 ____D C:\Program Files (x86)\DriverHub
2020-12-07 20:46 - 2020-12-07 20:46 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3DP Chip Lite
2020-12-07 19:41 - 2020-12-07 19:41 - 000000000 __SHD C:\Users\Todos os Usu&aacute;rios\360Quarant
2020-12-07 19:41 - 2020-12-07 19:41 - 000000000 __SHD C:\ProgramData\360Quarant
2020-12-07 19:41 - 2020-12-07 19:41 - 000000000 __SHD C:\$360Section
2020-12-07 19:39 - 2020-12-07 19:39 - 000000000 ____D C:\Users\User\AppData\Local\cloud
2020-12-07 19:34 - 2020-12-07 19:34 - 000000000 _RSHD C:\360SANDBOX
2020-12-07 19:28 - 2020-12-07 19:28 - 000000000 ____D C:\Users\User\AppData\LocalLow\AMD
2020-12-07 19:28 - 2020-12-07 19:28 - 000000000 ____D C:\Users\User\AppData\Local\Opera Software
2020-12-07 19:26 - 2020-12-09 15:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-07 19:20 - 2020-12-07 19:20 - 000000000 ____D C:\Users\User\.cache
2020-12-07 18:58 - 2020-09-07 14:09 - 006124208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2020-12-07 18:58 - 2020-09-03 14:47 - 003801776 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2020-12-07 18:58 - 2020-07-02 12:36 - 003337904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2020-12-07 18:58 - 2019-07-31 12:41 - 001394384 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2020-12-07 18:58 - 2019-07-31 12:41 - 001383184 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2020-12-07 18:58 - 2019-07-31 12:41 - 001308088 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2020-12-07 18:58 - 2019-07-31 12:41 - 001177136 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2020-12-07 18:58 - 2019-02-18 13:44 - 001060760 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2020-12-07 18:58 - 2019-02-18 13:44 - 001043752 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2020-12-07 18:58 - 2019-01-09 05:50 - 003151056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2020-12-07 18:58 - 2018-12-01 04:47 - 003406976 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2020-12-07 18:58 - 2018-12-01 04:47 - 003132032 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2020-12-07 18:58 - 2018-12-01 04:47 - 001091712 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2020-12-07 18:58 - 2018-06-21 13:00 - 002921408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2020-12-07 18:58 - 2018-02-13 15:22 - 000677312 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2020-12-07 18:58 - 2018-02-07 06:18 - 000527656 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2020-12-07 18:58 - 2018-02-07 06:18 - 000257832 _____ (TODO: ) C:\Windows\system32\slprp64.dll
2020-12-07 18:58 - 2018-02-07 06:18 - 000219944 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2020-12-07 18:58 - 2018-02-07 06:18 - 000207656 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2020-12-07 18:58 - 2018-02-07 06:18 - 000164648 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2020-12-07 18:58 - 2017-12-01 14:26 - 001332672 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2020-12-07 18:58 - 2017-11-21 13:11 - 000380704 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2020-12-07 18:58 - 2017-11-21 13:11 - 000106784 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2020-12-07 18:58 - 2017-11-21 13:11 - 000084256 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2020-12-07 18:58 - 2017-11-21 13:10 - 000315680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2020-12-07 18:58 - 2017-11-21 13:10 - 000315680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2020-12-07 18:58 - 2017-11-21 13:10 - 000209696 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2020-12-07 18:58 - 2015-11-10 13:25 - 000182488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2020-12-07 18:58 - 2015-02-03 20:38 - 001413776 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2020-12-07 18:58 - 2015-02-03 20:38 - 000454288 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2020-12-07 18:58 - 2015-02-03 20:38 - 000369296 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2020-12-07 18:58 - 2015-02-03 20:38 - 000329360 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2020-12-07 18:58 - 2015-02-03 20:38 - 000329360 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2020-12-07 18:58 - 2013-10-11 08:47 - 000113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2020-12-07 18:58 - 2011-12-20 11:32 - 000331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2020-12-07 18:58 - 2011-09-02 10:21 - 000221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2020-12-07 18:58 - 2011-09-02 10:21 - 000081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2020-12-07 18:58 - 2011-09-02 10:21 - 000078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2020-12-07 18:58 - 2010-07-22 12:48 - 000074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2020-12-07 18:58 - 2010-07-11 17:28 - 000180048 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFProc64.dll
2020-12-07 18:58 - 2010-07-11 17:28 - 000086352 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll
2020-12-07 18:58 - 2010-07-11 17:28 - 000083792 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFSAPO64.dll
2020-12-07 18:58 - 2010-07-11 17:28 - 000082768 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFHAPO64.dll
2020-12-07 18:58 - 2010-07-11 17:28 - 000082768 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFDAPO64.dll
2020-12-07 18:57 - 2020-09-07 12:02 - 041952280 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2020-12-07 18:57 - 2019-04-09 10:32 - 003668328 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2020-12-07 18:57 - 2016-03-08 10:55 - 072512000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2020-12-07 18:54 - 2020-06-08 22:57 - 000107936 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWT6.sys
2020-12-07 18:04 - 2020-12-11 19:39 - 000000000 ____D C:\Users\User\AppData\Roaming\ROSTPAY LTD
2020-12-07 18:04 - 2020-12-11 19:39 - 000000000 ____D C:\Users\User\AppData\Roaming\DriverHub
2020-12-07 18:04 - 2020-12-07 18:04 - 000000000 ____D C:\Users\User\AppData\Local\ROSTPAY LTD
2020-12-07 18:00 - 2020-12-07 20:48 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\Package Cache
2020-12-07 18:00 - 2020-12-07 20:48 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-07 11:48 - 2020-12-08 18:37 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2020-12-07 11:48 - 2020-12-07 11:48 - 000000000 ____D C:\Users\User\AppData\Roaming\ABBYY
2020-12-07 11:48 - 2020-12-07 11:48 - 000000000 ____D C:\Users\User\AppData\Local\ABBYY
2020-12-07 11:33 - 2019-05-04 18:17 - 000000812 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ.lnk
2020-12-07 11:33 - 2019-05-04 18:17 - 000000771 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebCam.lnk
2020-12-07 11:33 - 2019-05-04 18:14 - 000001733 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Limpar PenDrive.lnk
2020-12-07 11:33 - 2019-05-04 17:50 - 000002453 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reset Fila de Impress&atilde;o.lnk
2020-12-07 11:33 - 2019-05-04 17:50 - 000001242 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UniExtract.lnk
2020-12-07 11:33 - 2019-05-04 17:48 - 000001416 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo to Cartoon.lnk
2020-12-07 11:33 - 2019-05-04 17:47 - 000001981 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bloqueio de Pastas.lnk
2020-12-07 11:33 - 2019-05-04 17:46 - 000001755 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gravar e Copiar DVD.lnk
2020-12-07 11:33 - 2019-05-04 17:45 - 000001331 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vopt Desfrag.lnk
2020-12-07 11:33 - 2019-05-04 17:44 - 000001274 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2020-12-07 11:33 - 2019-05-03 09:06 - 000001659 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Data Recovery.lnk
2020-12-07 11:33 - 2019-05-03 09:03 - 000002460 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProShow Producer.lnk
2020-12-07 11:33 - 2019-05-03 09:01 - 000001362 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Destravar Pastas.lnk
2020-12-07 11:33 - 2019-05-03 09:01 - 000001289 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acesso Remoto.lnk
