Addition.txt

Document joint : HCukMsvG8y4_Addition.txt

Cliquez pour partager vos propres fichiers

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Pedro Fernandes (20-03-2018 10:32:22)
Running from C:\Users\Pedro Fernandes\Downloads
Windows 10 Home Version 1709 16299.309 (X64) (2017-12-11 11:57:06)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrador (S-1-5-21-797111060-1919522003-2374396770-500 - Administrator - Disabled)
Convidado (S-1-5-21-797111060-1919522003-2374396770-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-797111060-1919522003-2374396770-503 - Limited - Disabled)
Pedro Fernandes (S-1-5-21-797111060-1919522003-2374396770-1001 - Administrator - Enabled) => C:\Users\Pedro Fernandes
WDAGUtilityAccount (S-1-5-21-797111060-1919522003-2374396770-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-797111060-1919522003-2374396770-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.6.5 - ASUSTek Computer Inc)
ASUS HiPost (HKLM-x32\...\{04768366-F421-4BA5-8423-B84F644B5249}) (Version: 1.0.6 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.14.0006 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.103 - ICEpower a/s)
Backup and Sync from Google (HKLM-x32\...\{AC62F3F2-61A2-4357-93EC-C308E3FEDF4E}) (Version: 3.39.8370.7843 - Google, Inc.)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.50.52.1661 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.3 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Estudo de aprimoramento de produto para HP Officejet Pro 8620 (HKLM\...\{C8FB3542-4972-447C-B04E-CD1EA2977A3C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Fotosizer 2.07 (HKLM-x32\...\Fotosizer) (Version: 2.07.0.540 - Fotosizer.com)
Foxit PhantomPDF (HKLM-x32\...\{39263796-F296-43AF-909C-FCF99592BAC4}) (Version: 7.2.52.1209 - Foxit Software Inc.)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.162 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP Officejet Pro 8620 Ajuda (HKLM-x32\...\{484402B7-1338-4CE7-8370-25697EAAB583}) (Version: 32.0.0 - Hewlett Packard)
HP Officejet Pro 8620 Software básico do dispositivo (HKLM\...\{1D097B05-617E-418D-841C-1B615C47F4AA}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{79A98235-D590-4763-8EEC-45A9342BBF39}) (Version: 12.8.47.1 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{694E3E02-E14A-4BB2-A970-CF7F017FD5CC}) (Version: 7.3.0.20 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{7DFAA411-ECA2-482F-AAF4-CFA7B2CD6EEC}) (Version: 12.7.3.46 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kodi (HKU\S-1-5-21-797111060-1919522003-2374396770-1001\...\Kodi) (Version: - XBMC-Foundation)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.8827.2148 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pt-pt (HKLM\...\ProPlusRetail - pt-pt) (Version: 16.0.8827.2148 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-797111060-1919522003-2374396770-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.7.0 - Mozilla)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.0.2.0 - Duodian Technology Co. Ltd.)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0816-1000-0000000FF1CE}) (Version: 16.0.8827.2148 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PDF Sign&Seal (HKLM-x32\...\{96D9F9B2-9DFC-4419-82A2-0FFC166825B0}) (Version: 6.0.0 - )
PDF Sign&Seal Make 6.0 (HKLM\...\PDF Sign&Seal Make_is1) (Version: 6.0 - )
PDF Sign&Seal Office Add-in (HKLM-x32\...\{3CE0E6B6-40B5-4CF0-83AB-5E91370BCBC4}) (Version: 6.0.0 - Ascertia)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
plugin Autenticação.Gov (HKLM-x32\...\{A0C5A53F-B458-4643-8B42-3DA9FAD62B93}) (Version: 2.0.23 - Agência para a Modernização Administrativa)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.6 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
SafeSign (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.73 - A.E.T. Europe B.V.)
SafeSign Drivers and Middleware v17.0 (HKLM-x32\...\{BA332415-39D7-4608-A240-821FA2F1281E}_is1) (Version: - SafeSign)
SCR3xxx Smart Card Reader (HKLM-x32\...\{37C4109C-F80B-4D3A-A8B3-1FA0618BFDBA}) (Version: 8.57 - Identive)
Soda PDF 8 (HKLM-x32\...\Soda8) (Version: 8.0.49.26236 - LULU Software Limited)
Soda PDF 8 View Module (HKLM\...\{1FF44231-2D54-41B5-9DA4-DFE233E02111}) (Version: 8.2.9.31385 - LULU Software) Hidden
SoulseekQt versão 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Stremio (HKU\S-1-5-21-797111060-1919522003-2374396770-1001\...\Stremio) (Version: 4.0.10 - Smart Code Ltd.)
Suporte para Aplicações Apple (32-bits) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Suporte para Aplicações Apple (64-bits) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer)
TomTom HOME (HKLM-x32\...\{30E6FC43-C31F-4968-9A06-AA38E3C3CF73}) (Version: 2.10.1 - Nome da empresa:)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
