Ir ao conteúdo
  • Cadastre-se
imrion

Possível vírus consumindo CPU + Alguns problemas

Recommended Posts

Bom dia, boa tarde, boa noite...

 

Depois de algumas horas usando o computador ele fica bastante lento e consigo perceber nos processos do gerenciador de tarefas múltiplos serviços abertos com o nome "console window host", poderia dizer que mais de 200 deles.

 

Estou também com problemas no windows defender, consigo abrir mas não consigo ativar/iniciar, "Não é possível iniciar o serviço"

 

Gostaria também de uma orientação para desativar tudo que não tem importância pro sistema, deixar com que a inicialização seja o mais limpa possível.

 

 

ZA-Scan.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

@imrion

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento de torrent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Siga os passos abaixo:

ETAPA 1

Baixe o Malwarebytes Anti-Malware (MBAM) do link abaixo e salve no seu desktop.
https://downloads.malwarebytes.org/file/mbam_current/
 
Clique duas vezes no mbam-setup.exe e siga o solicitado para instalar o programa.

  • Na aba Análise > Analise Personalizada marque a opção Procurar rootkits e as entradas referente a instalação do sistema operacional. Normalmente é o drive C:;
  • Clique em Analisar Agora. Aguarde, pois o scan pode demorar;
  • Ao acabar o scan, se houver itens encontrados, certifique-se que estejam todas marcados e clique no botão Remover Selecionadas ou Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • Caso o mbam não seja executado automaticamente após a reinicialização, execute manualmente;
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Relatórios na janela principal do programa;
  • Clique duas vezes no log (Registro de verificação). Clique no botão Exportar e utilize o formato .txt para exportar o log. Salve na Área de Trabalho.


ATENÇÃO: Abra o arquivo, selecione tudo, copie e cole o conteúdo deste log em sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

ETAPA 2

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.
https://toolslib.net/downloads/viewdownload/1-adwcleaner/
http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em VRIfczU.png

Clique em VERIFICAR. Após o termino clique em LIMPAR e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.
 

ETAPA 3


Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.


Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.nicolascoolman.com/download/zhpcleaner/


Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt
  • Selecione, copie e cole o conteúdo deste log em sua sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde Elias Pereira

Segue os logs dos 3 programas que você pediu pra eu rodar, fiz tudo como você disse

_______________________________________________________________

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 14/03/18
Hora da análise: 19:29
Arquivo de registro: 1f8be310-27d7-11e8-b38e-94de80f1e852.json
Administrador: Sim

-Informação do software-
Versão: 3.4.4.2398
Versão de componentes: 1.0.322
Versão do pacote de definições: 1.0.4360
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 10 (Build 14393.0)
CPU: x64
Sistema de arquivos: NTFS
Usuário: SYS\User

-Resumo da análise-
Tipo de análise: Análise Customizada
Resultado: Concluído
Objetos verificados: 1082139
Ameaças detectadas: 50
Ameaças em quarentena: 50
Tempo decorrido: 14 hr, 42 min, 53 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 1
PUP.Optional.ThreatSupport, C:\USERS\USER\APPDATA\LOCAL\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}, Quarentena, [1876], [343538],1.0.4360

Arquivo: 49
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\ADVISORHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\AXBROWSERS.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\BOOSTSPEED.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKCLEANER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKCLEANERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKDEFRAG.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKDEFRAGHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKDOCTOR.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKDOCTORHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKEXPLORER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKEXPLORERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKSECURITYHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DISKWIPER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\DUPLICATEFILEFINDER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\FILERECOVERY.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\FILERECOVERYHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\FILESHREDDER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\INTERNETOPTIMIZER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\INTERNETOPTIMIZERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\RDBOOT32.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\RDBOOT64.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\REGCLEANER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\REGISTRYCLEANERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\REGISTRYDEFRAG.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\REGISTRYDEFRAGHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\INSTANTOPTIMIZERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\STARTUPMANAGERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\SERVICEMANAGER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\SERVICEMANAGERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\SPYWARECHECKERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\STARTUPMANAGER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\SYSTEMINFORMATION.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\SYSTEMINFORMATIONHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\TASKMANAGER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\TASKMANAGERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\TRACKERASER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\TRACKERASERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\TWEAKMANAGER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\TWEAKMANAGERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\UNINSTALLMANAGER.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\UNINSTALLMANAGERHELPER.DLL, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.AuslogicsBoostSpeed, C:\PROGRAM FILES (X86)\PORTABLE\AUSLOGICS BOOSTSPEED 5.5.0.0\VERSION.EXE, Quarentena, [1615], [464521],1.0.4360
PUP.Optional.ThreatSupport, C:\USERS\USER\APPDATA\LOCAL\{12A8CCFE-3C33-4995-BAD8-074E4C5B22FD}\SCANLOGS.XML, Quarentena, [1876], [343538],1.0.4360
PUP.Optional.Plumbytes, C:\USERS\USER\DOWNLOADS\ANTIMALWARESETUP.EXE, Quarentena, [7656], [123575],1.0.4360
HackTool.Agent, C:\DOWNLOADS\ROBOTSOFT.MOUSE.AND.KEYBOARD.RECORDER.V3.1.9.2.INCL.KEYGEN.AND.PATCH-BRD\PATCH AND KEYGEN\PATCH.EXE, Quarentena, [419], [1570],1.0.4360
Generic.Malware/Suspicious, E:\SAMMIR\ROLA ESSE MC\NEWBLACKDMC-ALL.ZIP, Quarentena, [0], [392686],1.0.4360
Generic.Malware/Suspicious, E:\SAMMIR\ROLA ESSE MC\ROLA ESSE MC.RAR, Quarentena, [0], [392686],1.0.4360
Generic.Malware/Suspicious, C:\WINDOWS\SECOH-QAD.EXE, Quarentena, [0], [392686],1.0.4360
Generic.Malware/Suspicious, C:\USERS\USER\DESKTOP\AREA DE TRABAI\ALL PENDRIVE REMOVED\LEGENDAS36.ZIP, Quarentena, [0], [392686],1.0.4360

Setor físico: 0
(Nenhum item malicioso detectado)


(end)


_______________________

 

# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 15 15:49:12 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Users\User\AppData\Local\YSearchUtil
Deleted: C:\Program Files (x86)\Common Files\Speedbit
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mipony
Deleted: C:\Users\Public\Documents\Guid
Deleted: C:\ProgramData\IObit\ASCDownloader
Deleted: C:\Users\All Users\IObit\ASCDownloader
Deleted: C:\Users\Todos os Usuários\IObit\ASCDownloader
Deleted: C:\Program Files\Plumbytes Software
Deleted: C:\Users\User\AppData\Roaming\Auslogics
Deleted: C:\Users\User\AppData\Local\03DE0294-1453570236-05F1-E806-520700080009


***** [ Files ] *****

Deleted: C:\END
Deleted: C:\Windows\SysNative\drivers\sdfhgdf.sys


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\.DEFAULT\Software\SpeedBit
Deleted: [Key] - HKU\S-1-5-21-80734308-2147152885-176964575-1001\Software\SpeedBit
Deleted: [Key] - HKU\S-1-5-18\Software\SpeedBit
Deleted: [Key] - HKCU\Software\SpeedBit
Deleted: [Key] - HKU\S-1-5-21-80734308-2147152885-176964575-1001\Software\APN PIP
Deleted: [Key] - HKCU\Software\APN PIP
Deleted: [Key] - HKLM\SOFTWARE\PIP
Deleted: [Key] - HKU\S-1-5-21-80734308-2147152885-176964575-1001\Software\Microsoft\Tinstalls
Deleted: [Key] - HKCU\Software\Microsoft\Tinstalls
Deleted: [Key] - HKLM\SOFTWARE\TData
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SpaceSoundPro
Deleted: [Key] - HKLM\SOFTWARE\Conduit
Deleted: [Key] - HKU\S-1-5-21-80734308-2147152885-176964575-1001\Software\DAILYPCCLEAN
Deleted: [Key] - HKCU\Software\DAILYPCCLEAN
Deleted: [Key] - HKU\S-1-5-21-80734308-2147152885-176964575-1001\Software\tstamptoken
Deleted: [Key] - HKCU\Software\tstamptoken
Deleted: [Key] - HKU\S-1-5-21-80734308-2147152885-176964575-1001\Software\Auslogics
Deleted: [Key] - HKCU\Software\Auslogics
Deleted: [Value] - HKU\S-1-5-21-80734308-2147152885-176964575-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|SpeedBitVideoAccelerator


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3501 B] - [2018/3/15 15:41:50]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

____________

 

 

 

~ ZHPCleaner v2018.3.13.50 by Nicolas Coolman (2018/03/13)
~ Run by User (Administrator)  (15/03/2018 13:18:50)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\User\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 14393)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (2)
DELETED: [hefto18c.default] - user_pref("extensions.quick_start.enable_search1", false);  =>PUP.Optional.QuickStart
DELETED: [hefto18c.default] - user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);  =>PUP.Optional.QuickStart


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (2)
DELETED task: [simplitec Power Suite (Tray)] [C:\WINDOWS\Tasks\simplitec Power Suite (Tray).job (Not File) ]  =>.SUP.SimpliClean
DELETED task: [simplitec Power Suite] [C:\WINDOWS\Tasks\simplitec Power Suite.job (Not File) ]  =>.SUP.SimpliClean


---\\  Explorer ( File, Folder) (11)
MOVED file: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\Users\User\AppData\Roaming\unins000.exe [ - Setup/Uninstall]  =>Adware.Pirrit
MOVED file: C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [ - Language Application]  =>Heuristic.Salus
MOVED file: C:\Windows\Tasks\simplitec Power Suite (Tray).job    =>.SUP.SimpliClean
MOVED file: C:\Windows\Tasks\simplitec Power Suite.job    =>.SUP.SimpliClean
MOVED file: C:\Windows\Prefetch\PLUMBYTES.EXE-C08E31C6.pf    =>.SUP.Plumbytes
MOVED file: C:\Users\User\Downloads\Popcorn-Time-0.3.10-Setup.exe [Popcorn Time - Popcorn-Time 0.3.10 Installer]  =>.SUP.PopcornTime
MOVED file: C:\Windows\SECOH-QAD.dll    =>HackTool.KMSpico
MOVED folder*: C:\Program Files (x86)\Fiddler2  =>.SUP.Empty
MOVED folder*: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVED folder*: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico


---\\  Registry ( Key, Value, Data) (5)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b6932cad-7427-4c9b-b298-dc3886e28834}\\NameServer [Bad : 4.2.2.2,4.2.2.4]  =>Hijacker.Browser
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
DELETED value: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\LanguageShortcut [C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe]  =>Heuristic.Salus


---\\  Summary of the elements found (11)
https://nicolascoolman.eu/2017/09/11/adware-isstart/  =>PUP.Optional.QuickStart
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.SimpliClean
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/02/25/adware-pirrit/  =>Adware.Pirrit
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Heuristic.Salus
https://nicolascoolman.eu/2017/09/09/sup-plumbytes/  =>.SUP.Plumbytes
https://nicolascoolman.eu/2017/02/26/superfluous-popcorntime/  =>.SUP.PopcornTime
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Camec


---\\  Other deletions. (22)
~ Registry Keys Tracing deleted (22)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully


---\\ Statistics
~ Items scanned : 2340
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h00mn28s

---\\  Reports (2)
ZHPCleaner--15032018-13_13_16.txt
ZHPCleaner-[R]-15032018-13_19_18.txt
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@imrion

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop).
roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png.
  • Quando a janela da Eula aparecer, clique em Accept.
  • Selecione a aba SCAN
  • Clique em START SCAN
  • Aguarde ate que o scan termine...
  • Clique no botão OPEN REPORT
  • Clique na opção EXPORT TXT e salve na Área de Trabalho com o nome de roguekiller.txt
  • Clique em OK e feche o RogueKiller.


Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log do RogueKiller

____________________________


 

RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : User [Administrador]
Started from : C:\Users\User\Desktop\RogueKiller_portable64.exe
Modo : Escanear -- Data : 03/15/2018 15:39:29 (Duration : 00:51:01)

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 4 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Simplitec -> Encontrado
[Adw.Searcher] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdfhgdf (system32\DRIVERS\sdfhgdf.sys) -> Encontrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{952EAFBA-24B6-494C-9247-00B208378B7F}C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe|Name=aria2c.exe|Desc=aria2c.exe|Defer=User| [x] -> Encontrado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{6F684ED7-73DC-4238-AD82-919AF483B8F8}C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe|Name=aria2c.exe|Desc=aria2c.exe|Defer=User| [x] -> Encontrado

¤¤¤ Tarefas : 2 ¤¤¤
[PUP.HackTool] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Encontrado
[Suspicious.Path] \Rerun Warsaw's CoreFixer -- C:\WINDOWS\TEMP\is-GI8H0.tmp\corefixer.exe (/norerun) -> Encontrado

¤¤¤ Arquivos : 27 ¤¤¤
[PUP.Gen1][Pasta] C:\ProgramData\simplitec -> Encontrado
[Hidden.ADS][Stream] C:\Windows\System32:A0235F30_Cef.gbp -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Encontrado
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Encontrado
[PUP.Gen1][Pasta] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec -> Encontrado
[PUP.Gen1][Pasta] C:\ProgramData\simplitec -> Encontrado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> Encontrado
[PUM.HomePage][Firefox:Config] hefto18c.default : user_pref("browser.startup.homepage", "http://www.tibiame.com/"); -> Encontrado

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000VM002-1CT162 ATA Device +++++
--- User ---
[MBR] 1213d39560527f70853bcde0190ba56f
[BSP] 3a41ca502cbaf46708a8b8e557b34ece : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 299199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 613478400 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD3200AAJS-00L7A0 ATA Device +++++
--- User ---
[MBR] 7c27fbf455beebaca7691e29b70544f2
[BSP] 81a71d88b42395353a2eab5e7c31e5a6 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99897 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 205236 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] O dispositivo não está pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

Compartilhar este post


Link para o post
Compartilhar em outros sites

@imrion

 

Feche todos os programas

  • Execute RogueKiller.exe.
    ** Usuários do Windows Vista, 7, 8/8.1 e windows 10:
    Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em VRIfczU.png
  • Quando a Eula aparecer, clique em Accept.
  • Selecione a aba SCAN e clique em START SCAN
  • Aguarde ate que o scan termine.
  • >>>>>>> Navegue entre as abas e marque todas as entradas encontradas <<<<<<<
  • Clique em REMOVE SELECTED
  • Aguarde ate que o programa termine de deletar as infecções.
  • Clique no botão OPEN REPORT e depois em EXPORT TXT
  • Salve como report.txt na sua Área de Trabalho

Abra o arquivo report.txt salvo no sua Área de Trabalho, copie e cole todo o conteudo na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue o log....

____________

 

 

RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : User [Administrador]
Started from : C:\Users\User\Desktop\RogueKiller_portable64.exe
Modo : Deletar -- Data : 03/16/2018 13:17:04 (Duration : 00:55:43)

¤¤¤ Processos : 0 ¤¤¤

¤¤¤ Registro : 3 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Simplitec -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{952EAFBA-24B6-494C-9247-00B208378B7F}C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe|Name=aria2c.exe|Desc=aria2c.exe|Defer=User| [x] -> Deletado
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{6F684ED7-73DC-4238-AD82-919AF483B8F8}C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe|Name=aria2c.exe|Desc=aria2c.exe|Defer=User| [x] -> Deletado

¤¤¤ Tarefas : 2 ¤¤¤
[PUP.HackTool] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Deletado
[Suspicious.Path] \Rerun Warsaw's CoreFixer -- C:\WINDOWS\TEMP\is-GI8H0.tmp\corefixer.exe (/norerun) -> Deletado

¤¤¤ Arquivos : 1 ¤¤¤
[PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Deletado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 2 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> Deletado
[PUM.HomePage][Firefox:Config] hefto18c.default : user_pref("browser.startup.homepage", "http://www.tibiame.com/"); -> Substituído (about:home)

¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000VM002-1CT162 ATA Device +++++
--- User ---
[MBR] 1213d39560527f70853bcde0190ba56f
[BSP] 3a41ca502cbaf46708a8b8e557b34ece : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 299199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 613478400 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD3200AAJS-00L7A0 ATA Device +++++
--- User ---
[MBR] 7c27fbf455beebaca7691e29b70544f2
[BSP] 81a71d88b42395353a2eab5e7c31e5a6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99897 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 205236 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Multi Flash Reader USB Device +++++
Error reading User MBR! ([15] O dispositivo não está pronto. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

Compartilhar este post


Link para o post
Compartilhar em outros sites

@imrion

 

Pressione as teclas Windows tecla-windows.gif + R e digite: msconfig
 
- Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo
- Clique na guia Inicialização de Programas e clique em Abrir Gerenciador de Tarefas
- Clique com o botão direito em cada entrada da inicialização e clique em Desabilitar/Desativar.