2020-12-07 11:33 - 2019-05-03 08:58 - 000002215 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photoshop CS6.lnk
2020-12-07 11:33 - 2019-05-03 08:58 - 000001435 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoScape.lnk
2020-12-07 11:33 - 2019-05-03 08:52 - 000001382 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captura de Tela.lnk
2020-12-07 11:33 - 2019-05-03 08:51 - 000001623 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Photo Resizer.lnk
2020-12-07 11:33 - 2019-05-03 08:50 - 000001534 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FineReader.lnk
2020-12-07 11:33 - 2019-05-03 08:50 - 000001302 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory.lnk
2020-12-07 11:33 - 2019-05-03 01:01 - 000001430 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DaemonTools.lnk
2020-12-07 11:32 - 2020-12-07 11:32 - 000001573 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desligar.lnk
2020-12-07 11:24 - 2020-12-09 01:21 - 000000000 ____D C:\Portables
2020-12-07 03:21 - 2020-12-07 03:21 - 000000231 _____ C:\unstart.ini
2020-12-07 02:05 - 2020-12-11 21:01 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2020-12-07 01:59 - 2020-12-07 19:28 - 000000000 ____D C:\Users\User\AppData\Local\AMD
2020-12-07 01:55 - 2020-12-08 02:37 - 000000000 ____D C:\Program Files\AMD
2020-12-07 00:50 - 2020-12-11 12:02 - 000865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2020-12-07 00:50 - 2015-07-15 20:22 - 000204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2020-12-07 00:50 - 2015-07-15 20:22 - 000204952 _____ C:\Windows\system32\ativvsvl.dat
2020-12-07 00:50 - 2015-07-15 20:22 - 000157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2020-12-07 00:50 - 2015-07-15 20:22 - 000157144 _____ C:\Windows\system32\ativvsva.dat
2020-12-07 00:50 - 2015-05-28 20:21 - 000255808 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2020-12-07 00:50 - 2015-05-28 20:17 - 000250884 _____ C:\Windows\system32\ativvaxy_FJ.dat
2020-12-07 00:50 - 2015-05-28 20:15 - 000249088 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2020-12-07 00:50 - 2015-05-28 20:10 - 000322868 _____ C:\Windows\system32\ativvaxy_vi.dat
2020-12-07 00:50 - 2015-05-28 20:08 - 000321200 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2020-12-07 00:50 - 2015-05-28 20:00 - 000234420 _____ C:\Windows\system32\ativvaxy_cik.dat
2020-12-07 00:50 - 2015-05-28 19:58 - 000232752 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2020-12-07 00:50 - 2014-11-06 05:53 - 000737410 _____ C:\Windows\system32\atiicdxx.dat
2020-12-07 00:50 - 2014-06-18 12:28 - 000140240 _____ C:\Windows\system32\samu_krnl_ci.sbin
2020-12-07 00:50 - 2013-12-12 08:53 - 000138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2020-12-05 19:25 - 2020-12-07 20:46 - 000000000 ____D C:\Program Files (x86)\3DP Chip Lite
2020-12-05 11:56 - 2020-12-05 11:56 - 000000000 ____D C:\Windows\system32\Codecs
2020-12-05 00:47 - 2020-12-05 00:47 - 000000000 ____D C:\Users\User\AppData\Local\Comms
2020-12-04 11:15 - 2020-12-04 11:15 - 000000000 ____D C:\Users\User\AppData\Roaming\Sun
2020-12-04 11:14 - 2020-12-04 11:14 - 000192168 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2020-12-04 11:14 - 2020-12-04 11:14 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\Oracle
2020-12-04 11:14 - 2020-12-04 11:14 - 000000000 ____D C:\ProgramData\Oracle
2020-12-04 11:14 - 2020-12-04 11:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-12-04 11:13 - 2020-12-04 11:13 - 000000000 ____D C:\Program Files\Java
2020-12-04 01:08 - 2020-12-04 01:08 - 000000000 ____D C:\Users\User\AppData\Roaming\Macromedia
2020-12-04 00:53 - 2020-12-04 00:53 - 000000000 ____D C:\Users\User\AppData\LocalLow\Sun
2020-12-04 00:23 - 2020-12-04 00:23 - 000000000 ____D C:\Users\User\AppData\Roaming\Media Player Classic
2020-12-03 20:30 - 2020-12-03 20:30 - 000001396 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Portable.lnk
2020-12-03 20:20 - 2020-12-03 20:23 - 000000000 ____D C:\Users\User\AppData\Local\HP
2020-12-03 20:20 - 2020-12-03 20:20 - 000000057 _____ C:\Users\Todos os Usu&aacute;rios\Ament.ini
2020-12-03 20:20 - 2020-12-03 20:20 - 000000057 _____ C:\ProgramData\Ament.ini
2020-12-03 20:20 - 2020-12-03 20:20 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\HP
2020-12-03 20:20 - 2020-12-03 20:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2020-12-03 20:20 - 2020-12-03 20:20 - 000000000 ____D C:\ProgramData\HP
2020-12-03 20:20 - 2020-12-03 20:20 - 000000000 ____D C:\Program Files\HP
2020-12-03 20:20 - 2020-12-03 20:20 - 000000000 ____D C:\Program Files (x86)\HP
2020-12-03 19:57 - 2020-12-03 19:57 - 000000000 ____D C:\Users\User\AppData\Local\PeerDistRepub
2020-12-03 17:54 - 2020-12-03 17:54 - 000000000 ____D C:\Windows\SysWOW64\sda
2020-12-03 12:57 - 2012-09-12 09:43 - 000332176 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpinksts8711LM.dll
2020-12-03 12:57 - 2012-09-12 09:43 - 000270224 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpinkcoi8711.dll
2020-12-03 12:57 - 2012-09-12 09:36 - 002873744 _____ (Hewlett-Packard Co.) C:\Windows\system32\hpinkins8711.exe
2020-12-03 12:25 - 2020-12-03 12:25 - 000000439 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arquivos (D).lnk
2020-12-03 12:17 - 2020-12-03 12:17 - 000000000 ____D C:\Program Files\UNP
2020-12-03 12:09 - 2020-12-03 12:09 - 000000000 ____D C:\Windows\amlog
2020-12-03 12:08 - 2020-12-03 12:09 - 000000286 _____ C:\Windows\ampa.ini
2020-12-03 11:37 - 2020-12-07 00:07 - 000001024 ____H C:\AMTAG.BIN
2020-12-03 11:37 - 2020-12-03 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Pro Edition 5.5
2020-12-03 11:36 - 2020-12-07 02:05 - 000000000 ____D C:\Program Files (x86)\AOMEI Partition Assistant Pro Edition 5.5
2020-12-03 11:36 - 2013-11-29 20:42 - 001806960 _____ C:\Windows\ampa.exe
2020-12-03 11:36 - 2013-11-29 10:31 - 000017008 _____ C:\Windows\SysWOW64\ampa.sys
2020-12-03 11:36 - 2013-11-29 10:31 - 000017008 _____ C:\Windows\system32\ampa.sys
2020-12-03 02:07 - 2020-12-04 00:24 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2020-12-03 01:56 - 2020-12-04 01:08 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-12-03 01:56 - 2020-12-04 01:08 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-12-03 01:55 - 2020-12-04 01:08 - 000000000 ____D C:\Windows\system32\Macromed
2020-12-03 01:50 - 2020-12-04 01:08 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-12-03 00:53 - 2013-12-01 09:10 - 000218200 _____ C:\Windows\SysWOW64\unrar.dll
2020-12-03 00:46 - 2020-12-03 00:46 - 000000000 ____D C:\Users\User\AppData\Roaming\WinRAR
2020-12-03 00:44 - 2020-12-03 00:44 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-12-03 00:44 - 2020-12-03 00:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2020-12-03 00:42 - 2020-12-03 00:46 - 000000000 ____D C:\Program Files\WinRAR
2020-12-03 00:40 - 2020-12-07 03:19 - 000000000 ____D C:\Program Files (x86)\Acro Software
2020-12-03 00:39 - 2020-12-03 17:35 - 000000000 ____D C:\Users\User\AppData\Roaming\SumatraPDF
2020-12-03 00:39 - 2020-12-03 00:39 - 000001948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2020-12-03 00:39 - 2020-12-03 00:39 - 000000000 ____D C:\Program Files\SumatraPDF
2020-12-03 00:37 - 2020-12-04 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2020-12-03 00:37 - 2020-12-03 00:37 - 000000000 ____D C:\Program Files\VS Revo Group
2020-12-03 00:27 - 2020-12-07 20:05 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-03 00:27 - 2020-12-03 02:29 - 000000000 ____D C:\Users\User\AppData\Local\Google
2020-12-03 00:26 - 2020-12-03 17:39 - 000003588 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 00:26 - 2020-12-03 17:39 - 000003464 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-03 00:26 - 2020-12-03 00:26 - 000000000 ____D C:\Program Files\Google
2020-12-03 00:26 - 2020-12-03 00:26 - 000000000 ____D C:\Program Files (x86)\Google
2020-12-03 00:14 - 2020-12-03 00:14 - 000000000 ____D C:\Users\User\AppData\Roaming\Panda Security
2020-12-03 00:13 - 2019-06-11 23:29 - 000198424 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINAflt.sys