WhatsApp (HKU\S-1-5-21-797111060-1919522003-2374396770-1001\...\WhatsApp) (Version: 0.2.8361 - WhatsApp)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.1.1.8 - WildTangent)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse (10/21/2015 8.1.0.19) (HKLM\...\E3BC758B9DD4554D7662F1578C31C2ED59C717EE) (Version: 10/21/2015 8.1.0.19 - ASUS)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB (08/05/2015 4.3.12) (HKLM\...\C18B241429805382787678C69EFF83D31C4EE661) (Version: 08/05/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System (08/05/2015 4.3.12) (HKLM\...\243E93321F8442BCE5582748BA0231805DAF4017) (Version: 08/05/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System (08/05/2015 4.3.12) (HKLM\...\B80202A349C64A2D2248FC6E85614BC264E749DF) (Version: 08/05/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-797111060-1919522003-2374396770-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-797111060-1919522003-2374396770-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-797111060-1919522003-2374396770-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-797111060-1919522003-2374396770-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-797111060-1919522003-2374396770-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-797111060-1919522003-2374396770-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-01-29] (Google)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-12-10] (Foxit Software Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers1: [PDFSnSShellExt] -> {27B9AD6E-04D2-49E4-BA9D-D34E7929D06E} => C:\Program Files (x86)\Ascertia\PDF Sign&Seal\PDFManager\PDFsNsExt.dll [2011-02-06] ()
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-01-10] (Apple Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [###MegaContextMenuExt] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-01-29] (Google)
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll [2017-10-18] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-04-27] (Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FEF20AC-EC1D-4FAB-A0CB-06260236E1F1} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-pedrofernandes_1985@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {4AD2C8BA-C370-4519-B32E-67E70AE01962} - System32\Tasks\S-1-5-21-797111060-1919522003-2374396770-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {50923812-593E-4F4E-A198-11832B136072} - System32\Tasks\InstallShield® Update Service Scheduler => C:\Program Files (x86)\Common Files\InstallShield\Update\ISUSPM.exe [2017-01-13] (InstallShield®)
Task: {784D9D03-5DB4-4E97-A23C-1CF86754EA7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {8DEBC6A0-D1F6-43B2-BC49-F84D5FD0030A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {9863A01D-A9ED-4D3D-9DBD-B98086695E77} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {ABB25EB3-128B-4FDB-B292-5D7423A6956D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)
Task: {B35879C3-9D65-4B48-B1F9-C9C4F76336B1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {C66E64D5-B90A-4BD7-9355-EE827D99226A} - System32\Tasks\Optimize Thumbnail Cache Files => wscript.exe //nologo //E:jscript //B C:\ProgramData\InstallShield\Update\isuspm.ini <==== ATTENTION
Task: {DE815C15-2AD8-4609-90F6-A65CAD9DB515} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-20] (HP Inc.)
Task: {E515142D-AE35-47C5-9F71-6C4EFFBD5C8E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18022-0\MpCmdRun.exe [2018-03-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Pedro Fernandes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stremio\Stremio web.lnk -> C:\Users\Pedro Fernandes\AppData\Local\Programs\LNV\Stremio-4\stremio web.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 13:41 - 2017-09-29 13:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-11-30 18:54 - 2017-11-30 18:54 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 00:13 - 2018-01-05 00:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-18 21:51 - 2017-10-18 21:51 - 000598528 _____ () C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\ShellExtX64.dll
2016-08-30 03:15 - 2016-04-27 13:33 - 000396784 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-03-14 15:33 - 2018-02-22 00:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-14 15:33 - 2018-02-22 00:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-16 10:06 - 2018-03-16 10:06 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-03-16 10:06 - 2018-03-16 10:06 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-03-16 10:06 - 2018-03-16 10:06 - 022044160 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-03-16 10:06 - 2018-03-16 10:06 - 002559488 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\skypert.dll
2018-03-16 10:06 - 2018-03-16 10:06 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1809.217.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-01-22 03:15 - 2018-01-22 03:15 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-03-14 11:52 - 2018-03-13 00:39 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.162\libglesv2.dll
2018-03-14 11:52 - 2018-03-13 00:39 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.162\libegl.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-01-05 00:14 - 2018-01-05 00:14 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-11-30 18:55 - 2017-11-30 18:55 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-10 20:51 - 2017-09-10 20:51 - 000798208 _____ () C:\Users\Pedro Fernandes\AppData\Local\MEGAsync\libsodium.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-797111060-1919522003-2374396770-1001\...\millenniumbcp.pt -> hxxps://corp.millenniumbcp.pt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 07:24 - 2015-10-30 07:21 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-797111060-1919522003-2374396770-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pedro Fernandes\Desktop\image_large_2x.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{3666417F-30DA-4C32-B52D-5819F28BBB7B}C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{69103BFD-33BF-4DC2-9B99-057BF3F704E9}C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{947D2A44-03A9-4CDC-B5C7-57F12B3EE30F}C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{C8D5F536-AB25-49E1-9C20-BD5D6DC8FE63}C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8620\bin\hpnetworkcommunicatorcom.exe