Volte para a tela de Configurações do Sistema e clique em Aplicar e depois em OK.
 
Siga as mensagens ate que seja solicitado a reiniciar.

Após isso me informe se os problemas em relação a malwares ainda persistem.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

Ok elias, vamos deixar o tópico aberto mais uns dias só pra ver se algo de errado acontece

 

Até quinta feira eu deixo o tópico como resolvido se ficar tudo bem

 

 

obrigado por tudo

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

É Elias, o problema persiste, como você pode ver na foto que mandei o sistema carrega mais de 200 "console window host" e fica consumindo muito a cpu e memoria travando bastante o computador

 

além disso o windows defender não inicia quando clico em "iniciar agora", segue também a foto no anexo

 

Aguardo por mais ajuda!

Aprecio sua atenção e espero não estar atrapalhando muito...

clube do hardware.jpg

w defender.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites

@imrion

 

Baixe o programa Process Monitor do link abaixo e salve no seu desktop.
https://download.sysinternals.com/files/ProcessMonitor.zip

  1. Descompacte o ProcessMonitor.zip para uma pasta própria.
  2. Execute o arquivo Procmon.exe

  3. Clique no menu Filter > Filter... Uma tela como a imagem abaixo irá aparecer;

    m2u9HH4.png

  4. No primeiro campo selecione "Process Name", no segundo campo selecione "contains" e no campo de numero 3 você vai adicionar as entradas do CODE abaixo, uma a uma.

    console window host

    OBS: Após inserir cada linha no campo 3, clique em "Add", Apply e Ok.

  5. Clique na aba Options e marque a opção Enable Boot Logging, caso não esteja marcada;

Utlize seu computador pelo tempo que você perceba que já tenha varios processos "console window host". Após isso reinicie seu computador.

Quando seu computador reiniciar por completo, execute novamente o Procmon.exe. Uma mensagem irá aparecer como mostra a imagem abaixo:
vicl7t.png
Clique em Sim e uma tela de salvamento irá surgir. Salve o arquivo de nome Bootlog.pml na pasta ProcessMonitor.

 

Abra esse arquivo, copie e cole o conteúdo na sua próxima resposta.

 

OBS: Caso o arquivo seja muito grande e não possa ser anexado, acesse o link https://pastebin.com/, copie e cole o conteudo em "New paste" e clique no botão "Create new paste". Copie a url gerada e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira
Bom, não consegui abrir esse Bootlog.pml pra ter acesso as informações pra copiar e colar

 

não consegui abrir em txt nem em xml e quando abria no programa não achei nada que tivesse como copiar

 

por favor me ensina a ter acesso a essas informações pra poder postar aqui

 

O LOG ja está prontinho

 

 

Editado por imrion

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

cara, o arquivo ta abrindo pelo notepad de uma maneira bem estranha

 

por exemplo, o começo ta assim

 

________________

PML_         S Y S                           C : \ W I N D O W S                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      5         ¨      8¼    8ù    Èâû    T^þ    ÿÿþÿÿ    
       98                                                                                                                                                                                                                                                                              @¿Þ   ¨      ¢þ                         £¬@<þÁÓ                        Ô€Ã                                         ¦¬@<þÁÓ                        •·      @                                 ­@<þÁÓ    
   9       ~²    øÿÿ°f²    øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ  ã±    øÿÿ   )€  C:\WINDOWS\System32\Drivers\PROCMON24.SYS                   G­@<þÁÓ    
   2       ~²    øÿÿ°f²    øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ  ÉÜøÿÿ  ‚  €  C:\WINDOWS\system32\ntoskrnl.exe                     m­@<þÁÓ    
   +       ~²    øÿÿ°f²    øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ ÐÁÜøÿÿ P €  C:\WINDOWS\system32\hal.dll                   Š­@<þÁÓ    
   ,       ~²    øÿÿ°f²    øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ ³Ûøÿÿ °  €  C:\WINDOWS\system32\kd.dll                     ¤­@<þÁÓ    
   =       ~²    øÿÿ°f²    øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ  ©±    øÿÿ à -€  C:\WINDOWS\system32\mcupdate_GenuineIntel.dll                   ½­@<þÁÓ    
   9       ~²    øÿÿ°f²    øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ  ²±    øÿÿ   )€  C:\WINDOWS\System32\drivers\werkernel.sys                  

___________________________________________

 

 

de qualquer maneira, quando eu tentava postar o conteudo do notepad para o https://pastebin.com/ o pc travava demais e dava erro na pagina do pastebin

 

me perdoe a demora, essa semana tive que viajar, um parente faleceu

 

aguardo orientações

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Execute novamente o Procmon.exe

  1. Clique no menu Filter > filter e configure como mostra a imagem abaixo.
    mGc2D3J.png

  2. No CAMPO 3 escreva/insira: conhost.exe

  3. Clique no botão ADD e OK.

Utilize o sistema ate que vários processos se abram como você mostrou na imagem.

Após isso clique no menu File > Save e deixe como mostra a imagem abaixo.

K1TtqeH.png

Abra o arquivo logfile.csv, copie e cole o conteúdo na sua próxima resposta.

OBS: Caso o arquivo seja muito grande e não possa ser anexado, acesse o link https://pastebin.com/, copie e cole o conteudo em "New paste" e clique no botão "Create new paste". Copie a url gerada e poste em sua próxima resposta.

Editado por Elias Pereira

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

Me perdoe a demora, as vezes esses processos demoram pra aparecer e eu não tenho usado muito o computador...

 

As vezes tentei deixar de madrugada ligado pra ver o que dava mas dava varios erros de memoria e o pc ficava travado, acho que tantos processos eram executados que dava falta de memoria

 

ultimamente tem dado esse aviso dizendo que precisa de mais memoria no pc

 

segue o log

 

 

https://mega.nz/#!LeRTnT7J!WP8JldEsWSX-_4rvx11VUhRrE0bR28htZ1luNsavF-4

Editado por imrion

Compartilhar este post


Link para o post
Compartilhar em outros sites

@imrion

 

Baixe o arquivo TDSSKiller.exe e salve na sua área de trabalho (Desktop).

  1. Execute o arquivo TDSSKiller.exe
  2. Clique em auOe0rs.png marque as opções: Verify file digital signature e Detect TDLFS file system, e clique em OK.
  3. Pressione o botão Start Scan para o utilitário iniciar o escaneamento.
    Ele detecta objetos maliciosos e suspeitos.
    • malicioso (o malware foi identificado)
    • suspeito (o malware não pode ser identificado)
  4. Quando o scan terminar, o utilitário gera uma lista de objetos detectados com a descrição.
    O utilitário seleciona automaticamente uma ação (Cure ou Delete) para objetos mal-intencionados.
    O utilitário solicita que o usuário selecione uma ação para aplicar a objetos suspeitos (Skip, por padrão).
  5. Após clicar em Continue, o utilitário aplica as ações selecionadas e gera o relatorio.
  6. Uma reinicialização poderá ser requerida após a desinfecção.
  7. Por padrão, o utilitário gera o log no disco local C:\ (depende de onde o sistema operacional esta instalado).
    Logs têm nomes como: UtilityName.Version_Date_Time_log.txt.
  8. Por exemplo C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
  9. Anexe este log no seu proximo post!

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

Segue o Log

 