2020-12-03 00:13 - 2019-06-11 23:29 - 000159512 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINProt.sys
2020-12-03 00:13 - 2019-06-11 23:29 - 000129304 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINReg.sys
2020-12-03 00:13 - 2019-05-30 02:57 - 000295192 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsstrm.sys
2020-12-03 00:13 - 2019-03-06 00:06 - 000125720 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttps.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000346392 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsprot.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000211736 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnshttp.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000149784 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspicc.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000135448 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspop3.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000132888 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsids.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000132376 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnstlsc.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000123160 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnssmtp.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000111384 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsalpc.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000104728 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnsdns.sys
2020-12-03 00:13 - 2019-03-05 02:44 - 000095000 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\nnspihsw.sys
2020-12-03 00:13 - 2019-03-04 10:20 - 000215320 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSINKNC.sys
2020-12-03 00:13 - 2019-01-22 00:44 - 000021952 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\psinelam.sys
2020-12-03 00:13 - 2017-05-22 02:01 - 000072648 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2020-12-03 00:12 - 2020-12-11 17:08 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome.lnk
2020-12-03 00:12 - 2020-12-03 00:15 - 000000000 ____D C:\Program Files (x86)\Panda Security
2020-12-03 00:12 - 2020-12-03 00:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Dome
2020-12-03 00:11 - 2020-12-03 00:15 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\Panda Security
2020-12-03 00:11 - 2020-12-03 00:15 - 000000000 ____D C:\ProgramData\Panda Security
2020-12-02 19:32 - 2020-12-06 00:47 - 000000000 ____D C:\Users\User\AppData\Local\PlaceholderTileLogoFolder
2020-12-02 18:51 - 2020-12-10 18:15 - 000000000 ____D C:\Users\User\AppData\Local\D3DSCache
2020-12-02 18:45 - 2020-12-02 18:45 - 000000405 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivos e Impressoras.lnk
2020-12-02 17:54 - 2020-12-02 17:55 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\Packages
2020-12-02 17:54 - 2020-12-02 17:55 - 000000000 ____D C:\ProgramData\Packages
2020-12-02 17:36 - 2020-12-02 17:36 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2020-12-02 17:35 - 2020-12-08 02:39 - 001759686 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-02 17:32 - 2020-12-08 18:38 - 000000000 ____D C:\Users\User\AppData\Roaming\Adobe
2020-12-02 17:32 - 2020-12-05 18:02 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2020-12-02 17:32 - 2020-12-02 17:32 - 000000000 __RHD C:\Users\User\3D Objects
2020-12-02 17:32 - 2020-12-02 17:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-12-02 17:32 - 2020-12-02 17:32 - 000000000 ____D C:\Users\User\AppData\Local\VirtualStore
2020-12-02 17:31 - 2020-12-11 11:28 - 000000000 ____D C:\Windows\minidump
2020-12-02 17:31 - 2020-12-02 17:32 - 000000000 ____D C:\Users\User\AppData\Local\ConnectedDevicesPlatform
2020-12-02 17:31 - 2020-12-02 17:31 - 000000020 ___SH C:\Users\User\ntuser.ini
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\Modelos
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\Meus Documentos
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\Menu Iniciar
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\Dados de Aplicativos
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\Configura&ccedil;&otilde;es Locais
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\AppData\Local\Hist&oacute;rico
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\AppData\Local\Dados de Aplicativos
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\Ambiente de Rede
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 _SHDL C:\Users\User\Ambiente de Impress&atilde;o
2020-12-02 17:31 - 2020-12-02 17:31 - 000000000 ____D C:\Windows\CSC
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\Modelos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\Meus Documentos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\Menu Iniciar
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\Dados de Aplicativos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\Configura&ccedil;&otilde;es Locais
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\AppData\Local\Hist&oacute;rico
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\AppData\Local\Dados de Aplicativos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\Ambiente de Rede
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o\Ambiente de Impress&atilde;o
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Usu&aacute;rio Padr&atilde;o
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Todos os Usu&aacute;rios\Modelos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Todos os Usu&aacute;rios\Menu Iniciar
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Todos os Usu&aacute;rios\Documentos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Todos os Usu&aacute;rios\Dados de Aplicativos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Todos os Usu&aacute;rios
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\Modelos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\Meus Documentos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\Menu Iniciar
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\Dados de Aplicativos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\Configura&ccedil;&otilde;es Locais
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\AppData\Local\Hist&oacute;rico
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\Ambiente de Rede
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default\Ambiente de Impress&atilde;o
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\Modelos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\Meus Documentos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\Menu Iniciar
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\Dados de Aplicativos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\Configura&ccedil;&otilde;es Locais
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Hist&oacute;rico
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\AppData\Local\Dados de Aplicativos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\Ambiente de Rede
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Users\Default User\Ambiente de Impress&atilde;o
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\ProgramData\Modelos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\ProgramData\Menu Iniciar
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\ProgramData\Documentos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\ProgramData\Dados de Aplicativos
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Program Files\Common Files\Sistema
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Program Files\Arquivos Comuns
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Documents and Settings
2020-12-02 17:30 - 2020-12-02 17:30 - 000000000 _SHDL C:\Arquivos de Programas
2020-12-02 17:26 - 2020-12-12 00:31 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-02 17:25 - 2020-12-11 19:34 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-12-02 17:25 - 2020-12-05 02:02 - 000000000 ____D C:\Windows\Panther
2020-12-02 17:25 - 2020-12-04 00:16 - 000261760 _____ C:\Windows\system32\FNTCACHE.DAT
2020-12-02 17:25 - 2020-12-02 17:25 - 000000000 ____D C:\Windows\ServiceProfiles