==================== Restore Points =========================

05-03-2018 11:04:11 Ponto de Verificação Agendado
09-03-2018 11:05:30 Instalador de Módulos do Windows
14-03-2018 11:39:50 Installed Adobe Photoshop Lightroom 5.7.1 64-bit.
19-03-2018 23:57:25 Operação de Restauro

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/20/2018 10:33:57 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2018-04-12T15:01:57Z. Código de Erro: 0x80070002.

Error: (03/20/2018 10:33:27 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2018-04-12T15:01:27Z. Código de Erro: 0x80070002.

Error: (03/20/2018 10:32:57 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2018-04-12T15:01:57Z. Código de Erro: 0x80070002.

Error: (03/20/2018 10:32:27 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2018-04-12T15:01:27Z. Código de Erro: 0x80070002.

Error: (03/20/2018 10:31:57 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2018-04-12T15:01:57Z. Código de Erro: 0x80070002.

Error: (03/20/2018 10:31:27 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2018-04-12T15:01:27Z. Código de Erro: 0x80070002.

Error: (03/20/2018 10:30:57 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2018-04-12T15:01:57Z. Código de Erro: 0x80070002.

Error: (03/20/2018 10:30:27 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Não foi possível agendar o serviço de Proteção de Software para reiniciar em 2018-04-12T15:01:27Z. Código de Erro: 0x80070002.

System errors:
=============
Error: (03/20/2018 10:10:25 AM) (Source: DCOM) (EventID: 10016) (User: PEDROFERNANDES)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-21-797111060-1919522003-2374396770-1001) de utilizador PEDROFERNANDES\Pedro Fernandes a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (03/20/2018 10:07:14 AM) (Source: DCOM) (EventID: 10016) (User: PEDROFERNANDES)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-21-797111060-1919522003-2374396770-1001) de utilizador PEDROFERNANDES\Pedro Fernandes a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (03/20/2018 01:24:37 AM) (Source: DCOM) (EventID: 10016) (User: PEDROFERNANDES)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-21-797111060-1919522003-2374396770-1001) de utilizador PEDROFERNANDES\Pedro Fernandes a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (03/20/2018 01:23:40 AM) (Source: DCOM) (EventID: 10016) (User: PEDROFERNANDES)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-21-797111060-1919522003-2374396770-1001) de utilizador PEDROFERNANDES\Pedro Fernandes a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (03/20/2018 01:16:18 AM) (Source: DCOM) (EventID: 10016) (User: PEDROFERNANDES)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-21-797111060-1919522003-2374396770-1001) de utilizador PEDROFERNANDES\Pedro Fernandes a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (03/20/2018 01:06:44 AM) (Source: DCOM) (EventID: 10016) (User: PEDROFERNANDES)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-21-797111060-1919522003-2374396770-1001) de utilizador PEDROFERNANDES\Pedro Fernandes a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (03/20/2018 01:04:36 AM) (Source: DCOM) (EventID: 10016) (User: PEDROFERNANDES)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-21-797111060-1919522003-2374396770-1001) de utilizador PEDROFERNANDES\Pedro Fernandes a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (03/20/2018 01:02:26 AM) (Source: DCOM) (EventID: 10016) (User: PEDROFERNANDES)
Description: As definições de permissão de específico/a(s) da aplicação não concedem permissão de Local Ativação para a aplicação de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao SID (S-1-5-21-797111060-1919522003-2374396770-1001) de utilizador PEDROFERNANDES\Pedro Fernandes a partir do endereço LocalHost (Com LRPC) em execução no SID (Indisponível) de contentor aplicacional Indisponível. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Windows Defender:
===================================
Date: 2018-03-16 11:00:27.284
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {2820061E-33AD-4598-8762-5A8FC41CCBA5}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-03-16 10:29:29.129
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {36E2F5EC-20B7-4DD8-8302-FF3469CBF4F9}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-03-16 10:19:07.390
Description:
A análise de Antivírus do Windows Defender foi parada antes de ser concluída.
ID de Análise: {4060A35F-FF1F-4AFD-9579-1C65C248BEFB}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