04:42:06.0550 7760  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
04:42:07.0715 7760  ============================================================
04:42:07.0715 7760  Current date / time: 2018/04/04 04:42:07.0715
04:42:07.0715 7760  SystemInfo:
04:42:07.0715 7760  
04:42:07.0731 7760  OS Version: 6.2.9200 ServicePack: 0.0
04:42:07.0731 7760  Product type: Workstation
04:42:07.0731 7760  ComputerName: SYS
04:42:07.0731 7760  UserName: User
04:42:07.0731 7760  Windows directory: C:\WINDOWS
04:42:07.0731 7760  System windows directory: C:\WINDOWS
04:42:07.0731 7760  Running under WOW64
04:42:07.0731 7760  Processor architecture: Intel x64
04:42:07.0731 7760  Number of processors: 4
04:42:07.0731 7760  Page size: 0x1000
04:42:07.0731 7760  Boot type: Normal boot
04:42:07.0731 7760  ============================================================
04:42:07.0872 7760  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:42:07.0872 7760  Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x50C0B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
04:42:08.0788 7760  ============================================================
04:42:08.0788 7760  \Device\Harddisk0\DR0:
04:42:08.0803 7760  MBR partitions:
04:42:08.0803 7760  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
04:42:08.0803 7760  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x2485F800
04:42:08.0803 7760  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x4FD15800
04:42:08.0803 7760  \Device\Harddisk1\DR1:
04:42:08.0803 7760  MBR partitions:
04:42:08.0803 7760  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
04:42:08.0803 7760  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31C800
04:42:08.0803 7760  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
04:42:08.0803 7760  ============================================================
04:42:08.0859 7760  C: <-> \Device\Harddisk0\DR0\Partition2
04:42:08.0960 7760  E: <-> \Device\Harddisk0\DR0\Partition3
04:42:08.0960 7760  F: <-> \Device\Harddisk1\DR1\Partition1
04:42:08.0960 7760  G: <-> \Device\Harddisk1\DR1\Partition2
04:42:08.0960 7760  H: <-> \Device\Harddisk1\DR1\Partition3
04:42:08.0960 7760  ============================================================
04:42:08.0960 7760  Initialize success
04:42:08.0960 7760  ============================================================
04:42:23.0436 8508  ============================================================
04:42:23.0436 8508  Scan started
04:42:23.0436 8508  Mode: Manual; SigCheck; TDLFS; 
04:42:23.0436 8508  ============================================================
04:42:24.0544 8508  ================ Scan system memory ========================
04:42:24.0544 8508  System memory - ok
04:42:24.0544 8508  ================ Scan services =============================
04:42:24.0997 8508  1394ohci - ok
04:42:25.0012 8508  3ware - ok
04:42:25.0075 8508  [ BEE1682DA217A4AD46C36896769AA580 ] 799B2A0D        C:\WINDOWS\system32\drivers\799B2A0D.sys
04:42:25.0122 8508  799B2A0D - ok
04:42:25.0137 8508  ACPI - ok
04:42:25.0137 8508  AcpiDev - ok
04:42:25.0137 8508  acpiex - ok
04:42:25.0137 8508  acpipagr - ok
04:42:25.0169 8508  AcpiPmi - ok
04:42:25.0200 8508  acpitime - ok
04:42:25.0376 8508  [ CA805DA983594B01F3554464B2E5158F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:42:25.0376 8508  AdobeARMservice - ok
04:42:25.0782 8508  [ 2486BBFDAE393D3F212A7AD521F75B7F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:42:25.0844 8508  AdobeFlashPlayerUpdateSvc - ok
04:42:25.0844 8508  ADP80XX - ok
04:42:25.0860 8508  AFD - ok
04:42:25.0860 8508  ahcache - ok
04:42:25.0876 8508  AJRouter - ok
04:42:25.0907 8508  ALG - ok
04:42:25.0907 8508  AmdK8 - ok
04:42:25.0922 8508  AmdPPM - ok
04:42:25.0922 8508  amdsata - ok
04:42:25.0922 8508  amdsbs - ok
04:42:25.0922 8508  amdxata - ok
04:42:25.0954 8508  [ EFD1765905491B742C531FF6C38E9EC7 ] andnetadb       C:\WINDOWS\System32\Drivers\lgandnetadb.sys
04:42:26.0079 8508  andnetadb - ok
04:42:26.0079 8508  AppID - ok
04:42:26.0094 8508  AppIDSvc - ok
04:42:26.0094 8508  Appinfo - ok
04:42:26.0126 8508  applockerfltr - ok
04:42:26.0150 8508  AppMgmt - ok
04:42:26.0188 8508  AppReadiness - ok
04:42:26.0203 8508  AppVClient - ok
04:42:26.0203 8508  AppvStrm - ok
04:42:26.0219 8508  AppvVemgr - ok
04:42:26.0222 8508  AppvVfs - ok
04:42:26.0222 8508  AppXSvc - ok
04:42:26.0222 8508  arcsas - ok
04:42:26.0222 8508  AsyncMac - ok
04:42:26.0222 8508  atapi - ok
04:42:26.0222 8508  AudioEndpointBuilder - ok
04:42:26.0238 8508  Audiosrv - ok
04:42:26.0481 8508  [ 24B91DEBF94F19292C32DB76190036C9 ] AVP18.0.0       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
04:42:26.0497 8508  AVP18.0.0 - ok
04:42:26.0512 8508  AxInstSV - ok
04:42:26.0528 8508  b06bdrv - ok
04:42:26.0528 8508  BasicDisplay - ok
04:42:26.0528 8508  BasicRender - ok
04:42:26.0544 8508  bcmfn - ok
04:42:26.0544 8508  bcmfn2 - ok
04:42:26.0575 8508  BDESVC - ok
04:42:26.0575 8508  Beep - ok
04:42:26.0794 8508  [ B2E699AD20FBA9F8E1CA9DB8E641F940 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
04:42:27.0044 8508  BEService - ok
04:42:27.0059 8508  BFE - ok
04:42:27.0091 8508  BITS - ok
04:42:27.0106 8508  bowser - ok
04:42:27.0106 8508  BrokerInfrastructure - ok
04:42:27.0106 8508  Browser - ok
04:42:27.0216 8508  [ A66BA18451A735BF6F8E4C0B82B98ABE ] BstHdAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Service.exe
04:42:27.0278 8508  BstHdAndroidSvc - ok
04:42:27.0326 8508  [ D7DA6DE19CF4A24F17DDEC16A2971CEC ] BstHdDrv        C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys
04:42:27.0346 8508  BstHdDrv - ok
04:42:27.0377 8508  [ 65E8444FAD22676870471596BF6EA001 ] BstHdLogRotatorSvc C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
04:42:27.0408 8508  BstHdLogRotatorSvc - ok
04:42:27.0439 8508  [ ACCD2A16E25F2B6AE8F359A79CCF76D6 ] BstHdPlusAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
04:42:27.0486 8508  BstHdPlusAndroidSvc - ok
04:42:27.0533 8508  [ 95820BAC50416203BAB1AA3B1D5C6ED5 ] BstkDrv         C:\Program Files (x86)\Bluestacks\BstkDrv.sys
04:42:27.0611 8508  BstkDrv - ok
04:42:27.0611 8508  BthAvrcpTg - ok
04:42:27.0627 8508  BthHFEnum - ok
04:42:27.0627 8508  bthhfhid - ok
04:42:27.0642 8508  BthHFSrv - ok
04:42:27.0642 8508  BTHMODEM - ok
04:42:27.0642 8508  bthserv - ok
04:42:27.0674 8508  buttonconverter - ok
04:42:27.0689 8508  CapImg - ok
04:42:27.0689 8508  cdfs - ok
04:42:27.0705 8508  CDPSvc - ok
04:42:27.0721 8508  CDPUserSvc - ok
04:42:27.0721 8508  cdrom - ok
04:42:27.0721 8508  CertPropSvc - ok
04:42:27.0830 8508  [ F889EEDCD5FF5BDD3A70A26763AA6C08 ] chromoting      C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
04:42:27.0846 8508  chromoting - ok
04:42:27.0846 8508  cht4iscsi - ok
04:42:27.0846 8508  cht4vbd - ok
04:42:27.0861 8508  circlass - ok
04:42:27.0861 8508  CLFS - ok
04:42:27.0861 8508  ClipSVC - ok
04:42:27.0877 8508  clreg - ok
04:42:27.0877 8508  CmBatt - ok
04:42:27.0908 8508  [ F03BD81B9F81EE845D790B55417CD0AA ] cm_km           C:\WINDOWS\system32\DRIVERS\cm_km.sys
04:42:27.0924 8508  cm_km - ok
04:42:27.0939 8508  CNG - ok
04:42:27.0939 8508  cnghwassist - ok
04:42:28.0111 8508  [ 59C65CE281E0288609A59C40B8A01E59 ] COMCdbService   C:\Program Files (x86)\Legendas-3.1\srvcdb.exe
04:42:28.0361 8508  COMCdbService - ok
04:42:28.0584 8508  CompositeBus - ok
04:42:28.0584 8508  COMSysApp - ok
04:42:28.0584 8508  condrv - ok
04:42:28.0631 8508  CoreMessagingRegistrar - ok
04:42:28.0677 8508  CryptSvc - ok
04:42:28.0693 8508  CSC - ok
04:42:28.0709 8508  CscService - ok
04:42:28.0709 8508  dam - ok
04:42:28.0756 8508  DcomLaunch - ok
04:42:28.0771 8508  DcpSvc - ok
04:42:28.0818 8508  defragsvc - ok
04:42:28.0834 8508  DeviceAssociationService - ok
04:42:28.0849 8508  DeviceInstall - ok
04:42:28.0865 8508  DevQueryBroker - ok
04:42:28.0881 8508  Dfsc - ok
04:42:28.0912 8508  [ 30710AEFCE721CEEE0F35EB6A01C263C ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
04:42:28.0927 8508  dg_ssudbus - ok
04:42:28.0943 8508  Dhcp - ok
04:42:29.0006 8508  diagnosticshub.standardcollector.service - ok
04:42:29.0021 8508  DiagTrack - ok
04:42:29.0052 8508  disk - ok
04:42:29.0084 8508  DmEnrollmentSvc - ok
04:42:29.0099 8508  dmvsc - ok
04:42:29.0146 8508  dmwappushservice - ok
04:42:29.0162 8508  Dnscache - ok
04:42:29.0177 8508  dot3svc - ok
04:42:29.0193 8508  DPS - ok
04:42:29.0209 8508  drmkaud - ok
04:42:29.0224 8508  DsmSvc - ok
04:42:29.0240 8508  DsSvc - ok
04:42:29.0256 8508  [ 33F90B202E9DD9B7D489EB59310FDC34 ] dtsoftbus01     C:\WINDOWS\System32\drivers\dtsoftbus01.sys
04:42:29.0271 8508  dtsoftbus01 - ok
04:42:29.0287 8508  DXGKrnl - ok
04:42:29.0287 8508  EapHost - ok
04:42:29.0287 8508  EasyAntiCheat - ok
04:42:29.0375 8508  [ 6E2297B84CA1B8FE28DA732E345165DA ] EasyAntiCheatSys C:\WINDOWS\system32\drivers\EasyAntiCheat.sys
04:42:29.0446 8508  EasyAntiCheatSys - ok
04:42:29.0462 8508  ebdrv - ok
04:42:29.0478 8508  EFS - ok
04:42:29.0493 8508  EhStorClass - ok
04:42:29.0509 8508  EhStorTcgDrv - ok
04:42:29.0509 8508  embeddedmode - ok
04:42:29.0556 8508  EntAppSvc - ok
04:42:29.0571 8508  ErrDev - ok
04:42:29.0603 8508  [ 717C872515922B245A40E0A2F2ED33CE ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
04:42:29.0634 8508  ESProtectionDriver - ok
04:42:29.0665 8508  EventSystem - ok
04:42:29.0665 8508  exfat - ok
04:42:29.0665 8508  fastfat - ok
04:42:29.0696 8508  Fax - ok
04:42:29.0712 8508  fdc - ok
04:42:29.0728 8508  fdPHost - ok
04:42:29.0743 8508  FDResPub - ok
04:42:29.0759 8508  fhsvc - ok
04:42:29.0774 8508  FileCrypt - ok
04:42:29.0790 8508  FileInfo - ok
04:42:29.0806 8508  Filetrace - ok
04:42:29.0806 8508  flpydisk - ok
04:42:29.0806 8508  FltMgr - ok
04:42:29.0821 8508  FontCache - ok
04:42:29.0962 8508  FontCache3.0.0.0 - ok
04:42:29.0978 8508  FrameServer - ok
04:42:29.0993 8508  FsDepends - ok
04:42:29.0993 8508  Fs_Rec - ok
04:42:30.0009 8508  fvevol - ok
04:42:30.0009 8508  gencounter - ok
04:42:30.0024 8508  genericusbfn - ok
04:42:30.0040 8508  GPIOClx0101 - ok
04:42:30.0056 8508  gpsvc - ok
04:42:30.0056 8508  GpuEnergyDrv - ok
04:42:30.0181 8508  [ 750446ED76A5D13E902174DDDDA1A62B ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:42:30.0181 8508  gupdate - ok
04:42:30.0181 8508  [ 750446ED76A5D13E902174DDDDA1A62B ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:42:30.0196 8508  gupdatem - ok
04:42:30.0243 8508  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:42:30.0335 8508  gusvc - ok
04:42:30.0383 8508  [ 37DEC4DF2C85C2EF05A94E57EB4365D6 ] Hamachi         C:\WINDOWS\system32\DRIVERS\Hamdrv.sys
04:42:30.0400 8508  Hamachi - ok
04:42:30.0400 8508  HdAudAddService - ok
04:42:30.0431 8508  HDAudBus - ok
04:42:30.0431 8508  HidBatt - ok
04:42:30.0431 8508  HidBth - ok
04:42:30.0447 8508  hidi2c - ok
04:42:30.0463 8508  hidinterrupt - ok
04:42:30.0463 8508  HidIr - ok
04:42:30.0463 8508  hidserv - ok
04:42:30.0478 8508  HidUsb - ok
04:42:30.0541 8508  [ EA4FA7E8E1183C3F2F8778E234C7D413 ] HiPatchService  E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
04:42:30.0619 8508  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
04:42:30.0619 8508  HiPatchService - detected UnsignedFile.Multi.Generic (1)
04:42:30.0634 8508  HomeGroupListener - ok
04:42:30.0650 8508  HomeGroupProvider - ok
04:42:30.0697 8508  HpSAMD - ok
04:42:30.0697 8508  HTTP - ok
04:42:30.0728 8508  HvHost - ok
04:42:30.0744 8508  hvservice - ok
04:42:30.0744 8508  hwpolicy - ok
04:42:30.0744 8508  hyperkbd - ok
04:42:30.0775 8508  i8042prt - ok
04:42:30.0791 8508  iagpio - ok
04:42:30.0791 8508  iai2c - ok
04:42:30.0791 8508  iaLPSS2i_GPIO2 - ok
04:42:30.0806 8508  iaLPSS2i_I2C - ok
04:42:30.0806 8508  iaLPSSi_GPIO - ok
04:42:30.0806 8508  iaLPSSi_I2C - ok
04:42:30.0838 8508  iaStorAV - ok
04:42:30.0885 8508  iaStorV - ok
04:42:30.0885 8508  ibbus - ok
04:42:30.0978 8508  icssvc - ok
04:42:30.0994 8508  IKEEXT - ok
04:42:30.0994 8508  IndirectKmd - ok
04:42:30.0994 8508  intelide - ok
04:42:31.0010 8508  intelpep - ok
04:42:31.0010 8508  intelppm - ok
04:42:31.0010 8508  iorate - ok
04:42:31.0010 8508  IpFilterDriver - ok
04:42:31.0025 8508  iphlpsvc - ok
04:42:31.0025 8508  IPMIDRV - ok
04:42:31.0025 8508  IPNAT - ok
04:42:31.0025 8508  irda - ok
04:42:31.0041 8508  IRENUM - ok
04:42:31.0041 8508  irmon - ok
04:42:31.0056 8508  isapnp - ok
04:42:31.0103 8508  iScsiPrt - ok
04:42:31.0103 8508  kbdclass - ok
04:42:31.0119 8508  kbdhid - ok
04:42:31.0135 8508  kdnic - ok
04:42:31.0135 8508  KeyIso - ok
04:42:31.0166 8508  [ 025177EB96DDB40DBA3CD003AD54D90B ] kl1             C:\WINDOWS\system32\DRIVERS\kl1.sys
04:42:31.0197 8508  kl1 - ok
04:42:31.0244 8508  [ AD67F0BFD14CA21269A274C3A4BEF497 ] klbackupdisk    C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys
04:42:31.0260 8508  klbackupdisk - ok
04:42:31.0275 8508  [ D69BC00276AA42AB957B4420DD66436A ] klbackupflt     C:\WINDOWS\system32\DRIVERS\klbackupflt.sys
04:42:31.0291 8508  klbackupflt - ok
04:42:31.0322 8508  [ 7DAA9047F50BF5A3F8C147719FC520AF ] kldisk          C:\WINDOWS\system32\DRIVERS\kldisk.sys
04:42:31.0322 8508  kldisk - ok
04:42:31.0339 8508  [ 7AD0CCE09BEBE47E578BDD567AAB4051 ] klelam          C:\WINDOWS\system32\DRIVERS\klelam.sys
04:42:31.0355 8508  klelam - ok
04:42:31.0388 8508  [ 44AAFFCBD506C15ED27BD2FA85BED2FE ] klflt           C:\WINDOWS\system32\DRIVERS\klflt.sys
04:42:31.0403 8508  klflt - ok
04:42:31.0435 8508  [ 2EBE042FF7CC4774D653D762CC02B395 ] KLHK            C:\WINDOWS\System32\drivers\klhk.sys
04:42:31.0466 8508  KLHK - ok
04:42:31.0482 8508  [ F49563A42667D8C4DB59502D69CEABF0 ] KLIF            C:\WINDOWS\system32\DRIVERS\klif.sys
04:42:31.0528 8508  KLIF - ok
04:42:31.0560 8508  [ FE25B1DF1D5546EB45721C1022A3B048 ] KLIM6           C:\WINDOWS\system32\DRIVERS\klim6.sys
04:42:31.0560 8508  KLIM6 - ok
04:42:31.0591 8508  [ BCD71B7987E6A5DCECCDABE4B5C5675C ] klkbdflt        C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
04:42:31.0591 8508  klkbdflt - ok
04:42:31.0622 8508  [ C8DCC1339A3E5548B09F439F28F4DF1D ] klmouflt        C:\WINDOWS\system32\DRIVERS\klmouflt.sys
04:42:31.0622 8508  klmouflt - ok
04:42:31.0638 8508  [ C334FBE82E1ADE139FFCD43517378A4B ] klpd            C:\WINDOWS\system32\DRIVERS\klpd.sys
04:42:31.0654 8508  klpd - ok
04:42:31.0669 8508  [ ED9BCB990982C7D9AD7E98C1406B1D6D ] klpnpflt        C:\WINDOWS\system32\DRIVERS\klpnpflt.sys
04:42:31.0685 8508  klpnpflt - ok
04:42:31.0700 8508  [ 828B042A95F055648DA190DF6C7AB1B6 ] kltap           C:\WINDOWS\System32\drivers\kltap.sys
04:42:31.0716 8508  kltap - ok
04:42:31.0747 8508  [ 5DF80B8ED56F8865D0AD904F3199F08D ] klupd_klif_arkmon C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
04:42:31.0747 8508  klupd_klif_arkmon - ok
04:42:31.0810 8508  [ 34D207C9300529BE5E29267922483778 ] klupd_klif_kimul C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
04:42:31.0810 8508  klupd_klif_kimul - ok
04:42:31.0841 8508  [ 0EA41015CD1B41AFCCC896A916E8617A ] klupd_klif_klark C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
04:42:31.0872 8508  klupd_klif_klark - ok
04:42:31.0888 8508  [ DA3C0A419D56B332FADF15546EF5FC04 ] klupd_klif_klbg C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
04:42:31.0888 8508  klupd_klif_klbg - ok
04:42:31.0919 8508  [ F31EC261ECC09DB51EE6EDC03A415140 ] klupd_klif_mark C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
04:42:31.0919 8508  klupd_klif_mark - ok
04:42:32.0076 8508  [ 33C55B05B758AAD633F6C882063D79E9 ] klvssbridge64_18.0.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe
04:42:32.0154 8508  klvssbridge64_18.0.0 - ok
04:42:32.0154 8508  [ 6577A7495694DF82DFC80BB146AA296D ] klwfp           C:\WINDOWS\system32\DRIVERS\klwfp.sys
04:42:32.0216 8508  klwfp - ok
04:42:32.0247 8508  [ 53FA5196D5C10C52F064F6DD1B99689F ] Klwtp           C:\WINDOWS\system32\DRIVERS\klwtp.sys
04:42:32.0247 8508  Klwtp - ok
04:42:32.0263 8508  [ C2E155A456E0E18953A41546C8769E63 ] kneps           C:\WINDOWS\system32\DRIVERS\kneps.sys
04:42:32.0310 8508  kneps - ok
04:42:32.0455 8508  [ 4DCE20849E789DC24A867E7D7B15CE5B ] KSDE2.0.0       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
04:42:32.0517 8508  KSDE2.0.0 - ok
04:42:32.0548 8508  KSecDD - ok
04:42:32.0564 8508  KSecPkg - ok
04:42:32.0564 8508  ksthunk - ok
04:42:32.0595 8508  KtmRm - ok
04:42:32.0595 8508  LanmanServer - ok
04:42:32.0611 8508  LanmanWorkstation - ok
04:42:32.0626 8508  [ A208CED7ED63D3FD685786D61A6992CB ] legendasdrv     C:\WINDOWS\system32\drivers\legendasdrv.sys
04:42:32.0642 8508  legendasdrv - ok
04:42:32.0658 8508  lfsvc - ok
04:42:32.0673 8508  LicenseManager - ok
04:42:32.0673 8508  lltdio - ok
04:42:32.0689 8508  lltdsvc - ok
04:42:32.0705 8508  lmhosts - ok
04:42:32.0736 8508  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\WINDOWS\system32\DRIVERS\lmimirr.sys
04:42:32.0736 8508  lmimirr - ok
04:42:32.0751 8508  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
04:42:32.0767 8508  LMIRfsDriver - ok
04:42:32.0783 8508  LSI_SAS - ok
04:42:32.0798 8508  LSI_SAS2i - ok
04:42:32.0798 8508  LSI_SAS3i - ok
04:42:32.0798 8508  LSI_SSS - ok
04:42:32.0814 8508  LSM - ok
04:42:32.0845 8508  luafv - ok
04:42:32.0861 8508  MapsBroker - ok
04:42:32.0892 8508  [ 0FB88EE543AEA761734B244609417E61 ] MBAMChameleon   C:\WINDOWS\System32\Drivers\MbamChameleon.sys
04:42:32.0908 8508  MBAMChameleon - ok
04:42:32.0955 8508  [ 9B77E5124A6D7F89EB9A1B7616EA1553 ] MBAMFarflt      C:\WINDOWS\system32\DRIVERS\farflt.sys
04:42:33.0033 8508  MBAMFarflt - ok
04:42:33.0048 8508  [ 7A7F39E150E13BD8D26554E0DD652AE9 ] MBAMProtection  C:\WINDOWS\system32\DRIVERS\mbam.sys
04:42:33.0064 8508  MBAMProtection - ok
04:42:33.0236 8508  [ A44B6F7B5F5BF9A73BF84D78876671EE ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
04:42:33.0583 8508  MBAMService - ok
04:42:33.0630 8508  [ 4FA981BBE3DF0D3D91213793303F9C37 ] MBAMSwissArmy   C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
04:42:33.0692 8508  MBAMSwissArmy - ok
04:42:33.0708 8508  [ DC884BB3A92A737E247C1D56C86711EB ] MBAMWebProtection C:\WINDOWS\system32\DRIVERS\mwac.sys
04:42:33.0755 8508  MBAMWebProtection - ok
04:42:33.0770 8508  megasas - ok
04:42:33.0770 8508  megasr - ok
04:42:33.0802 8508  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
04:42:33.0833 8508  MEIx64 - ok
04:42:33.0880 8508  [ 573F228F046D12EBF33EF85C87DDE074 ] memudrv         C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys
04:42:33.0895 8508  memudrv - ok
04:42:33.0911 8508  MessagingService - ok
04:42:33.0927 8508  mlx4_bus - ok
04:42:33.0958 8508  MMCSS - ok
04:42:33.0958 8508  Modem - ok
04:42:33.0958 8508  monitor - ok
04:42:33.0958 8508  mouclass - ok
04:42:33.0974 8508  mouhid - ok
04:42:33.0974 8508  mountmgr - ok
04:42:34.0005 8508  [ 5FD8FEB002DCA919BA18F51C267BFFEB ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:42:34.0036 8508  MozillaMaintenance - ok
04:42:34.0052 8508  mpsdrv - ok
04:42:34.0067 8508  MpsSvc - ok
04:42:34.0067 8508  MRxDAV - ok
04:42:34.0067 8508  mrxsmb - ok
04:42:34.0067 8508  mrxsmb10 - ok
04:42:34.0067 8508  mrxsmb20 - ok
04:42:34.0083 8508  MsBridge - ok