==================== Tr&ecirc;s meses (modificados) ==================

(Se uma entrada for inclu&iacute;da na fixlist, o arquivo/pasta ser&aacute; movido.)

2020-12-12 00:58 - 2019-03-19 01:52 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\regid.1991-06.com.microsoft
2020-12-12 00:58 - 2019-03-19 01:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-12 00:58 - 2019-03-19 01:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2020-12-11 21:01 - 2019-03-19 01:37 - 000065536 _____ C:\Windows\system32\config\BBI
2020-12-11 17:54 - 2019-03-19 01:37 - 000000000 ____D C:\Windows\CbsTemp
2020-12-11 12:04 - 2019-03-19 01:50 - 000000000 ____D C:\Windows\INF
2020-12-08 03:05 - 2019-03-19 01:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-08 03:05 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\AppReadiness
2020-12-08 02:39 - 2019-03-19 09:47 - 000754282 _____ C:\Windows\system32\prfh0416.dat
2020-12-08 02:39 - 2019-03-19 09:47 - 000158190 _____ C:\Windows\system32\prfc0416.dat
2020-12-08 02:20 - 2017-03-26 22:12 - 000347704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsP2Stor.sys
2020-12-07 19:52 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\registration
2020-12-03 00:14 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2020-12-02 18:48 - 2019-03-19 01:52 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-12-02 17:39 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2020-12-02 17:33 - 2019-03-19 01:52 - 000000000 ____D C:\Users\Todos os Usu&aacute;rios\USOPrivate
2020-12-02 17:33 - 2019-03-19 01:52 - 000000000 ____D C:\ProgramData\USOPrivate
2020-12-02 17:31 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\system32\spool
2020-12-02 17:27 - 2019-03-19 01:52 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2020-12-02 17:26 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\ServiceState
2020-12-02 17:26 - 2019-03-19 01:52 - 000000000 ____D C:\Windows\appcompat
2020-12-02 17:24 - 2019-03-19 01:49 - 000028672 _____ C:\Windows\system32\config\BCD-Template

==================== SigCheck ============================

(N&atilde;o h&aacute; corre&ccedil;&atilde;o autom&aacute;tica para arquivos que n&atilde;o passaram na verifica&ccedil;&atilde;o.)

BCD (recoveryenabled=No -> recoveryenabled=Yes)  C:\Users\User
WDAGUtilityAccount (S-1-5-21-3300897730-1080615157-2638408914-504 - Limited - Disabled)

==================== Central de Seguran&ccedil;a ========================

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida.)

AV: Panda Dome (Enabled - Up to date) {CF440CD9-5435-10B1-04E0-7768B6F10320}

==================== Programas Instalados ======================

(Somente os programas adwares com a indica&ccedil;&atilde;o Oculto podem ser adicionados &agrave; fixlist para desocult&aacute;-los. Os programas adwares devem ser desinstalados manualmente.)