Date: 2018-03-13 16:53:12.253
Description:
Antivírus do Windows Defender detetou software maligno ou outro software potencialmente indesejável.
Para mais informações, consulte o seguinte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patcher&threatid=2147659947&enterprise=0
Nome: HackTool:Win32/Patcher
ID: 2147659947
Gravidade: Média
Categoria: Ferramenta
Caminho: file:_C:\Users\Pedro Fernandes\Desktop\amtemu.v0.9.2-painter.exe
Início de Deteção: Computador local
Tipo de Deteção: Concreto
Origem de Deteção: Proteção em Tempo Real
Utilizador: PEDROFERNANDES\Pedro Fernandes
Nome do Processo: C:\Windows\System32\svchost.exe
Versão da Assinatura: AV: 1.263.530.0, AS: 1.263.530.0, NIS: 118.5.0.0
Versão do Motor: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-13 16:53:10.194
Description:
Antivírus do Windows Defender detetou software maligno ou outro software potencialmente indesejável.
Para mais informações, consulte o seguinte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Patcher&threatid=2147659947&enterprise=0
Nome: HackTool:Win32/Patcher
ID: 2147659947
Gravidade: Média
Categoria: Ferramenta
Caminho: file:_C:\Users\Pedro Fernandes\Desktop\amtemu.v0.9.2-painter.exe
Início de Deteção: Computador local
Tipo de Deteção: Concreto
Origem de Deteção: Proteção em Tempo Real
Utilizador: PEDROFERNANDES\Pedro Fernandes
Nome do Processo: C:\Windows\System32\svchost.exe
Versão da Assinatura: AV: 1.263.530.0, AS: 1.263.530.0, NIS: 118.5.0.0
Versão do Motor: AM: 1.1.14600.4, NIS: 2.1.14202.0

Date: 2018-03-20 00:42:41.222
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.263.792.0
Origem de Atualização: Servidor Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\SYSTEM
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14600.4
Código de Erro: 0x80240438
Descrição do Erro: Ocorreu um problema inesperado ao procurar atualizações. Para obter informações sobre a instalação ou resolução de problemas de atualizações, consulte a Ajuda e Suporte.

Date: 2018-03-19 23:58:00.178
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.263.792.0
Origem de Atualização: Servidor Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\SYSTEM
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14600.4
Código de Erro: 0x80240438
Descrição do Erro: Ocorreu um problema inesperado ao procurar atualizações. Para obter informações sobre a instalação ou resolução de problemas de atualizações, consulte a Ajuda e Suporte.

Date: 2018-03-19 23:37:38.881
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.263.752.0
Origem de Atualização: Servidor Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\SYSTEM
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14600.4
Código de Erro: 0x80240438
Descrição do Erro: Ocorreu um problema inesperado ao procurar atualizações. Para obter informações sobre a instalação ou resolução de problemas de atualizações, consulte a Ajuda e Suporte.

Date: 2018-03-19 10:35:39.006
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.263.752.0
Origem de Atualização: Servidor Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\SYSTEM
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14600.4
Código de Erro: 0x80240016
Descrição do Erro: Ocorreu um problema inesperado ao procurar atualizações. Para obter informações sobre a instalação ou resolução de problemas de atualizações, consulte a Ajuda e Suporte.

Date: 2018-03-05 09:58:34.567
Description:
Antivírus do Windows Defender encontrou um erro ao tentar atualizar assinaturas.
Nova Versão de Assinatura:
Versão de Assinatura Anterior: 1.263.152.0
Origem de Atualização: Servidor Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completo
Utilizador: NT AUTHORITY\SYSTEM
Versão de Motor Atual:
Versão de Motor Anterior: 1.1.14600.4
Código de Erro: 0x80240016
Descrição do Erro: Ocorreu um problema inesperado ao procurar atualizações. Para obter informações sobre a instalação ou resolução de problemas de atualizações, consulte a Ajuda e Suporte.

CodeIntegrity:
===================================

Date: 2018-03-19 17:46:12.719
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 17:46:12.714
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 17:43:14.398
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 17:43:14.395
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 17:36:25.068
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 17:36:25.061
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 17:35:43.817
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-03-19 17:35:43.811
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N3160 @ 1.60GHz
Percentage of memory in use: 71%
Total physical RAM: 3999.96 MB
Available physical RAM: 1125.04 MB
Total Virtual: 6175.96 MB
Available Virtual: 2913.92 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:465 GB) (Free:325.21 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{4f344258-ad9b-45ff-906f-fe406f7935d8}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
\\?\Volume{8b39ec48-cd8f-404f-b56b-f755772029ba}\ (RECOVERY) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: CF364D45)

Partition: GPT.

==================== End of Addition.txt ============================

Signaler le contenu de ce document