04:42:34.0083 8508  MSDTC - ok
04:42:34.0099 8508  Msfs - ok
04:42:34.0114 8508  msgpiowin32 - ok
04:42:34.0130 8508  mshidkmdf - ok
04:42:34.0130 8508  mshidumdf - ok
04:42:34.0145 8508  msisadrv - ok
04:42:34.0145 8508  MSiSCSI - ok
04:42:34.0161 8508  msiserver - ok
04:42:34.0161 8508  MSKSSRV - ok
04:42:34.0161 8508  MsLldp - ok
04:42:34.0161 8508  MSPCLOCK - ok
04:42:34.0161 8508  MSPQM - ok
04:42:34.0177 8508  MsRPC - ok
04:42:34.0192 8508  MsSecFlt - ok
04:42:34.0192 8508  mssmbios - ok
04:42:34.0192 8508  MSTEE - ok
04:42:34.0208 8508  MTConfig - ok
04:42:34.0208 8508  Mup - ok
04:42:34.0208 8508  mvumis - ok
04:42:34.0208 8508  NativeWifiP - ok
04:42:34.0286 8508  [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService       C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
04:42:34.0412 8508  NBService - ok
04:42:34.0428 8508  NcaSvc - ok
04:42:34.0443 8508  NcbService - ok
04:42:34.0443 8508  NcdAutoSetup - ok
04:42:34.0443 8508  ndfltr - ok
04:42:34.0459 8508  NDIS - ok
04:42:34.0459 8508  NdisCap - ok
04:42:34.0459 8508  NdisImPlatform - ok
04:42:34.0459 8508  NdisTapi - ok
04:42:34.0459 8508  Ndisuio - ok
04:42:34.0506 8508  NdisVirtualBus - ok
04:42:34.0522 8508  NdisWan - ok
04:42:34.0522 8508  ndiswanlegacy - ok
04:42:34.0522 8508  ndproxy - ok
04:42:34.0537 8508  Ndu - ok
04:42:34.0537 8508  NetAdapterCx - ok
04:42:34.0553 8508  NetBIOS - ok
04:42:34.0553 8508  NetBT - ok
04:42:34.0553 8508  Netlogon - ok
04:42:34.0553 8508  Netman - ok
04:42:34.0553 8508  netprofm - ok
04:42:34.0600 8508  NetSetupSvc - ok
04:42:34.0943 8508  NetTcpPortSharing - ok
04:42:34.0975 8508  NgcCtnrSvc - ok
04:42:34.0975 8508  NgcSvc - ok
04:42:34.0975 8508  NlaSvc - ok
04:42:35.0100 8508  [ E584D6668E6A3923FF32E026A5ED2A03 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
04:42:35.0147 8508  NMIndexingService - ok
04:42:35.0147 8508  Npfs - ok
04:42:35.0147 8508  npggsvc - ok
04:42:35.0162 8508  npsvctrig - ok
04:42:35.0178 8508  nsi - ok
04:42:35.0178 8508  nsiproxy - ok
04:42:35.0178 8508  NTFS - ok
04:42:35.0194 8508  Null - ok
04:42:35.0225 8508  [ BF58D8D2DA50AF7A8E55567B7C73661A ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
04:42:35.0256 8508  NVHDA - ok
04:42:36.0103 8508  [ B7CDB3C5EEB48C892D94759D99B19D09 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys
04:42:36.0623 8508  nvlddmkm - ok
04:42:36.0639 8508  nvraid - ok
04:42:36.0654 8508  nvstor - ok
04:42:36.0733 8508  [ 33486D139DB345A3D3245C4B57FDADC7 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
04:42:36.0764 8508  NvStreamKms - ok
04:42:36.0905 8508  [ 64473C7916BAF33FE73F1A44C559E672 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
04:42:36.0951 8508  NvTelemetryContainer - ok
04:42:36.0983 8508  [ 036A8C30C662397A2D882D9AFF99089F ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
04:42:36.0983 8508  nvvad_WaveExtensible - ok
04:42:36.0998 8508  [ 6F34CDC03E80AB53383527072833A731 ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
04:42:37.0014 8508  nvvhci - ok
04:42:37.0030 8508  OneSyncSvc - ok
04:42:37.0147 8508  [ 6573D86AF82EE9D10C466D0CF23BB72D ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
04:42:37.0267 8508  Origin Client Service - ok
04:42:37.0391 8508  [ 031E8E20DFA1E379727ACE4C8B580FF1 ] Origin Web Helper Service C:\Program Files (x86)\Origin\OriginWebHelperService.exe
04:42:37.0553 8508  Origin Web Helper Service - ok
04:42:37.0600 8508  [ B9C125314A025127FE562C116D614AA3 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:42:37.0631 8508  ose64 - ok
04:42:37.0756 8508  [ 46EDE171D5A8CC1A4ACFCF7A5B81C1C1 ] OverwolfUpdater C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
04:42:37.0818 8508  OverwolfUpdater - ok
04:42:37.0850 8508  p2pimsvc - ok
04:42:37.0881 8508  p2psvc - ok
04:42:37.0912 8508  [ 0950875BC5F7348B263B2A3FC56CBA34 ] PAC7302         C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
04:42:38.0037 8508  PAC7302 - ok
04:42:38.0084 8508  Parport - ok
04:42:38.0100 8508  partmgr - ok
04:42:38.0131 8508  PcaSvc - ok
04:42:38.0147 8508  pci - ok
04:42:38.0162 8508  pciide - ok
04:42:38.0178 8508  pcmcia - ok
04:42:38.0193 8508  pcw - ok
04:42:38.0193 8508  pdc - ok
04:42:38.0225 8508  PEAUTH - ok
04:42:38.0256 8508  PeerDistSvc - ok
04:42:38.0256 8508  percsas2i - ok
04:42:38.0256 8508  percsas3i - ok
04:42:38.0713 8508  PerfHost - ok
04:42:38.0775 8508  PhoneSvc - ok
04:42:38.0791 8508  PimIndexMaintenanceSvc - ok
04:42:38.0807 8508  pla - ok
04:42:38.0822 8508  PlugPlay - ok
04:42:38.0838 8508  PnkBstrA - ok
04:42:38.0853 8508  PNRPAutoReg - ok
04:42:38.0853 8508  PNRPsvc - ok
04:42:38.0885 8508  PolicyAgent - ok
04:42:38.0885 8508  Power - ok
04:42:38.0900 8508  PptpMiniport - ok
04:42:39.0072 8508  [ 7196D3C2E2E3129814C8DAB91F9A7D1E ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
04:42:39.0354 8508  PrintNotify - ok
04:42:39.0372 8508  Processor - ok
04:42:39.0411 8508  ProfSvc - ok
04:42:39.0420 8508  Psched - ok
04:42:39.0420 8508  QWAVE - ok
04:42:39.0420 8508  QWAVEdrv - ok
04:42:39.0420 8508  RasAcd - ok
04:42:39.0451 8508  RasAgileVpn - ok
04:42:39.0451 8508  RasAuto - ok
04:42:39.0467 8508  Rasl2tp - ok
04:42:39.0482 8508  RasMan - ok
04:42:39.0482 8508  RasPppoe - ok
04:42:39.0498 8508  RasSstp - ok
04:42:39.0498 8508  rdbss - ok
04:42:39.0514 8508  rdpbus - ok
04:42:39.0514 8508  RDPDR - ok
04:42:39.0529 8508  RdpVideoMiniport - ok
04:42:39.0529 8508  rdyboost - ok
04:42:39.0529 8508  ReFSv1 - ok
04:42:39.0545 8508  RemoteAccess - ok
04:42:39.0560 8508  RemoteRegistry - ok
04:42:39.0576 8508  RetailDemo - ok
04:42:39.0732 8508  [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
04:42:39.0826 8508  RichVideo ( UnsignedFile.Multi.Generic ) - warning
04:42:39.0826 8508  RichVideo - detected UnsignedFile.Multi.Generic (1)
04:42:39.0826 8508  RmSvc - ok
04:42:39.0826 8508  RpcEptMapper - ok
04:42:39.0842 8508  RpcLocator - ok
04:42:39.0857 8508  RpcSs - ok
04:42:39.0857 8508  rspndr - ok
04:42:39.0873 8508  rt640x64 - ok
04:42:39.0904 8508  s3cap - ok
04:42:39.0920 8508  SamSs - ok
04:42:39.0920 8508  sbp2port - ok
04:42:39.0920 8508  SCardSvr - ok
04:42:39.0951 8508  ScDeviceEnum - ok
04:42:39.0982 8508  scfilter - ok
04:42:39.0998 8508  Schedule - ok
04:42:39.0998 8508  scmbus - ok
04:42:40.0014 8508  scmdisk0101 - ok
04:42:40.0045 8508  SCPolicySvc - ok
04:42:40.0045 8508  sdbus - ok
04:42:40.0045 8508  SDRSVC - ok
04:42:40.0045 8508  sdstor - ok
04:42:40.0045 8508  seclogon - ok
04:42:40.0061 8508  SENS - ok
04:42:40.0061 8508  Sense - ok
04:42:40.0076 8508  SensorDataService - ok
04:42:40.0107 8508  SensorService - ok
04:42:40.0123 8508  SensrSvc - ok
04:42:40.0123 8508  SerCx - ok
04:42:40.0123 8508  SerCx2 - ok
04:42:40.0123 8508  Serenum - ok
04:42:40.0141 8508  Serial - ok
04:42:40.0144 8508  sermouse - ok
04:42:40.0155 8508  SessionEnv - ok
04:42:40.0158 8508  sfloppy - ok
04:42:40.0173 8508  SharedAccess - ok
04:42:40.0205 8508  ShellHWDetection - ok
04:42:40.0236 8508  shpamsvc - ok
04:42:40.0236 8508  SiSRaid2 - ok
04:42:40.0252 8508  SiSRaid4 - ok
04:42:40.0366 8508  [ B72B80E6FF423C5011E745CB76DA9A08 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
04:42:40.0471 8508  SkypeUpdate - ok
04:42:40.0503 8508  smphost - ok
04:42:40.0518 8508  SmsRouter - ok
04:42:40.0518 8508  SNMPTRAP - ok
04:42:40.0518 8508  spaceport - ok
04:42:40.0534 8508  SpbCx - ok
04:42:40.0549 8508  Spooler - ok
04:42:40.0549 8508  sppsvc - ok
04:42:40.0565 8508  srv - ok
04:42:40.0565 8508  srv2 - ok
04:42:40.0581 8508  srvnet - ok
04:42:40.0596 8508  SSDPSRV - ok
04:42:40.0628 8508  SstpSvc - ok
04:42:40.0674 8508  [ 91310683D7B6B292B746D60734B59322 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
04:42:40.0721 8508  ssudmdm - ok
04:42:40.0768 8508  [ F7093A27C4AF6D9EEA0ACAC1C4FF6828 ] ssudserd        C:\WINDOWS\system32\DRIVERS\ssudserd.sys
04:42:40.0800 8508  ssudserd - ok
04:42:41.0018 8508  [ 9DA3B55B17B54789AFB8C657D4ACE4D7 ] ss_conn_service C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
04:42:41.0159 8508  ss_conn_service - ok
04:42:41.0175 8508  StateRepository - ok
04:42:41.0315 8508  [ F71CA689063E1A15A44268A6B42E3164 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
04:42:41.0490 8508  Steam Client Service - ok
04:42:41.0506 8508  stexstor - ok
04:42:41.0521 8508  stisvc - ok
04:42:41.0521 8508  storahci - ok
04:42:41.0521 8508  storflt - ok
04:42:41.0521 8508  stornvme - ok
04:42:41.0521 8508  storqosflt - ok
04:42:41.0537 8508  StorSvc - ok
04:42:41.0537 8508  storufs - ok
04:42:41.0537 8508  storvsc - ok
04:42:41.0553 8508  svsvc - ok
04:42:41.0553 8508  swenum - ok
04:42:41.0568 8508  swprv - ok
04:42:41.0646 8508  SWUpdateService - ok
04:42:41.0678 8508  Synth3dVsc - ok
04:42:41.0693 8508  SysMain - ok
04:42:41.0709 8508  SystemEventsBroker - ok
04:42:41.0725 8508  TabletInputService - ok
04:42:41.0771 8508  [ 3C32FF010F869BC184DF71290477384E ] tap0901         C:\WINDOWS\system32\DRIVERS\tap0901.sys
04:42:41.0803 8508  tap0901 - ok
04:42:41.0834 8508  [ E790E904BB06081F5A3DAFE87F20D06B ] taphss6         C:\WINDOWS\system32\DRIVERS\taphss6.sys
04:42:41.0850 8508  taphss6 - ok
04:42:41.0850 8508  TapiSrv - ok
04:42:41.0881 8508  [ 3C32FF010F869BC184DF71290477384E ] tapwp01         C:\WINDOWS\system32\DRIVERS\tapwp01.sys
04:42:41.0912 8508  tapwp01 - ok
04:42:41.0912 8508  Tcpip - ok
04:42:41.0912 8508  Tcpip6 - ok
04:42:41.0928 8508  tcpipreg - ok
04:42:41.0928 8508  tdx - ok
04:42:42.0506 8508  [ F6881DC71A5D8DCA1E3DF4302E31AA25 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
04:42:43.0350 8508  TeamViewer - ok
04:42:43.0383 8508  terminpt - ok
04:42:43.0431 8508  TermService - ok
04:42:43.0478 8508  Themes - ok
04:42:43.0556 8508  TieringEngineService - ok
04:42:43.0603 8508  tiledatamodelsvc - ok
04:42:43.0634 8508  TimeBrokerSvc - ok
04:42:43.0650 8508  TPM - ok
04:42:43.0666 8508  TrkWks - ok
04:42:43.0713 8508  TrustedInstaller - ok
04:42:43.0728 8508  tsusbflt - ok
04:42:43.0728 8508  TsUsbGD - ok
04:42:43.0744 8508  tsusbhub - ok
04:42:43.0775 8508  tzautoupdate - ok
04:42:43.0775 8508  UASPStor - ok
04:42:43.0775 8508  UcmCx0101 - ok
04:42:43.0791 8508  UcmTcpciCx0101 - ok
04:42:43.0806 8508  UcmUcsi - ok
04:42:43.0822 8508  Ucx01000 - ok
04:42:43.0822 8508  UdeCx - ok
04:42:43.0822 8508  udfs - ok
04:42:43.0838 8508  UEFI - ok
04:42:43.0838 8508  UevAgentDriver - ok
04:42:43.0853 8508  UevAgentService - ok
04:42:43.0853 8508  Ufx01000 - ok
04:42:43.0853 8508  UfxChipidea - ok
04:42:43.0869 8508  ufxsynopsys - ok
04:42:43.0884 8508  UI0Detect - ok
04:42:43.0900 8508  umbus - ok
04:42:43.0900 8508  UmPass - ok
04:42:43.0916 8508  UmRdpService - ok
04:42:43.0916 8508  UnistoreSvc - ok
04:42:43.0916 8508  upnphost - ok
04:42:43.0931 8508  UrsChipidea - ok
04:42:43.0931 8508  UrsCx01000 - ok
04:42:43.0931 8508  UrsSynopsys - ok
04:42:43.0947 8508  usbaudio - ok
04:42:43.0947 8508  usbccgp - ok
04:42:43.0963 8508  usbcir - ok
04:42:43.0978 8508  usbehci - ok
04:42:43.0978 8508  usbhub - ok
04:42:43.0978 8508  USBHUB3 - ok
04:42:43.0994 8508  usbohci - ok
04:42:44.0009 8508  usbprint - ok
04:42:44.0025 8508  usbser - ok
04:42:44.0025 8508  USBSTOR - ok
04:42:44.0025 8508  usbuhci - ok
04:42:44.0025 8508  USBXHCI - ok
04:42:44.0041 8508  UserDataSvc - ok
04:42:44.0056 8508  UserManager - ok
04:42:44.0072 8508  UsoSvc - ok
04:42:44.0088 8508  VaultSvc - ok
04:42:44.0150 8508  [ 839927AE745E5FEEFF2FEDB1C360808A ] VBoxDrv         C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
04:42:44.0181 8508  VBoxDrv - ok
04:42:44.0228 8508  [ AF7181C136C761FFF1D4BDEAC89ADFDB ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys
04:42:44.0244 8508  VBoxNetAdp - ok
04:42:44.0275 8508  [ FFBED9472385DD8F18191EE8AAC08AEB ] VBoxNetLwf      C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys
04:42:44.0291 8508  VBoxNetLwf - ok
04:42:44.0322 8508  [ 069B27AD07538B20C584668F0D4D644A ] VBoxUSB         C:\WINDOWS\System32\Drivers\VBoxUSB.sys
04:42:44.0383 8508  VBoxUSB - ok
04:42:44.0424 8508  [ F6D0F57B75479C1DA04A54AB6CCD07C8 ] VBoxUSBMon      C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
04:42:44.0447 8508  VBoxUSBMon - ok
04:42:44.0447 8508  vdrvroot - ok
04:42:44.0447 8508  vds - ok
04:42:44.0478 8508  VerifierExt - ok
04:42:44.0509 8508  vhdmp - ok
04:42:44.0509 8508  vhf - ok
04:42:44.0541 8508  vmbus - ok
04:42:44.0541 8508  VMBusHID - ok
04:42:44.0572 8508  [ 503BA53C6F246570FBC69D454410C6B2 ] vmcam325av      C:\WINDOWS\System32\Drivers\Vm323av64.sys
04:42:44.0666 8508  vmcam325av - ok
04:42:44.0666 8508  vmgid - ok
04:42:44.0681 8508  vmicguestinterface - ok
04:42:44.0681 8508  vmicheartbeat - ok
04:42:44.0681 8508  vmickvpexchange - ok
04:42:44.0681 8508  vmicrdv - ok
04:42:44.0697 8508  vmicshutdown - ok
04:42:44.0697 8508  vmictimesync - ok
04:42:44.0697 8508  vmicvmsession - ok
04:42:44.0697 8508  vmicvss - ok
04:42:44.0712 8508  volmgr - ok
04:42:44.0728 8508  volmgrx - ok
04:42:44.0728 8508  volsnap - ok
04:42:44.0744 8508  volume - ok
04:42:44.0744 8508  vpci - ok
04:42:44.0744 8508  vsmraid - ok
04:42:44.0744 8508  VSS - ok
04:42:44.0759 8508  VSTXRAID - ok
04:42:44.0775 8508  [ F3C1754C74167C1CAE6F7B5E946C117E ] vvftav323       C:\WINDOWS\system32\drivers\vvftav323.sys
04:42:44.0822 8508  vvftav323 - ok
04:42:44.0822 8508  vwifibus - ok
04:42:44.0837 8508  vwififlt - ok
04:42:44.0837 8508  W32Time - ok
04:42:44.0853 8508  WacomPen - ok
04:42:44.0869 8508  WalletService - ok
04:42:44.0869 8508  wanarp - ok
04:42:44.0884 8508  wanarpv6 - ok
04:42:45.0009 8508  [ DC34F51CED7CC444F27E2B8D837CD0FF ] Warsaw Technology C:\Program Files\Diebold\Warsaw\core.exe
04:42:45.0041 8508  Warsaw Technology - ok
04:42:45.0041 8508  wbengine - ok
04:42:45.0072 8508  WbioSrvc - ok
04:42:45.0072 8508  wcifs - ok
04:42:45.0087 8508  Wcmsvc - ok
04:42:45.0119 8508  wcncsvc - ok
04:42:45.0119 8508  wcnfs - ok
04:42:45.0134 8508  WdBoot - ok
04:42:45.0134 8508  Wdf01000 - ok
04:42:45.0134 8508  WdFilter - ok
04:42:45.0166 8508  WdiServiceHost - ok
04:42:45.0166 8508  WdiSystemHost - ok
04:42:45.0166 8508  wdiwifi - ok
04:42:45.0181 8508  WdNisDrv - ok
04:42:45.0197 8508  WdNisSvc - ok
04:42:45.0212 8508  WebClient - ok
04:42:45.0228 8508  Wecsvc - ok
04:42:45.0259 8508  WEPHOSTSVC - ok
04:42:45.0275 8508  wercplsupport - ok
04:42:45.0291 8508  WerSvc - ok
04:42:45.0291 8508  WFPLWFS - ok
04:42:45.0291 8508  WiaRpc - ok
04:42:45.0306 8508  WIMMount - ok
04:42:45.0306 8508  WinDefend - ok
04:42:45.0322 8508  WindowsTrustedRT - ok
04:42:45.0322 8508  WindowsTrustedRTProxy - ok
04:42:45.0337 8508  WinHttpAutoProxySvc - ok
04:42:45.0353 8508  WinMad - ok
04:42:45.0479 8508  Winmgmt - ok
04:42:45.0494 8508  WinRM - ok
04:42:45.0525 8508  WINUSB - ok
04:42:45.0525 8508  WinVerbs - ok
04:42:45.0541 8508  wisvc - ok
04:42:45.0572 8508  WlanSvc - ok
04:42:45.0588 8508  wlidsvc - ok
04:42:45.0604 8508  WmiAcpi - ok
04:42:45.0604 8508  wmiApSrv - ok
04:42:45.0619 8508  WMPNetworkSvc - ok
04:42:45.0650 8508  [ EDADABA8665AB5C51BF59C4E2566BA7E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
04:42:45.0666 8508  Wof - ok
04:42:45.0713 8508  workfolderssvc - ok
04:42:45.0744 8508  WPDBusEnum - ok
04:42:45.0760 8508  WpdUpFltr - ok
04:42:45.0775 8508  WpnService - ok
04:42:45.0775 8508  WpnUserService - ok
04:42:45.0775 8508  ws2ifsl - ok
04:42:45.0775 8508  wscsvc - ok
04:42:45.0807 8508  [ 02553BF9B625B0C2FC2715B42BBD1C74 ] wsddfac         C:\WINDOWS\system32\drivers\wsddfac.sys
04:42:45.0822 8508  wsddfac - ok
04:42:45.0869 8508  [ 589E3BE121267D476E744471F5AABFFA ] wsddntf         C:\WINDOWS\system32\DRIVERS\wsddntf.sys
04:42:45.0885 8508  wsddntf - ok
04:42:45.0932 8508  [ 7382D22F0B3B1DE91B30B0798547A637 ] wsddpp          C:\WINDOWS\system32\drivers\wsddpp.sys
04:42:45.0932 8508  wsddpp - ok
04:42:45.0947 8508  [ FE176D71EB5E7D650EA6CD74E1893553 ] wsddprm         C:\WINDOWS\system32\drivers\wsddprm.sys
04:42:45.0963 8508  wsddprm - ok
04:42:45.0963 8508  WSearch - ok
04:42:46.0057 8508  [ 4F6D2228C95CEAB8D4C0213CB4003589 ] WTFast.Service  C:\Program Files (x86)\WTFast\service\WTFast.Service.exe
04:42:46.0150 8508  WTFast.Service ( UnsignedFile.Multi.Generic ) - warning
04:42:46.0150 8508  WTFast.Service - detected UnsignedFile.Multi.Generic (1)
04:42:46.0166 8508  [ E0FF31286CC742BDD49DDC8EC2C2DDD2 ] WtfEngineDrv    C:\WINDOWS\system32WtfEngineDrv.sys
04:42:46.0182 8508  WtfEngineDrv - ok
04:42:46.0182 8508  wuauserv - ok
04:42:46.0182 8508  WudfPf - ok
04:42:46.0182 8508  WUDFRd - ok
04:42:46.0182 8508  wudfsvc - ok
04:42:46.0197 8508  WUDFWpdFs - ok
04:42:46.0197 8508  WUDFWpdMtp - ok
04:42:46.0213 8508  WwanSvc - ok
04:42:46.0213 8508  XblAuthManager - ok
04:42:46.0229 8508  XblGameSave - ok
04:42:46.0229 8508  xboxgip - ok
04:42:46.0260 8508  XboxNetApiSvc - ok
04:42:46.0307 8508  [ 36DCBA7D4A1D5DE63066D17CA623D5FB ] xhunter1        C:\WINDOWS\xhunter1.sys
04:42:46.0354 8508  xhunter1 - ok
04:42:46.0354 8508  xinputhid - ok
04:42:46.0354 8508  ================ Scan global ===============================
04:42:46.0479 8508  [Global] - ok
04:42:46.0479 8508  ================ Scan MBR ==================================
04:42:46.0479 8508  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:42:46.0932 8508  \Device\Harddisk0\DR0 - ok
04:42:46.0932 8508  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
04:42:47.0026 8508  \Device\Harddisk1\DR1 - ok
04:42:47.0026 8508  ================ Scan VBR ==================================
04:42:47.0042 8508  [ 9BCAC50C63A9771B084DC4EBBBACAEF7 ] \Device\Harddisk0\DR0\Partition1
04:42:47.0042 8508  \Device\Harddisk0\DR0\Partition1 - ok
04:42:47.0057 8508  [ E2591B299B3B4BD6DAA1CA51FB760796 ] \Device\Harddisk0\DR0\Partition2
04:42:47.0073 8508  \Device\Harddisk0\DR0\Partition2 - ok
04:42:47.0089 8508  [ DC6060FB01DDBDDA032F3EA42CA006B8 ] \Device\Harddisk0\DR0\Partition3
04:42:47.0104 8508  \Device\Harddisk0\DR0\Partition3 - ok
04:42:47.0104 8508  [ 2E3010F38B4F3EE8E35DDD7FA0247D01 ] \Device\Harddisk1\DR1\Partition1
04:42:47.0104 8508  \Device\Harddisk1\DR1\Partition1 - ok
04:42:47.0104 8508  [ FFF1CC22C2D01FAE0E35E3427AD63BA0 ] \Device\Harddisk1\DR1\Partition2
04:42:47.0104 8508  \Device\Harddisk1\DR1\Partition2 - ok
04:42:47.0104 8508  [ A3981E5C30FCB48C52C8CF61783837AB ] \Device\Harddisk1\DR1\Partition3
04:42:47.0104 8508  \Device\Harddisk1\DR1\Partition3 - ok
04:42:47.0104 8508  ============================================================
04:42:47.0104 8508  Scan finished
04:42:47.0104 8508  ============================================================
04:42:47.0104 8500  Detected object count: 3
04:42:47.0104 8500  Actual detected object count: 3
04:44:59.0423 8500  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
04:44:59.0423 8500  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
04:44:59.0423 8500  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
04:44:59.0423 8500  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
04:44:59.0424 8500  WTFast.Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:44:59.0424 8500  WTFast.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@imrion