3DP Chip Lite v19.06.1 (HKLM-x32\...\3DP Chip Lite) (Version: v19.06.1 - 3DP)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.433 - Adobe)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.433 - Adobe)
AOMEI Partition Assistant Pro Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
DriverHub (HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\DriverHub) (Version: 1.1.2.1563 - Rostpay ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
HP Deskjet 2050 J510 series Software b&aacute;sico do dispositivo (HKLM\...\{2DCBB45E-AA03-4089-87E7-EC17E606D738}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Internet Download Manager 6.35.5 (HKLM-x32\...\Internet Download Manager_is1) (Version: 6.35.5 - lrepacks.ru)
Java 8 Update 271 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180271F0}) (Version: 8.0.2710.9 - Oracle Corporation)
K-Lite Codec Pack 15.9.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.9.0 - KLCP)
Malwarebytes Anti-Malware vers&atilde;o 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2019 - pt-br (HKLM\...\ProPlus2019Retail - pt-br) (Version: 16.0.13426.20332 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 pt-BR) (HKLM\...\Mozilla Firefox 83.0 (x64 pt-BR)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 83.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.13426.20332 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\{DB0164A2-ADE9-4FEE-B080-D506BDD6427F}) (Version: 1.08.09 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.09 - Panda Security) Hidden
Panda Dome (HKLM\...\{10EDA2C8-03AB-4C27-BDC4-39143A81B12F}) (Version: 11.12.30 - Panda Security) Hidden
Panda Dome (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 20.00.00.0001 - Panda Security)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.29093 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9024.1 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.2.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.0 - VS Revo Group, Ltd.)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==============

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida do Registro. O arquivo n&atilde;o ser&aacute; movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3300897730-1080615157-2638408914-1000_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfPreview.dll () [Arquivo n&atilde;o assinado]
CustomCLSID: HKU\S-1-5-21-3300897730-1080615157-2638408914-1000_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\SumatraPDF\PdfFilter.dll () [Arquivo n&atilde;o assinado]
ShellServiceObjects: Sem Nome -> {4DC9C264-730E-4CF6-8374-70F079E4F82B} => 
ShellIconOverlayIdentifiers: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [            IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2019-05-02] (Tonec Inc. -> Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> Nenhum Arquivo
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} =>  -> Nenhum Arquivo
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2019-06-18] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2019-06-18] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2019-06-18] (Panda Security S.L. -> Panda Security, S.L.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-11-18] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Limpar PenDrive.lnk -> C:\Portables\Limpar Pen Drive\Limpar\ejecutar.bat ()
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Reset Fila de Impress&atilde;o.lnk -> C:\Portables\Reset impressora\Reset_and_Clear_Print_Spooler_Queue.bat ()

==================== M&oacute;dulos Carregados (Whitelisted) =============

2019-10-06 23:58 - 2019-10-06 23:58 - 000939008 _____ (Microsoft Corporation) [Arquivo n&atilde;o assinado] c:\windows\system32\FVEAPI.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Modo de Seguran&ccedil;a (Whitelisted) ==================

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida do Registro. O valor AlternateShell ser&aacute; restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => =Service
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => =Service
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => =Service
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => =Service

==================== Associa&ccedil;&atilde;o (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2019-05-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll [2020-12-04] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll [2020-12-04] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2019-05-08] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mhtml - Nenhum Valor CLSID
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Conte&uacute;do: =========================

(Se necess&aacute;rio, a diretiva Hosts: pode ser inclu&iacute;da na fixlist para redefinir o Hosts.)

2019-03-19 01:49 - 2019-03-19 01:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Outras &Aacute;reas ===========================

(Atualmente n&atilde;o h&aacute; nenhuma corre&ccedil;&atilde;o autom&aacute;tica para esta se&ccedil;&atilde;o.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\Control Panel\Desktop\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall do Windows est&aacute; habilitado.

==================== MSCONFIG/TASK MANAGER &iacute;tens desabilitados ==

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida.)

HKLM\...\StartupApproved\StartupFolder: => CodecPackTrayMenu.lnk
HKLM\...\StartupApproved\Run32: => SunJavaUpdateSched
HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\StartupApproved\StartupFolder: => Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk
HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\StartupApproved\Run: => IDMan
HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\StartupApproved\Run: => Codec Pack Update Checker

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida do Registro. O arquivo n&atilde;o ser&aacute; movido, a menos que seja colocado separadamente.)

FirewallRules: [{EB1967EB-633E-4AEC-A58C-B9FC27B45A8C}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{06F02F8B-F3DF-46CF-A6D2-0790466E797C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{681A91C2-3EBF-4140-9A5D-F1BD5D4D07DA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3A318A20-ACA5-4455-9EDB-E0656A70735F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{C59C5B97-D66A-46A3-8480-6E0FD764174E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{0C5D01A7-9E9A-4E59-AF00-9AE184ACD441}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Pontos de Restaura&ccedil;&atilde;o =========================

05-12-2020 03:08:15 Revo Uninstaller's restore point - Real Alternative 2.0.2
05-12-2020 03:09:24 Revo Uninstaller's restore point - QuickTime Alternative 3.2.2
05-12-2020 03:10:52 Revo Uninstaller's restore point - 7-Zip 19.00 (x64 edition)
05-12-2020 03:13:28 Revo Uninstaller's restore point - K-Lite Codec Pack 15.9.0 Standard
05-12-2020 16:48:28 antes de usar o 3DPCHIP
07-12-2020 02:02:07 Opera&ccedil;&atilde;o de restaura&ccedil;&atilde;o
07-12-2020 03:18:58 Revo Uninstaller's restore point - CutePDF Writer 3.2
07-12-2020 03:21:18 Revo Uninstaller's restore point - Media Player Codec Pack 4.5.6
07-12-2020 12:49:01 Revo Uninstaller's restore point - VLC media player
07-12-2020 17:13:47 antes de atualizar driver da placa de v&iacute;deo
07-12-2020 19:50:46 Opera&ccedil;&atilde;o de restaura&ccedil;&atilde;o
08-12-2020 00:35:46 antes de intalar driver do mouse ou placa de video
08-12-2020 17:28:38 ANTES DE INSTALAR O K-LITE PACK CODEC
09-12-2020 03:15:41 ap&oacute;s instalar o memu pedindo atualiza&ccedil;&atilde;o da placa de v&iacute;deo
09-12-2020 15:41:14 Revo Uninstaller's restore point - MEmu
10-12-2020 17:37:29 antes de usar o driver hub
11-12-2020 17:26:47 Instalador de M&oacute;dulos do Windows
11-12-2020 17:54:12 Instalador de M&oacute;dulos do Windows
11-12-2020 19:42:16 Revo Uninstaller's restore point - Microsoft Office Professional Plus 2019 - pt-br

==================== Dispositivos Apresentando Falhas No Gerenciador ============

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (12/11/2020 07:42:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Servi&ccedil;os de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
O sistema n&atilde;o pode encontrar o arquivo especificado.
.

Error: (12/11/2020 07:42:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Servi&ccedil;o de C&oacute;pias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso &eacute; causado por configura&ccedil;&otilde;es de seguran&ccedil;a incorretas no processo gravador ou solicitante.

Opera&ccedil;&atilde;o:
   Obtendo Dados do Gravador

Contexto:
   Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome do Gravador: System Writer
   ID de Inst&acirc;ncia de Gravador: {f9ee12e6-8005-45a6-b6cd-a480ad2e977f}

Error: (12/11/2020 05:54:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Servi&ccedil;os de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
O sistema n&atilde;o pode encontrar o arquivo especificado.
.

Error: (12/11/2020 05:54:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Servi&ccedil;os de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
O sistema n&atilde;o pode encontrar o arquivo especificado.
.

Error: (12/11/2020 05:26:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Servi&ccedil;os de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
O sistema n&atilde;o pode encontrar o arquivo especificado.
.

Error: (12/11/2020 05:26:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Servi&ccedil;os de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.

System Error:
O sistema n&atilde;o pode encontrar o arquivo especificado.
.

Error: (12/11/2020 11:30:21 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restaura&ccedil;&atilde;o (Processo = C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe ; Descri&ccedil;&atilde;o = Revo Uninstaller's restore point - DriveTheLife; Erro = 0x8007043c).

Error: (12/11/2020 01:53:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: svchost.exe, vers&atilde;o: 10.0.18362.1, carimbo de data/hora: 0x68f17365
Nome do m&oacute;dulo com falha: KERNEL32.DLL, vers&atilde;o: 10.0.18362.329, carimbo de data/hora: 0x7b5427ec
C&oacute;digo de exce&ccedil;&atilde;o: 0xc0000005
Deslocamento da falha: 0x00019710
ID do processo com falha: 0xe7c
Hora de in&iacute;cio do aplicativo com falha: 0x01d6cf797ec129d1
Caminho do aplicativo com falha: C:\Windows\SysWOW64\svchost.exe
Caminho do m&oacute;dulo com falha: C:\Windows\System32\KERNEL32.DLL
ID do Relat&oacute;rio: 4339084c-0a1b-4ed3-8b3b-74964ae1f813
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Erros de Sistema:
=============
Error: (12/12/2020 12:32:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: N&atilde;o foi poss&iacute;vel iniciar o servi&ccedil;o luafv devido ao seguinte erro: 
O carregamento deste driver foi bloqueado

Error: (12/11/2020 08:14:10 PM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrup&ccedil;&atilde;o detectada na estrutura do sistema de arquivos, no volume F:.

A MFT (Tabela Mestra de Arquivos) cont&eacute;m um registro de arquivo corrompido. O n&uacute;mero de refer&ecirc;ncia do arquivo &eacute; 0x10000000017a8. O nome do arquivo &eacute; .

Error: (12/11/2020 08:14:10 PM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrup&ccedil;&atilde;o detectada na estrutura do sistema de arquivos, no volume F:.

A MFT (Tabela Mestra de Arquivos) cont&eacute;m um registro de arquivo corrompido. O n&uacute;mero de refer&ecirc;ncia do arquivo &eacute; 0x10000000017a5. O nome do arquivo &eacute; .

Error: (12/11/2020 08:14:10 PM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrup&ccedil;&atilde;o detectada na estrutura do sistema de arquivos, no volume F:.

A MFT (Tabela Mestra de Arquivos) cont&eacute;m um registro de arquivo corrompido. O n&uacute;mero de refer&ecirc;ncia do arquivo &eacute; 0x10000000017a4. O nome do arquivo &eacute; .

Error: (12/11/2020 08:14:07 PM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrup&ccedil;&atilde;o detectada na estrutura do sistema de arquivos, no volume F:.

A MFT (Tabela Mestra de Arquivos) cont&eacute;m um registro de arquivo corrompido. O n&uacute;mero de refer&ecirc;ncia do arquivo &eacute; 0x1000000001749. O nome do arquivo &eacute; .

Error: (12/11/2020 07:49:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: N&atilde;o foi poss&iacute;vel iniciar o servi&ccedil;o Servi&ccedil;o Clique para Executar do Microsoft Office devido ao seguinte erro: 
O servi&ccedil;o especificado n&atilde;o existe como servi&ccedil;o instalado.

Error: (12/11/2020 07:49:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O servi&ccedil;o Servi&ccedil;o Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte a&ccedil;&atilde;o corretiva ser&aacute; tomada em 0 milissegundos: Reiniciar o servi&ccedil;o.

Error: (12/11/2020 05:07:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: N&atilde;o foi poss&iacute;vel iniciar o servi&ccedil;o luafv devido ao seguinte erro: 
O carregamento deste driver foi bloqueado

CodeIntegrity:
===================================

Date: 2020-12-07 19:40:07.628
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\safemon\WscReg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-07 19:40:07.237
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\safemon\WscReg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-07 19:39:17.953
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\safemon\WscReg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-07 19:39:17.188
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\safemon\WscReg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-07 19:35:31.667
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\safemon\WscReg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-07 19:35:31.318
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\safemon\WscReg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-07 19:35:24.942
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\safemon\WscReg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-12-07 19:35:24.574
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\360\Total Security\safemon\WscReg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Informa&ccedil;&otilde;es da Mem&oacute;ria ===========================

BIOS: AMI 80.07 12/09/2014
placa-m&atilde;e: Hewlett-Packard 2B2F
Processador: AMD E1-6010 APU with AMD Radeon R2 Graphics 
Percentagem de mem&oacute;ria em uso: 62%
RAM f&iacute;sica total: 3774.01 MB
RAM f&iacute;sica dispon&iacute;vel: 1410.23 MB
Virtual Total: 4414.01 MB
Virtual dispon&iacute;vel: 1593.43 MB

==================== Drives ================================

Drive c: (Programas) (Fixed) (Total:85.82 GB) (Free:43.37 GB) NTFS
Drive d: (Arquivos) (Fixed) (Total:379.3 GB) (Free:350.06 GB) NTFS

\?\Volume{9bbb365e-f992-4754-bd21-b5994dd3ea36}\ (Recupera&ccedil;&atilde;o) (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\?\Volume{16836f01-0f63-4833-a6d0-705bf80ea28d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Tabela de Parti&ccedil;&otilde;es ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9EAC1F21)

Partition: GPT.