 

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em VRIfczU.png .
Aceite o contrato e depois clique no botão Scan/Examinar.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

FRST.txt 

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14.03.2018
Executado por User (administrador) em SYS (05-04-2018 02:47:31)
Executando a partir de C:\Users\User\Desktop
Perfis Carregados: User (Perfis Disponíveis: User)
Platform: Windows 10 Pro Versão 1607 (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Chrome)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
(Google) C:\Users\User\AppData\Local\Google\Chrome\User Data\SwReporter\27.148.201\software_reporter_tool.exe
(Google) C:\Users\User\AppData\Local\Google\Chrome\User Data\SwReporter\27.148.201\software_reporter_tool.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registro (Whitelisted) ===========================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1519312 2017-06-25] (Highresolution Enterprises)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [986648 2016-09-21] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3048256 2017-08-29] (Electronic Arts)
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-21] (BlueStack Systems, Inc.)
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1208648 2018-04-02] ()
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [f.lux] => C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\wtfast.exe [6903928 2018-02-21] (AAA Internet Publishing Inc.)
GroupPolicy: Restrição <==== ATENÇÃO
GroupPolicy\User: Restrição <==== ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{b6932cad-7427-4c9b-b298-dc3886e28834}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-80734308-2147152885-176964575-1001 -> {24E91212-E735-4C44-99DF-1818DCD47A92} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-13] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-13] (Oracle Corporation)
Toolbar: HKLM - Sem Nome - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  Nenhum Arquivo
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hefto18c.default [2018-04-04]
FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-03-16]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: (GBBD Caixa Economica Federal) - C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-01-16] [Legacy] [não assinado]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-80734308-2147152885-176964575-1001: @Legend Of Glory -> C:\Program Files (x86)\Legend Of Glory\plugin\npLegendOfGlory1.dll [Nenhum Arquivo]
FF Plugin HKU\S-1-5-21-80734308-2147152885-176964575-1001: gastecnologia.com.br/sf/cef -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2015-01-16] (GAS Tecnologia)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-04-05]