==================== Fim de Addition.txt =======================
[/SPOILER]

Answer

[QUOTE=glalla, post: 8391689, member: 868213]Ol&aacute; Pessoal,

Formatei meu computador na semana passada e ontem fui atualizar o driver da placa de v&iacute;deo atrav&eacute;s de um software.

Assim que o software iniciou come&ccedil;aram os problemas. Ele al&eacute;m de toda hora mostrar a tela azul assim que eu mexia no mouse na inicializa&ccedil;&atilde;o do Windows.

Por sorte, ontem consegui entrar no modo de seguran&ccedil;a e excluir esse software de driver.

S&oacute; que ap&oacute;s isso ele:

- Estragou os pontos de restaura&ccedil;&atilde;o. N&atilde;o pude mais usar a restaura&ccedil;&atilde;o do sistema;
- Criou um programa estranho na inicializa&ccedil;&atilde;o que mostra a loja da microsoft;
- Desabilitou o Anti-Virus;
- Corrompeu meu Oficce;
- Corrompeu o IDM;
- Corrompeu o Malwarebytes;
- Desassociou arquivos que abriam com o Windows Media Player para abrir com os navegadores e n&atilde;o dar mais a op&ccedil;&atilde;o de abrir com o Windows Media Player;
- Comprometeu a barra de tarefas na inicializa&ccedil;&atilde;o assim que abro o Windows Media Player desaparece o Rel&oacute;gio do Windows;
- Eliminou a fun&ccedil;&atilde;o do Print Screen que copiava a foto da tela.

[SPOILER=FRST.txt]
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Vers&atilde;o: 09-12-2020
Executado por User (administrador) em DESKTOP-NTM19L0 (Hewlett-Packard 18-5200br) (12-12-2020 02:59:18)
Executando a partir de D:\&Aacute;rea de Trabalho
Perfis Carregados: User
Platform: Windows 10 Pro Vers&atilde;o 1909 18363.418 (X64) Idioma: Portugu&ecirc;s (Brasil)
Navegador padr&atilde;o: Chrome
Modo da Inicializa&ccedil;&atilde;o: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for inclu&iacute;da na fixlist, o processo ser&aacute; fechado. O arquivo n&atilde;o ser&aacute; movido.)

(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe 
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2010.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Panda Security S.L. -> Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\pselamsvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Panda Security S.L. -> Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Tonec Inc.) [Arquivo n&atilde;o assinado] C:\Program Files (x86)\Internet Download Manager\IDMan.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for inclu&iacute;da na fixlist, o &iacute;tem no Registro ser&aacute; restaurado para o padr&atilde;o ou removido. O arquivo n&atilde;o ser&aacute; movido.)

HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [165120 2019-10-16] (Panda Security S.L. -> Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-09-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:workplace;emailandaccounts;sync;appsforwebsites;maps;startupapps;videoplayback;cortana-moredetails;cortana-language;cortana-notifications;cortana-permissions;cortana;cortana-talktocortana;easeofa (a entrada de dados tem 382 mais caracteres).
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri&ccedil;&atilde;o  [X]
HKU\S-1-5-19\...\RunOnce: [Edge_DisableAdobeFlashPlayer] => REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons /F /V FlashPlayerEnabled /T R (a entrada de dados tem 22 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Cookies /T REG_DWORD /D  (a entrada de dados tem 9 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Download /F /V EnableSavePrompt /T R (a entrada de dados tem 22 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows /F /V PopupMgr /T REG_SZ (a entrada de dados tem 8 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI /F /V EnableCortana /T REG (a entrada de dados tem 20 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead /F /V FPEnabled /T REG_DWO (a entrada de dados tem 16 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Use FormSuggest /T REG_SZ (a entrada de dados tem 8 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V FormSuggest Passwords /T  (a entrada de dados tem 14 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy /F /V EnableEncryptedMediaExt (a entrada de dados tem 35 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes /F /V ShowS (a entrada de dados tem 50 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter /F /V EnabledV9 /T RE (a entrada de dados tem 21 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V DoNotTrack /T REG_DWORD / (a entrada de dados tem 12 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LinksBar /F /V Enabled /T REG_DWORD  (a entrada de dados tem 13 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PivotIndex /F /V HubPanePinned /T RE (a entrada de dados tem 21 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V HomeButtonEnabled /T REG_ (a entrada de dados tem 19 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Theme /T REG_DWORD /D 00 (a entrada de dados tem 7 mais caracteres).  [X]
HKU\S-1-5-20\...\RunOnce: [Edge_DisableAdobeFlashPlayer] => REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Addons /F /V FlashPlayerEnabled /T R (a entrada de dados tem 22 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Cookies /T REG_DWORD /D  (a entrada de dados tem 9 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Download /F /V EnableSavePrompt /T R (a entrada de dados tem 22 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows /F /V PopupMgr /T REG_SZ (a entrada de dados tem 8 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI /F /V EnableCortana /T REG (a entrada de dados tem 20 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead /F /V FPEnabled /T REG_DWO (a entrada de dados tem 16 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Use FormSuggest /T REG_SZ (a entrada de dados tem 8 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V FormSuggest Passwords /T  (a entrada de dados tem 14 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy /F /V EnableEncryptedMediaExt (a entrada de dados tem 35 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\User\Default\SearchScopes /F /V ShowS (a entrada de dados tem 50 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter /F /V EnabledV9 /T RE (a entrada de dados tem 21 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V DoNotTrack /T REG_DWORD / (a entrada de dados tem 12 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LinksBar /F /V Enabled /T REG_DWORD  (a entrada de dados tem 13 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PivotIndex /F /V HubPanePinned /T RE (a entrada de dados tem 21 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V HomeButtonEnabled /T REG_ (a entrada de dados tem 19 mais caracteres).  REG ADD HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main /F /V Theme /T REG_DWORD /D 00 (a entrada de dados tem 7 mais caracteres).  C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4091960 2019-09-21] (Tonec Inc.) [Arquivo n&atilde;o assinado]
HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\Windows\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-07] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] ->
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\Software\...\Winlogon\GPExtensions: [{CFF649BD-601D-4361-AD3D-0FC365DB4DB7}] -> %SystemRoot%\system32\domgmt.dll
HKLM\Software\...\Winlogon\GPExtensions: [{F312195E-3D9D-447A-A3F5-08DFFA24735E}] -> dggpext.dll
HKLM\Software\...\Winlogon\GPExtensions: [{FC491EF1-C4AA-4CE1-B329-414B101DB823}] -> dggpext.dll
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk [2020-12-05]
ShortcutAndArgument: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk -> C:\Windows\system32\RunDll32.exe => C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll,RunDLLEntry SERIALNUMBER=BR11BFP1ZW05D1;CONNECTION=USB;MONITOR=1;
BootExecute: ampa

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for inclu&iacute;da na fixlist, ser&aacute; removida do Registro. O arquivo n&atilde;o ser&aacute; movido, a menos que seja colocado separadamente.)

Task: {0682DDDC-D13D-4B6E-8431-9FA803214B3A} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance -> Nenhum Arquivo  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11094192 2020-08-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {24BD3B60-0393-4497-974E-D2685CC89E5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-03] (Google LLC -> Google LLC)
Task: {2AA77C8F-89B9-405A-9EFC-F64D74D3C350} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management => {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} C:\Windows\system32\WofTasks.dll [29696 2019-03-19] (Microsoft Corporation) [Arquivo n&atilde;o assinado]
Task: {466ECA8F-AD4E-4846-A837-F3525DBFB397} - \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan -> Nenhum Arquivo  Nenhum Arquivo  Nenhum Arquivo  C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {5E91798E-D51A-4CE1-AE5D-EC03188D66E7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {6392CB78-AAF6-40F7-ACD2-C943C0592E66} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [670928 2020-11-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {66D2CBB0-974D-409B-9790-4A078497AB23} - \Microsoft\Windows\Maps\MapsUpdateTask -> Nenhum Arquivo  {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1} C:\Windows\system32\WofTasks.dll [29696 2019-03-19] (Microsoft Corporation) [Arquivo n&atilde;o assinado]
Task: {7A550ACD-D20D-44ED-B2FA-5CA6FED0BB00} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> Nenhum Arquivo  C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5142960 2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8AC6C4AF-2D4B-45AB-BE3D-9DF92B9A5E6A} - System32\Tasks\OInstall => C:\Windows\OInstall.exe [10267696 2019-04-25] (WZTeam -> ) [Arquivo n&atilde;o assinado]
Task: {9273D15E-4365-4DE0-9D00-D83A3054B5CE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {995B36D4-0107-49D9-8810-65F78D774EBD} - \Microsoft\Windows\Windows Defender\Windows Defender Verification -> Nenhum Arquivo  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23054216 2020-12-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {C391351C-0F98-447E-B3F3-F932910C72FD} - \Microsoft\Windows\Feedback\Siuf\DmClient -> Nenhum Arquivo  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-03] (Google LLC -> Google LLC)
Task: {E215B699-95A9-44CD-A30F-ECEEDA4BFAE6} - \Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload -> Nenhum Arquivo  C:\Windows\System32\XblGameSaveTask.exe
Task: {F2FCCCBA-0DA2-43B1-8383-00F0D84C51F0} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe
Task: {F919EAF1-DA4B-44E2-BDE1-2462A6774590} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143720 2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F983E937-6426-4EB2-BBC3-9E94E3752925} - \Microsoft\Windows\Maps\MapsToastTask -> Nenhum Arquivo  hxxps://www.youtube.com/
FF Extension: (AdBlock &mdash; o melhor bloqueador de an&uacute;ncios) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vnf2xj02.default-release\Extensions\[EMAIL]jid1-NIfFY2CA8fy1tg@jetpack.xpi[/EMAIL] [2020-12-09]
FF Extension: (IDM Integration Module) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vnf2xj02.default-release\Extensions\[EMAIL]mozilla_cc3@internetdownloadmanager.com.xpi[/EMAIL] [2020-12-09] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\Firefox\Extensions: [[EMAIL]mozilla_cc3@internetdownloadmanager.com[/EMAIL]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2019-09-19] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\SeaMonkey\Extensions: [[EMAIL]mozilla_cc@internetdownloadmanager.com[/EMAIL]] - C:\Users\User\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\User\AppData\Roaming\IDM\idmmzcc5 [2020-12-08] [] [n&atilde;o assinado]
FF HKU\S-1-5-21-3300897730-1080615157-2638408914-1000\...\SeaMonkey\Extensions: [[EMAIL]mozilla_cc2@internetdownloadmanager.com[/EMAIL]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] []
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_433.dll [2020-12-04] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\dtplugin\npDeployJava1.dll [2020-12-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.271.2 -> C:\Program Files\Java\jre1.8.0_271\bin\plugin2\npjp2.dll [2020-12-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_433.dll [2020-12-04] (Adobe Inc. -> )
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-12-12] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2020-12-12]
CHR DownloadDir: D:\&Aacute;rea de Trabalho
CHR HomePage: Default -> file:///D:/%C3%81rea%20de%20Trabalho/favoritos_01_12_2020.html
CHR NewTab: Default ->  Active:chrome-extension://ejbjamhkdedinncaeiackcdehpccoejm/pages/newtab.html
CHR Extension: (Google Tradutor) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-12-03]
CHR Extension: (HLS Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apomkbibleomoihlhhdbeghnfioffbej [2020-12-03]
CHR Extension: (MEGA) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-12-03]
CHR Extension: (Speed Dial) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbjamhkdedinncaeiackcdehpccoejm [2020-12-03]
CHR Extension: (AdBlock &mdash; o melhor bloqueador de an&uacute;ncios) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-12-03]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-12-10]
CHR Extension: (M&eacute;liuz: Cashback e cupons em suas compras) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2020-12-10]
CHR Extension: (Video Downloader Plus by Skyload) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjbpandnkpoaeaemedhhpaibjkcoblh [2020-12-03]
CHR Extension: (Ghostery &ndash; Bloqueador de an&uacute;ncios para privacidade) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-12-03]
CHR Extension: (MeddleMonkey) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\moihledlmchhofenpacbhphnbnpakgmo [2020-12-03]
CHR Extension: (IDM Integration Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-12-10]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-03]
CHR Extension: (Comparador EscolhaSegura) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbichgopagjidnkeaablhiediibgbmec [2020-12-03]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-03]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-08]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-12-08]