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1453581122&z=a611cc38dec24b7e7594a91g6z2w8cewfb7gfgfo0o&from=amt&uid=st1000vm002-1ct162_s1g0q9zrxxxxs1g0q9zr
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-04-05]
CHR Extension: (Apresentações) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-16]
CHR Extension: (Documentos) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-16]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-16]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Video Downloader professional) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-03-16]
CHR Extension: (Google Apps Script) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoieeedlomnegifmaghhjnghhmcldobl [2015-11-25]
CHR Extension: (Planilhas) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-16]
CHR Extension: (Área de trabalho remota do Google Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-07]
CHR Extension: (Documentos Google off-line) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-16]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-10]
CHR Extension: (YouTube Center) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajdnnooakmbbclhphfffkpafehdmgk [2016-01-05]
CHR Extension: (Morpheon Dark) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-03-16]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-03-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Baixar videos com FVD Video Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-10-10]
CHR Extension: (PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2018-03-28]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-28]
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-20] ()
S4 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-21] (BlueStack Systems, Inc.)
S4 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-21] (BlueStack Systems, Inc.)
S4 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-21] (BlueStack Systems, Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe [71000 2018-03-06] (Google Inc.)
S4 COMCdbService; C:\Program Files (x86)\Legendas-3.1\srvcdb.exe [1860784 2015-12-18] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-09-21] (EasyAntiCheat Ltd)
S4 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [Arquivo não assinado]
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-03-16] (AO Kaspersky Lab)
S4 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168672 2017-08-29] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148128 2017-08-29] (Electronic Arts)
S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1453384 2018-04-02] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-04] ()
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [Arquivo não assinado]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3022896 2013-09-26] (Samsung Electronics CO., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-12-14] (GAS Tecnologia LTDA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 WTFast.Service; C:\Program Files (x86)\WTFast\service\WTFast.Service.exe [102912 2018-02-21] () [Arquivo não assinado]
S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R0 799B2A0D; C:\WINDOWS\System32\drivers\799B2A0D.sys [478392 2018-03-21] (Kaspersky Lab ZAO)
S3 andnetadb; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-21] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-13] (Bluestack System Inc. )
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-10-04] (Disc Soft Ltd)
S3 EasyAntiCheatSys; C:\WINDOWS\system32\drivers\EasyAntiCheat.sys [830704 2018-03-07] (EasyAntiCheat Oy)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [120008 2018-03-16] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2018-03-16] (AO Kaspersky Lab)
R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [594144 2018-03-16] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055944 2018-03-16] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-03-16] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-03-16] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-03-17] (AO Kaspersky Lab)
S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [252600 2018-03-16] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107656 2018-03-16] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [174664 2018-03-16] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-03-16] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [135904 2017-12-25] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
R1 legendasdrv; C:\WINDOWS\System32\drivers\legendasdrv.sys [59120 2015-12-04] (Windows (R) Win 7 DDK provider)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-15] (Malwarebytes)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-15] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-15] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-15] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-15] (Malwarebytes)
R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-23] (NVIDIA Corporation)
S3 PAC7302; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [93960 2018-04-02] (Sysinternals - www.sysinternals.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42064 2016-06-15] (Anchorfree Inc.)
S3 tapwp01; C:\WINDOWS\system32\DRIVERS\tapwp01.sys [40664 2014-12-11] (The OpenVPN Project)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation)
S3 vmcam325av; C:\WINDOWS\System32\Drivers\Vm323av64.sys [164864 2007-04-09] (Vimicro Corporation)
S3 vvftav323; C:\WINDOWS\system32\drivers\vvftav323.sys [301824 2007-03-19] (Vimicro Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2018-04-05] (GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia)
S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia)
R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [43608 2017-12-14] (GAS Tecnologia)
R2 WtfEngineDrv; C:\WINDOWS\system32WtfEngineDrv.sys [40352 2016-12-16] (AAA Internet Publishing, Inc.)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [48656 2018-02-28] (Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-04-05 02:47 - 2018-04-05 02:48 - 000026818 _____ C:\Users\User\Desktop\FRST.txt
2018-04-05 02:46 - 2018-04-05 02:47 - 000000000 ____D C:\FRST
2018-04-04 23:30 - 2018-04-04 23:31 - 000000000 ____D C:\Users\User\Desktop\It (2017) [1080p] [YTS.AG]
2018-04-04 17:19 - 2018-04-04 17:19 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2018-04-04 12:55 - 2018-04-04 12:55 - 000532849 _____ C:\Users\User\Downloads\download (1).htm
2018-04-04 04:42 - 2018-04-04 04:50 - 000080472 _____ C:\TDSSKiller.2.8.16.0_04.04.2018_04.42.06_log.txt
2018-04-04 04:40 - 2018-04-04 04:40 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\12966589.sys
2018-04-04 04:39 - 2018-04-04 04:41 - 000007616 _____ C:\TDSSKiller.2.8.16.0_04.04.2018_04.39.59_log.txt
2018-04-04 02:11 - 2018-04-04 02:11 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe
2018-04-02 03:14 - 2018-04-02 12:17 - 000093960 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS
2018-04-02 01:52 - 2018-04-02 01:52 - 001911256 _____ C:\Users\User\Downloads\Saturn.zip
2018-04-01 21:56 - 2018-04-02 12:20 - 000000000 ____D C:\Users\User\Desktop\organizar
2018-04-01 21:28 - 2018-04-01 21:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-01 21:28 - 2018-03-23 20:05 - 000138120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-04-01 21:28 - 2017-12-08 19:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-04-01 21:28 - 2017-12-08 19:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-04-01 21:28 - 2017-12-08 19:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-04-01 21:28 - 2017-12-08 19:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-04-01 21:27 - 2018-04-01 21:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-04-01 21:25 - 2018-03-25 13:15 - 000998424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-04-01 21:25 - 2018-03-25 13:15 - 000950016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-04-01 21:25 - 2018-03-25 13:15 - 000625504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-04-01 21:25 - 2018-03-25 13:15 - 000516024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-04-01 21:25 - 2018-03-25 13:14 - 004318112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-04-01 21:25 - 2018-03-25 13:14 - 003719096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-04-01 21:25 - 2018-03-25 13:14 - 001985112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439135.dll
2018-04-01 21:25 - 2018-03-25 13:14 - 001683712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439135.dll
2018-04-01 21:25 - 2018-03-25 13:14 - 001138720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-04-01 21:25 - 2018-03-25 13:14 - 001065888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-04-01 21:25 - 2018-03-25 13:14 - 000749312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-04-01 21:25 - 2018-03-25 13:14 - 000608344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-04-01 21:25 - 2018-03-25 13:13 - 040278608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-04-01 21:25 - 2018-03-25 13:13 - 035188992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-04-01 21:25 - 2018-03-25 13:10 - 013571520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-04-01 21:25 - 2018-03-25 13:10 - 011132384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-04-01 21:25 - 2018-03-25 13:09 - 019855144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-04-01 21:25 - 2018-03-25 13:09 - 016496776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-04-01 21:25 - 2018-03-25 13:09 - 001346128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-04-01 21:25 - 2018-03-25 13:09 - 001153744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-04-01 21:25 - 2018-03-25 13:09 - 001061352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-04-01 21:25 - 2018-03-25 13:09 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-04-01 21:25 - 2018-03-25 13:09 - 000811808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-04-01 21:25 - 2018-03-25 13:09 - 000650232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-04-01 21:25 - 2018-03-25 13:08 - 012967056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-04-01 21:25 - 2018-03-25 13:08 - 011001504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-04-01 21:25 - 2018-03-25 13:08 - 003939624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-04-01 21:25 - 2018-03-23 22:19 - 000045600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-03-30 01:15 - 2018-03-30 01:15 - 000056396 _____ C:\Users\User\Downloads\radiohead-paranoid-android.gp3
2018-03-29 10:28 - 2018-03-29 10:28 - 005159584 _____ (Husdawg, LLC) C:\Users\User\Downloads\Detection.exe
2018-03-22 14:03 - 2018-03-22 14:03 - 352231948 _____ C:\Users\User\Downloads\Bootlog.pml
2018-03-21 14:38 - 2018-03-21 14:38 - 000478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\799B2A0D.sys
2018-03-21 14:38 - 2018-03-21 14:38 - 000000000 ____D C:\KVRT_Data
2018-03-21 14:25 - 2018-03-21 14:29 - 141909800 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\KVRT.exe
2018-03-21 03:05 - 2018-03-21 03:05 - 000021541 _____ C:\Users\User\Downloads\dexter.s05.e11.hop.a.freighter.(2010).pob.1cd.(5140595).zip
2018-03-20 21:21 - 2018-03-20 21:21 - 001521785 _____ C:\Users\User\Downloads\Ruiva Amorzinho.pdf.pdf
2018-03-20 11:37 - 2018-03-20 11:37 - 000010901 _____ C:\Users\User\Downloads\login.htm
2018-03-20 11:22 - 2018-03-20 11:22 - 017281886 _____ (COMADSOFT ) C:\Users\User\Downloads\medivia-2.3.0-windows-32bits.exe
2018-03-20 05:22 - 2018-03-20 05:33 - 000002362 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-03-18 16:08 - 2018-03-18 16:08 - 006201344 _____ C:\Users\User\Downloads\Aula-13-Punção-venosa1.ppt
2018-03-16 14:21 - 2018-04-03 01:16 - 000000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2018-03-16 14:18 - 2018-03-16 14:18 - 003114288 _____ (BitTorrent Inc.) C:\Users\User\Downloads\uTorrent.exe
2018-03-16 05:17 - 2018-03-17 10:07 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2018-03-16 05:09 - 2018-03-16 05:09 - 000252600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2018-03-16 04:59 - 2018-03-16 04:59 - 000231312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2018-03-16 04:59 - 2018-03-16 04:59 - 000174664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-03-16 04:59 - 2018-03-16 04:59 - 000107656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2018-03-16 04:59 - 2018-03-16 04:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2018-03-16 04:59 - 2018-03-16 04:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free
2018-03-16 04:59 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2018-03-16 04:58 - 2018-04-05 02:45 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab
2018-03-16 04:58 - 2018-04-05 02:45 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-03-16 04:58 - 2018-03-16 05:16 - 001055944 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2018-03-16 04:58 - 2018-03-16 04:59 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2018-03-16 04:58 - 2018-03-16 04:58 - 000594144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2018-03-16 04:58 - 2018-03-16 04:58 - 000207576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2018-03-16 04:58 - 2018-03-16 04:58 - 000149304 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2018-03-16 04:19 - 2018-03-16 04:21 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab Setup Files
2018-03-16 04:19 - 2018-03-16 04:21 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2018-03-16 04:19 - 2018-03-16 04:19 - 002377776 _____ (Kaspersky Lab) C:\Users\User\Downloads\kfa18.0.0.405abpt_13157.exe
2018-03-15 15:39 - 2018-03-16 13:17 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-15 15:38 - 2018-03-15 17:09 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller
2018-03-15 15:38 - 2018-03-15 17:09 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-15 12:55 - 2018-03-15 13:19 - 000000000 ____D C:\Users\User\AppData\Roaming\ZHP
2018-03-15 12:55 - 2018-03-15 12:55 - 000000000 ____D C:\Users\User\AppData\Local\ZHP
2018-03-15 12:50 - 2018-03-15 12:52 - 000000000 ____D C:\Users\TEMP.SYS
2018-03-15 12:50 - 2018-03-15 12:50 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-15 12:50 - 2018-03-15 12:50 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-03-15 12:50 - 2018-03-15 12:50 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-03-15 12:50 - 2018-03-15 12:50 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-03-15 12:50 - 2018-03-15 12:50 - 000045960 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-03-15 12:39 - 2018-03-15 12:49 - 000000000 ____D C:\AdwCleaner
2018-03-14 13:31 - 2018-03-14 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-14 13:31 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-03-14 13:30 - 2018-03-14 13:30 - 069445584 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4326.exe
2018-03-13 18:48 - 2018-03-13 18:48 - 000060724 _____ C:\Users\User\Downloads\cartao-de-visita.dotx
2018-03-13 15:50 - 2018-03-13 15:50 - 000026578 _____ C:\ZA-Scan.txt
2018-03-13 15:46 - 2018-03-13 15:46 - 001374720 _____ C:\Users\User\Downloads\ZA-Scan.exe
2018-03-13 15:46 - 2018-03-13 15:46 - 000000000 ____D C:\zoek_backup
2018-03-13 03:52 - 2018-03-13 03:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CipSoft GmbH
2018-03-13 03:43 - 2018-03-13 03:44 - 001861696 _____ (Oracle Corporation) C:\Users\User\Downloads\JavaSetup8u161.exe
2018-03-13 02:50 - 2018-03-13 02:50 - 000000000 ____D C:\Users\Todos os Usuários\EA Games
2018-03-13 02:50 - 2018-03-13 02:50 - 000000000 ____D C:\ProgramData\EA Games
2018-03-13 01:54 - 2018-03-13 01:54 - 005660059 _____ (Swearware) C:\Users\User\Downloads\combofix-17-5-4-1.exe
2018-03-13 01:20 - 2018-03-13 01:20 - 000000000 ____D C:\Users\User\Documents\EA Games
2018-03-13 01:19 - 2018-03-13 04:40 - 000000000 ____D C:\Users\Todos os Usuários\Media Center Programs
2018-03-13 01:19 - 2018-03-13 04:40 - 000000000 ____D C:\ProgramData\Media Center Programs
2018-03-13 01:19 - 2018-03-13 01:19 - 000000000 ___HD C:\WINDOWS\PIF
2018-03-13 01:17 - 2018-03-13 01:19 - 018886071 _____ C:\Users\User\Downloads\UOEnhancedSetup_4_0_10_1.exe
2018-03-13 00:20 - 2018-03-13 00:20 - 000284591 _____ C:\Users\User\Downloads\Gears.of.War.4-CODEX.torrent
2018-03-10 18:09 - 2018-03-10 18:09 - 000102170 _____ C:\Users\User\Downloads\download.htm
2018-03-10 14:28 - 2018-03-10 14:28 - 000003387 _____ C:\Users\User\Downloads\thom-yorke-cymbal_rush_intro.gp3
2018-03-08 12:17 - 2018-03-08 12:17 - 000131459 _____ C:\Users\User\Downloads\stay_classy_sldt.zip
2018-03-07 21:54 - 2018-03-07 21:54 - 000023275 _____ C:\Users\User\Downloads\DRAGON.BALL.FighterZ-FULL.UNLOCKED.torrent
2018-03-06 00:00 - 2018-03-06 00:00 - 000000000 ____D C:\Program Files\Malwarebytes

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2018-04-05 02:45 - 2014-11-16 23:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-04-05 02:44 - 2017-08-08 15:53 - 000028376 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2018-04-05 02:44 - 2016-10-04 10:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-05 02:42 - 2016-07-16 03:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-04-05 02:29 - 2014-10-19 11:44 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc
2018-04-05 02:17 - 2016-10-06 13:05 - 000000000 ____D C:\Users\User\.MemuHyperv
2018-04-05 02:00 - 2014-10-14 02:18 - 000000000 ____D C:\Users\User\AppData\Local\Adobe
2018-04-05 01:53 - 2016-10-04 10:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-04 21:40 - 2016-10-11 21:39 - 000000000 ____D C:\Program Files (x86)\Overwolf
2018-04-04 20:36 - 2014-11-14 15:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Audacity
2018-04-04 17:12 - 2016-10-04 12:10 - 000005210 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sys-User Sys
2018-04-04 16:13 - 2016-10-04 11:00 - 001864654 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-04 16:13 - 2016-07-16 20:10 - 000508246 _____ C:\WINDOWS\system32\prfh0416.dat
2018-04-04 16:13 - 2016-07-16 20:10 - 000185150 _____ C:\WINDOWS\system32\prfc0416.dat
2018-04-04 12:25 - 2014-10-03 18:32 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA
2018-04-04 12:25 - 2014-10-03 18:32 - 000000000 ____D C:\ProgramData\NVIDIA
2018-04-04 04:41 - 2016-10-05 12:58 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps
2018-04-04 01:40 - 2017-08-28 13:25 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2018-04-03 01:16 - 2014-10-03 19:46 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2018-04-02 20:44 - 2014-10-04 11:50 - 000000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite
2018-04-02 02:02 - 2016-10-04 12:00 - 000000000 ____D C:\Users\User\AppData\Local\NVIDIA
2018-04-02 00:31 - 2016-09-28 12:35 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio
2018-04-01 21:46 - 2014-10-03 18:31 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-04-01 21:29 - 2016-10-04 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-04-01 21:29 - 2016-07-16 08:45 - 000000000 ____D C:\WINDOWS\INF
2018-04-01 21:28 - 2014-10-03 21:22 - 000000000 ____D C:\Users\User\AppData\Roaming\NVIDIA
2018-04-01 21:28 - 2014-10-03 18:31 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation
2018-04-01 21:28 - 2014-10-03 18:31 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-04-01 21:28 - 2014-10-03 18:31 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-04-01 21:09 - 2017-09-12 00:27 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-01 21:09 - 2017-09-12 00:27 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-01 21:09 - 2016-10-04 12:00 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-01 21:09 - 2016-10-04 12:00 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-01 21:09 - 2016-10-04 12:00 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-01 21:09 - 2016-10-04 12:00 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-01 21:09 - 2016-10-04 12:00 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-01 21:09 - 2016-10-04 12:00 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-04-01 18:27 - 2014-10-03 21:22 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net
2018-04-01 18:05 - 2014-10-03 21:21 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-03-31 11:54 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-03-28 11:42 - 2014-10-03 15:03 - 000000000 ____D C:\Users\User\AppData\Local\Packages
2018-03-25 13:49 - 2014-10-03 15:06 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-25 13:08 - 2015-07-13 20:45 - 004633920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-03-23 22:19 - 2017-09-12 00:27 - 000058816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-03-23 22:19 - 2016-10-04 12:23 - 001682288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-03-23 22:19 - 2016-10-04 12:23 - 000226760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-03-23 22:19 - 2014-08-19 22:14 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb
2018-03-23 20:50 - 2016-10-04 12:00 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-03-23 20:02 - 2016-10-04 12:24 - 000633224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-03-23 20:02 - 2016-10-04 12:24 - 000083072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-03-23 20:02 - 2014-10-03 18:31 - 005952392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-03-23 20:02 - 2014-10-03 18:31 - 002596320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-03-23 20:02 - 2014-10-03 18:31 - 001767824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-03-23 20:02 - 2014-10-03 18:31 - 000451040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-03-23 20:02 - 2014-10-03 18:31 - 000123840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-03-21 08:22 - 2014-10-03 18:31 - 008114212 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-03-20 11:23 - 2016-11-11 13:17 - 000000000 ____D C:\Program Files (x86)\Medivia Online
2018-03-20 11:23 - 2016-05-19 03:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medivia Online
2018-03-20 05:35 - 2017-07-27 12:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-80734308-2147152885-176964575-1001
2018-03-20 05:24 - 2016-10-04 11:22 - 000000000 ___RD C:\Users\User\OneDrive
2018-03-18 20:20 - 2014-10-08 11:31 - 000000000 ____D C:\Users\User\AppData\Local\Warframe
2018-03-18 20:18 - 2014-10-03 15:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype
2018-03-17 10:38 - 2016-10-04 10:57 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-03-17 10:38 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-03-17 10:38 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-03-16 05:16 - 2017-12-25 08:33 - 000120008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys
2018-03-16 05:16 - 2016-12-20 17:51 - 000093888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys
2018-03-16 05:16 - 2016-10-12 12:29 - 000057032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2018-03-16 04:59 - 2015-12-03 11:39 - 000000000 ____D C:\Program Files\Common Files\AV
2018-03-16 04:58 - 2016-07-16 08:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-03-15 12:51 - 2014-10-03 23:16 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-15 12:49 - 2014-10-03 15:28 - 000000000 ____D C:\Users\Todos os Usuários\IObit
2018-03-15 12:49 - 2014-10-03 15:28 - 000000000 ____D C:\ProgramData\IObit
2018-03-15 03:29 - 2017-09-20 23:14 - 000000000 ____D C:\Users\User\AppData\Local\Deployment
2018-03-15 03:29 - 2016-08-16 04:42 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Level Up
2018-03-15 03:25 - 2016-10-29 16:04 - 000000000 ____D C:\download
2018-03-14 13:31 - 2014-11-23 08:11 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2018-03-14 13:31 - 2014-11-23 08:11 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-13 04:40 - 2016-07-16 08:47 - 000000000 ___HD C:\Program Files\WindowsApps
2018-03-13 03:59 - 2015-06-26 18:14 - 000000000 ____D C:\Users\User\AppData\Local\TibiaME
2018-03-13 03:51 - 2014-10-04 04:11 - 000000000 ____D C:\Users\Todos os Usuários\Oracle
2018-03-13 03:51 - 2014-10-04 04:11 - 000000000 ____D C:\ProgramData\Oracle
2018-03-13 03:50 - 2014-11-05 14:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-03-13 03:50 - 2014-11-05 14:45 - 000000000 ____D C:\Program Files (x86)\Java
2018-03-13 03:46 - 2014-11-05 14:45 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-03-13 02:30 - 2014-10-08 19:56 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2018-03-13 01:19 - 2015-02-11 14:07 - 000000000 ____D C:\Games
2018-03-13 00:38 - 2016-10-04 03:42 - 000000000 ____D C:\Users\User\AppData\Local\Tibia
2018-03-12 22:00 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-03-08 13:54 - 2016-10-11 13:29 - 000000000 ____D C:\Users\User\AppData\Roaming\Curse Client
2018-03-07 22:56 - 2017-09-20 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\EasyAntiCheat
2018-03-07 22:56 - 2017-06-02 12:42 - 000830704 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2018-03-06 00:18 - 2017-08-01 22:04 - 000000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2018-03-06 00:18 - 2017-01-23 15:58 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-06 00:18 - 2015-07-17 04:13 - 000000000 ____D C:\Users\User\AppData\Roaming\TeamViewer
2018-03-06 00:08 - 2016-10-04 11:50 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-06 00:00 - 2018-03-05 23:59 - 068206640 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.4210.exe

==================== Arquivos na raiz de alguns diretórios =======

2016-11-07 20:24 - 2016-11-07 20:24 - 000000113 _____ () C:\Users\User\AppData\Roaming\D2Info0
2016-11-07 20:24 - 2016-11-07 20:46 - 000000008 _____ () C:\Users\User\AppData\Roaming\DofusAppId0_1
2016-10-27 19:27 - 2016-10-28 12:09 - 000000097 _____ () C:\Users\User\AppData\Roaming\LauncherSettings_live.cfg
2016-10-28 11:24 - 2016-10-28 11:59 - 000000042 _____ () C:\Users\User\AppData\Roaming\TheHunterSettings_steam_live.cfg
2014-10-19 23:43 - 2014-10-19 23:43 - 000000046 _____ () C:\Users\User\AppData\Roaming\WB.CFG
2016-05-07 22:54 - 2016-05-17 22:59 - 000000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND
2016-09-29 17:54 - 2017-09-21 19:09 - 000007598 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg

Alguns arquivos em TEMP:
====================
2018-03-15 15:39 - 2016-07-16 08:42 - 001883784 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
2010-09-01 13:39 - 2010-09-01 13:39 - 000106496 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\GameuxInstallHelper.dll
2017-09-12 00:45 - 2017-08-21 19:33 - 000873136 _____ (NVIDIA Corporation) C:\Users\User\AppData\Local\Temp\nvSCPAPI64.dll
2018-04-01 21:25 - 2017-08-21 19:33 - 000368760 _____ (NVIDIA Corporation) C:\Users\User\AppData\Local\Temp\nvStInst.exe
2018-04-02 12:17 - 2018-04-02 12:17 - 001186440 ____H (Sysinternals - www.sysinternals.com) C:\Users\User\AppData\Local\Temp\Procmon64.exe
2017-07-05 23:03 - 2018-04-04 16:37 - 000492544 _____ () C:\Users\User\AppData\Local\Temp\s3.exe
2018-03-05 22:37 - 2018-03-05 22:38 - 030131144 _____ (Initex & AAA Internet Publishing                            ) C:\Users\User\AppData\Local\Temp\tmpE79C.exe

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2018-04-04 16:20

==================== Fim de FRST.txt ============================

 

Addition.txt

 

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 14.03.2018
Executado por User (05-04-2018 02:49:42)
Executando a partir de C:\Users\User\Desktop
Windows 10 Pro Versão 1607 (X64) (2016-10-04 14:10:58)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-80734308-2147152885-176964575-500 - Administrator - Disabled)
Convidado (S-1-5-21-80734308-2147152885-176964575-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-80734308-2147152885-176964575-503 - Limited - Disabled)
User (S-1-5-21-80734308-2147152885-176964575-1001 - Administrator - Enabled) => C:\Users\User

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Kaspersky Free (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Free (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.)
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
Atualizações da NVIDIA 31.0.11.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.0.11.0 - NVIDIA Corporation) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.55.6279 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{FBB43A99-0B72-461A-A6D2-2F1B54D36B69}) (Version: 66.0.3359.12 - Google Inc.)
Cuphead (HKLM-x32\...\1963513391_is1) (Version: 20170929 - GOG.com)
Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Device Doctor v3.1 (HKLM-x32\...\Device Doctor_is1) (Version: 3.1 - Device Doctor Software Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Discord (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Discord) (Version: 0.0.300 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
eMessenger 310 (HKLM-x32\...\{6CE28479-63DF-4EE7-92C4-5FF2069CB358}) (Version: 1.0.0.28 - KYE SYSTEMS CORP.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ExitLag (HKLM-x32\...\{31E1803D-6745-43B8-895F-AF9A73F4224E}_is1) (Version: 1.5.1 - SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA)
f.lux (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Flux) (Version:  - )
ffdshow v1.2.4499 [2013-01-04] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4499.0 - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter versão 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Galeria de Fotos (HKLM-x32\...\{9EE1AE8B-4872-41CA-8C9A-C33D899523E0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.11.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.77 - Riot Games, Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.6.3 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\{BCCDE721-9F4D-4396-9592-92DD865D965E}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Legendas 3.5 (HKLM-x32\...\{461C0377-D2EC-4FB0-B038-847BC6455432}_is1) (Version: 3.5 - LegendasBrasil.org)
LoLReplay2 (HKLM-x32\...\{9D5BAC5A-EDBF-4A34-AC2D-139C84B7E050}_is1) (Version: v2.1.1 - Aequus Gaming Ltd.)
Malwarebytes versão 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
MEmu (HKLM-x32\...\MEmu) (Version: 2.8.6.0 - Microvirt)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mouse and Keyboard Recorder 3.1.9.2 (HKLM-x32\...\{3408E5D6-4925-4496-AB67-AB8643C3685C}_is1) (Version:  - Robot-Soft.com, Inc.)
Movie Maker (HKLM-x32\...\{C05F4139-CB6B-4272-A0BF-861FEB667F27}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 58.0.2 (x64 pt-BR) (HKLM\...\Mozilla Firefox 58.0.2 (x64 pt-BR)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MU LEGEND GLOBAL (HKLM-x32\...\{MU2GB92C-VH2O-Z2AQ-N26J-M2VJEWJEUE52}_is1) (Version: 1.0.0.0 - Webzen)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nero 7 Essentials (HKLM-x32\...\{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}) (Version: 7.02.8507 - Nero AG)
NVIDIA Driver de áudio HD 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Driver de gráficos 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.1 - OBS Project)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.112.1.23 - Overwolf Ltd.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Painel de controle da NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
PowerProducer (HKLM-x32\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Recorder (HKLM-x32\...\{73DFE8A3-C2F1-4CF8-8188-6FCB3335F1D0}) (Version: 7.3.20 - KraTronic)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SuperBINA para Windows (HKLM-x32\...\SuperBINA para Windows) (Version:  - )
System Requirements Lab Detection (HKLM-x32\...\{7F1715CF-43CA-4188-B9DF-7D6F24C8B673}) (Version: 2.1.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.5 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
Tibia (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Tibia) (Version:  - CipSoft GmbH)
TibiaME (HKU\.DEFAULT\...\TibiaME) (Version:  - CipSoft GmbH)
TibiaME (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\TibiaME) (Version:  - CipSoft GmbH)
TweakNow DiskAnalyzer (HKLM-x32\...\TweakNow DiskAnalyzer_is1) (Version: 1.3.0 - TweakNow.com)
Twitch (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUSR_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Vimicro USB PC Camera(VC0323) (HKLM-x32\...\{36820BCA-FC55-452E-9085-6E6F1F55508D}) (Version: 1.00.0000 - Vimicro)
VisuAlg 2.0.0.12 (20/09/06) (HKLM-x32\...\VisuAlg_is1) (Version: 2.0 - Apoio Informática Ltda.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
vReveal 3 (HKLM-x32\...\vReveal 3) (Version:  - MotionDSP)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Warsaw 2.3.0.83 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.3.0.83 - GAS Tecnologia)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
wtfast 4.6 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.6.6.1250 - Initex & AAA Internet Publishing)
X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises)
XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version: 2.5.3 - XP Codec Pack team)
Xpadder Power Pack 01.01.2015 (HKLM-x32\...\Xpadder Power Pack 01.01.2015) (Version:  - )

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-80734308-2147152885-176964575-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
CustomCLSID: HKU\S-1-5-21-80734308-2147152885-176964575-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1-x32-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-05-04] (Nero AG)
ContextMenuHandlers1-x32-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-03-16] (AO Kaspersky Lab)
ContextMenuHandlers1-x32-x32: [Legendas230] -> {08940faf-34c4-4e6e-8bd4-18c128696403} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-16] (Alexander Roshal)
ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-09-16] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-03-16] (AO Kaspersky Lab)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-03-16] (AO Kaspersky Lab)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-03-16] (AO Kaspersky Lab)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-16] (Alexander Roshal)
ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-09-16] (Alexander Roshal)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {01ACC2F7-7946-4E23-92F8-5FCE32837BEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {07BC6475-212A-4555-B79B-C807145697D4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {1014CBC2-A652-45B2-A68A-6472FED930F8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {15C8FE1A-2C69-44CC-8EAF-AA633D49FABD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {2717D1EC-494B-4DF1-9CA8-1A04D9AA25A0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Sys-User Sys => C:\Program Files\Microsoft Office\Office15\MsoSync.exe
Task: {2BD8C28F-8DB1-4F03-8936-CECEE5AD783E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {3CF5D85D-1A47-4E0F-A7AC-A303944EC704} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4ABA3D4F-79F0-4981-92FF-C5F9A6FF1075} - System32\Tasks\AdobeAAMUpdater-1.0-Sys-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {4D61223B-931B-4CC3-A2D8-B69B8888F39F} - \WPD\SqmUpload_S-1-5-21-80734308-2147152885-176964575-1001 -> Nenhum Arquivo <==== ATENÇÃO
Task: {531C2D54-B0C5-4C31-9CEA-39D15F1E24AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {5A66DC0E-BEEA-4079-A153-E26F7C240AF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {772F6D21-1A82-4B30-AF4A-375A34A4EEFB} - System32\Tasks\{9F734F1C-C0D7-40FF-93E2-26887791CCAA} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones
Task: {7AC9A07F-C376-4B8C-B423-8FFAD5C5ACC6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {7DF79074-572E-45DD-A043-86A2C5F5FD22} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-17] (Adobe Systems Incorporated)
Task: {84174467-3F21-4797-A62C-E55B0984DB2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {8447482B-8D6C-44B2-A361-689DEE245FF6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {94800729-53A3-491A-98E6-9DB0CF88C8F6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {9EF7221D-4DE0-451E-96D0-8F529170C20B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {A3AE6A5B-34FD-4BB7-A170-DFA576FEDF76} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {C9081567-FB96-4DB6-9E11-6AC4C91570B4} - System32\Tasks\Opera scheduled Autoupdate 1461083591 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {DED08F9A-D2D6-4CF8-A853-3AC83037BE06} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-04-02] (Overwolf LTD)
Task: {DFBD456B-8A2F-4CA5-B50B-8260CF672B4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-17] (Adobe Systems Incorporated)
Task: {E090836F-AA3E-4F0C-B036-29E48E11842D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {E58C358E-26DA-49D2-9D8C-DB4083EB5EA5} - System32\Tasks\{DC21E4A4-F6E7-4A9C-89C2-B2F384A347FD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe" -d C:\Windows\ImmersiveControlPanel
Task: {E9D6D817-6798-417F-9756-A312CE916F08} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)


==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)


Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\XP Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com

ShortcutWithArgument: C:\Users\User\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CipSoft GmbH\TibiaME.lnk -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.tibiame.com/?section=webclient&markup=xhtml "C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\2a04b4b2-3495824a"

==================== Módulos Carregados (Whitelisted) ==============

2016-07-16 08:42 - 2016-07-16 08:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 08:42 - 2016-07-16 08:42 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-03-04 13:06 - 2015-03-04 13:06 - 000076888 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2016-07-16 08:42 - 2016-07-16 08:42 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 08:43 - 2016-07-16 08:43 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 08:43 - 2016-07-16 20:15 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-16 08:43 - 2016-07-16 20:15 - 001400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 08:43 - 2016-07-16 20:15 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-07-16 08:43 - 2016-07-16 20:15 - 001033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-16 08:43 - 2016-07-16 20:15 - 002438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-16 08:43 - 2016-07-16 20:15 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-16 08:43 - 2016-07-16 20:15 - 000114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2018-03-25 13:49 - 2018-03-20 03:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll
2018-03-25 13:49 - 2018-03-20 03:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll
2016-07-16 08:43 - 2016-07-16 20:15 - 000115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2016-07-16 08:43 - 2016-07-16 20:15 - 000522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2018-03-16 04:59 - 2018-03-16 04:59 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll
2016-01-15 11:16 - 2016-01-16 01:01 - 000128552 _____ () C:\Program Files\Microvirt\MEmu\libgcc_s_dw2-1.dll
2016-01-15 11:16 - 2016-01-16 01:01 - 001040608 _____ () C:\Program Files\Microvirt\MEmu\libstdc++-6.dll
2016-09-10 03:25 - 2016-09-10 08:27 - 000191336 _____ () C:\Program Files\Microvirt\MEmu\libmemu.dll
2016-01-15 11:16 - 2016-01-16 01:01 - 002771568 _____ () C:\Program Files\Microvirt\MEmu\icuin53.dll
2016-01-15 11:16 - 2016-01-16 01:01 - 001736912 _____ () C:\Program Files\Microvirt\MEmu\icuuc53.dll
2016-01-15 11:16 - 2016-01-16 01:01 - 021675192 _____ () C:\Program Files\Microvirt\MEmu\icudt53.dll
2016-08-24 06:56 - 2016-08-23 10:17 - 003443680 _____ () C:\Program Files\Microvirt\MEmu\libopencv_core249.dll
2016-08-24 06:56 - 2016-08-23 10:17 - 003098193 _____ () C:\Program Files\Microvirt\MEmu\libopencv_imgproc249.dll
2016-01-15 11:16 - 2015-05-23 05:34 - 000782350 _____ () C:\Program Files\Microvirt\MEmu\libprotobuf-7.dll
2016-01-15 11:16 - 2016-05-12 05:43 - 000429736 _____ () C:\Program Files\Microvirt\MEmu\libOpenglRender.dll
2016-01-15 11:16 - 2016-04-01 05:06 - 000222200 _____ () C:\Program Files\Microvirt\MEmu\libEGL_translator.DLL
2016-01-15 11:16 - 2016-04-01 05:06 - 000312352 _____ () C:\Program Files\Microvirt\MEmu\libGLES_CM_translator.DLL
2016-02-02 09:17 - 2016-04-01 05:06 - 000299968 _____ () C:\Program Files\Microvirt\MEmu\libGLES_V2_translator.DLL
2016-01-15 11:16 - 2016-01-16 01:00 - 000895320 _____ () C:\Program Files\Microvirt\MEmu\adb.exe

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\ProgramData\Temp:890CC2F3 [123]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:890CC2F3 [123]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\799B2A0D.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\799B2A0D.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\caixa.gov.br -> imagem.caixa.gov.br

==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2013-08-22 10:25 - 2018-03-18 12:44 - 000000837 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-80734308-2147152885-176964575-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BstHdAndroidSvc => 3
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdPlusAndroidSvc => 3
MSCONFIG\Services: BstHdUpdaterSvc => 3
MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: COMCdbService => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: hshld => 2
MSCONFIG\Services: HssTrayService => 3
MSCONFIG\Services: KSDE2.0.0 => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NBService => 3
MSCONFIG\Services: NMIndexingService => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NvContainerNetworkService => 3
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: NVIDIA Wireless Controller Service => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: NvTelemetryContainer => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: ose64 => 3
MSCONFIG\Services: OverwolfUpdater => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WTFast.Service => 2
HKLM\...\StartupApproved\StartupFolder: => "LOLRecorder.lnk"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "Diebold - Warsaw"
HKLM\...\StartupApproved\Run: => "PAC7302_Monitor"
HKLM\...\StartupApproved\Run: => "XMouseButtonControl"
HKLM\...\StartupApproved\Run32: => "AvastUI.exe"
HKLM\...\StartupApproved\Run32: => "LGODDFU"
HKLM\...\StartupApproved\Run32: => "LanguageShortcut"
HKLM\...\StartupApproved\Run32: => "RemoteControl"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Arc"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "NvBackend"
HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "rec_en_77"
HKLM\...\StartupApproved\Run32: => "mbot_br_014010216"
HKLM\...\StartupApproved\Run32: => "RaidCall"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\StartupFolder: => "Animated Wallpaper.lnk"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "PUSH Wallpaper"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "MyComGames"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "f.lux"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{9D4811FD-7C62-48AC-822A-FEA8D45541FC}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [UDP Query User{E581E91B-66FC-45E1-803F-00DD75FC96C4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{82F20A5D-6FE6-4A3D-908F-FDC1ACA6AB7A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{26BB88BA-F346-432C-AB20-6F9CF5AC34FE}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C72F26A2-40BB-4858-89C1-85729BDE4C6B}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{F0145D9C-568E-4F31-A1B5-3CF2EBCD8C7C}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6DD7B59C-21AA-4BBC-9F68-6423D70E6DF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{08DC3788-B704-471D-858C-72AD9108EA9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{A8187BC8-9C42-4F7C-AA7F-F1851E9E8418}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B0251F9A-2344-4AC3-8BB6-0C9C634C4619}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{03D56705-AAAC-4973-A38A-7D7A6851777F}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{BD34B0C6-876C-41D0-AA3D-676C2FB4E727}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{29FFBF8A-F985-464C-9005-B46FC34E1650}E:\program files (x86)\steam\steam.exe] => (Allow) E:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{D3963737-973A-402B-8A7A-068B0D300198}E:\program files (x86)\steam\steam.exe] => (Allow) E:\program files (x86)\steam\steam.exe
FirewallRules: [{528C66E4-A752-49A8-B497-D6521A9434FF}] => (Allow) C:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{5F97EEC9-8116-4D5F-B5E7-582B4F2D7551}] => (Allow) C:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{3F6096D0-ED14-44C2-A66F-6C736B81D599}C:\program files (x86)\lolreplay2\lolreplay2.exe] => (Allow) C:\program files (x86)\lolreplay2\lolreplay2.exe
FirewallRules: [UDP Query User{250047F9-5BB4-45EF-860B-BAD9CFDCB15E}C:\program files (x86)\lolreplay2\lolreplay2.exe] => (Allow) C:\program files (x86)\lolreplay2\lolreplay2.exe
FirewallRules: [TCP Query User{5EC8176B-A234-4BA9-AFBF-9AF900084798}C:\program files (x86)\dolbyaxon\axon.exe] => (Allow) C:\program files (x86)\dolbyaxon\axon.exe
FirewallRules: [UDP Query User{02FA2781-E18A-4E8A-8657-4ABA38425494}C:\program files (x86)\dolbyaxon\axon.exe] => (Allow) C:\program files (x86)\dolbyaxon\axon.exe
FirewallRules: [TCP Query User{52B440C2-B173-4A00-A8E6-C07D4E2722F2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{622C2C72-1D75-46CD-A54B-620F00104E76}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{5462BD86-31FB-4E02-B017-7E09A74558FC}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{BD4BB93A-21EB-4A47-94E8-E3C43B17A1ED}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe
FirewallRules: [{65C09887-0E37-4056-A216-0BB036F1B880}] => (Allow) C:\Program Files (x86)\RaidCall.BR\raidcall.exe
FirewallRules: [{DF69BC04-B480-431C-A272-3ED7DC6790DD}] => (Allow) C:\Program Files (x86)\RaidCall.BR\raidcall.exe
FirewallRules: [TCP Query User{BD6EE93F-7987-4F04-8E54-061A03EC95BF}E:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) E:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{6EAB9DDF-0100-43D7-9D0D-DC843B6A5681}E:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) E:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{C4C30B8E-4DC0-43F6-AE99-F9DBF5EF4E1D}C:\program files (x86)\medivia online\medivia_d3d.exe] => (Allow) C:\program files (x86)\medivia online\medivia_d3d.exe
FirewallRules: [UDP Query User{C2C12BCD-0AFD-443F-854C-3A248E4BE549}C:\program files (x86)\medivia online\medivia_d3d.exe] => (Allow) C:\program files (x86)\medivia online\medivia_d3d.exe
FirewallRules: [TCP Query User{C149A688-1AE2-41D3-952D-AAABA66FB0FD}C:\program files (x86)\medivia online\medivia_ogl.exe] => (Allow) C:\program files (x86)\medivia online\medivia_ogl.exe
FirewallRules: [UDP Query User{097B39BF-A9D2-4339-8926-57459A9F7EC9}C:\program files (x86)\medivia online\medivia_ogl.exe] => (Allow) C:\program files (x86)\medivia online\medivia_ogl.exe
FirewallRules: [{32715216-7614-4632-B753-FEE8F16FAB65}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0EDC8C72-7F2B-4FFC-88F7-D7741C6E60C5}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{B5686133-F221-48F5-9175-B1050123BF05}E:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) E:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [UDP Query User{07302E1D-6592-4717-8B42-8E6954967D2D}E:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) E:\program files (x86)\diablo iii\x64\diablo iii64.exe
FirewallRules: [{4DEE09B2-D2A7-4467-B5ED-1FFCC9832A23}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FBA6616B-6018-40AD-B993-CA243F9048DC}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7F043F5B-0D13-42C5-A975-0594E0FBE648}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{99E7D695-8DBA-4F92-9FB9-E77D9D4B9ED2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{8A08789F-947D-4D8E-9582-C94883624C0C}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [{C2C0ACA7-545C-4171-AC1E-10BD4FA5A14C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1540A3EA-E73F-4D28-AD0A-92778D728B79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{75A701E7-14B1-466D-AF01-7AEA8109A700}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe
FirewallRules: [{D1BDDFEE-AB59-45A3-9735-00DCB14C151C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C8B8372A-C793-4B56-8AFB-CC82A3415A66}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F5FED0A3-AD5E-4500-8374-0E61A9FAD495}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{BFB4381F-87B7-4BF2-9A6A-878F75C7649B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2B5A0E0F-4365-4E15-B1B7-753F4EDE7D15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{17BB2B8C-69C8-492A-9761-E8A0B66C951F}] => (Allow) C:\Program Files (x86)\WTFast\wtfast.exe
FirewallRules: [{7613C700-A7BE-4580-A240-F03687412FD7}] => (Allow) C:\Program Files (x86)\WTFast\wtfast.exe
FirewallRules: [TCP Query User{70D0DD51-7018-43CC-A227-A42E7F02E766}E:\games\killer instinct\killerinstinctx64_r.exe] => (Block) E:\games\killer instinct\killerinstinctx64_r.exe
FirewallRules: [UDP Query User{13D4ACF7-BE30-428E-A576-0E6C978D0B09}E:\games\killer instinct\killerinstinctx64_r.exe] => (Block) E:\games\killer instinct\killerinstinctx64_r.exe
FirewallRules: [{466A9F2B-0C98-4EB7-8302-00576573FF31}] => (Allow) C:\Program Files (x86)\WTFast\wtfast.exe
FirewallRules: [{AB0AF04F-B799-428C-A9A7-E64E1B105EBF}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Battlerite\Battlerite.exe
FirewallRules: [{782892BE-F29F-4009-A36B-195E80D8EDB4}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Battlerite\Battlerite.exe
FirewallRules: [{F89B24B1-4FD2-4FFE-8D9B-6F611A65C847}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe
FirewallRules: [{306655EF-79EB-4CD2-8454-6614F14C3F17}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe
FirewallRules: [{8FF371DD-6822-41B8-B8FB-8D2E22D5A9BC}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{E2142DF8-1078-44F9-A83B-F5F47205B32F}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{D344B2C5-BFED-4887-B7BE-D1BB4422AF2B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{B32B8943-1780-4304-84E3-4A8E60547E3E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7707AEC1-0DBB-4B7F-AB08-5E28C6955CF9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{4834D56F-8E38-4535-8643-4AADCA9D68D6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{FD828819-B124-40D6-B8CD-F36CC3B944B1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{ECBF353B-50EE-4C56-9D01-54E07EF9168B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{CD3C1BF2-2C8F-4D6B-9F18-E1E7B28B2D21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A4359603-CC21-40D6-B2B4-379185A63B2A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{9980E61E-8B18-4E9F-8AEE-F0FBF862CC14}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{AEEB6F05-7E12-446B-8BD5-3373AD2C3EE6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F2964E21-A447-4749-91D6-62FEC72AAD93}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{B5FDF006-5434-4057-BFB3-7DAEA6E3E023}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{E9A497F1-2E71-4F07-A403-E0B4FAB7EA2C}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [UDP Query User{472A80BE-5D49-499F-B498-59C1FE51CDEF}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe
FirewallRules: [TCP Query User{B68F601E-0C0C-4DF6-91E4-DF9BAE38F392}E:\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{0079EC31-D11D-4BEA-821A-2C3F8C0E9AAC}E:\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe
FirewallRules: [{3E8661CF-E384-46DA-B414-7A8B14E093D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{250BF09E-B579-43BC-BC3D-7861AF639B25}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{43A432B1-6E8F-4815-83E9-EF80E9BE99AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7CA84C82-F6CE-4EC8-950F-D7B185F07210}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{77BAB579-E1A5-4C61-8640-BFDE0BE0230A}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{A37C556C-F87F-4230-AB0A-D870B36BFADF}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5CA643C9-AC61-4CEF-822F-65743C63BB0F}] => (Allow) C:\Program Files (x86)\WTFast\wtfast.exe
FirewallRules: [TCP Query User{095FC1D8-1156-4A41-9AA3-DC87E666F424}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [UDP Query User{D92A7A1D-60F3-4BC8-B100-974CE7B590EE}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe
FirewallRules: [TCP Query User{D8B498C2-A564-4133-9360-47344D29FF1D}C:\games\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\games\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [UDP Query User{86C745E8-796A-4BBF-B393-37B25C854149}C:\games\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\games\electronic arts\ultima online enhanced\uosa.exe
FirewallRules: [{EE5D33DE-2DDB-4FE7-85DF-5CC727E248E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{AC643F85-EEB3-4858-8415-81097AF145E9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [UDP Query User{617044F4-FB22-4910-BBDD-5521307319A5}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe
FirewallRules: [{C11EBD95-8D3A-4F61-8D53-9410F00CA969}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
FirewallRules: [{CE7A8B28-29EC-44B4-A439-4D289EC348EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{633A3155-1071-46F5-BA61-8EA638C1EC8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{008C4A5D-9D85-4AD2-B509-70013E13E8E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B0FE66FB-7223-4482-ACA9-34E2E98EED29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{131A51C1-0A0A-48EB-BDC2-9F80A379AFF8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe
FirewallRules: [UDP Query User{5459F870-58FE-43E4-A5C5-BB1CEB4852B4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe

==================== Pontos de Restauração =========================

16-03-2018 12:18:41 Ponto de Verificação Agendado
21-03-2018 14:34:00 JRT Pre-Junkware Removal
28-03-2018 14:56:48 Ponto de Verificação Agendado

==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: VirtualBox Host-Only Ethernet Adapter #2
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (04/05/2018 02:47:11 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Erro ao atualizar o status  para SECURITY_PRODUCT_STATE_OFF (erro %3).

Error: (04/05/2018 02:45:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004C003
Argumento de linha de comando:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=49cd895b-53b2-4dc4-a5f7-b18aa019ad37;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (04/05/2018 02:45:22 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Falha na aquisição da Licença de Usuário Final. hr=0xC004C003
Sku Id=49cd895b-53b2-4dc4-a5f7-b18aa019ad37

Error: (04/05/2018 02:45:22 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Detalhes da falha na aquisição de licença. 
hr=0xC004C003

Error: (04/05/2018 02:44:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0x8007139F
Argumento de linha de comando:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=49cd895b-53b2-4dc4-a5f7-b18aa019ad37;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (04/05/2018 02:44:56 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Falha na aquisição da Licença de Usuário Final. hr=0xC004C003
Sku Id=49cd895b-53b2-4dc4-a5f7-b18aa019ad37

Error: (04/05/2018 02:44:56 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: Detalhes da falha na aquisição de licença. 
hr=0xC004C003

Error: (04/05/2018 01:18:25 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0


Erros de Sistema:
=============
Error: (04/05/2018 02:45:19 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (04/04/2018 04:09:38 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (04/04/2018 11:33:28 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (04/04/2018 04:39:09 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (04/04/2018 04:37:54 AM) (Source: DCOM) (EventID: 10010) (User: SYS)
Description: O servidor App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca não se registrou no DCOM dentro do tempo limite necessário.

Error: (04/03/2018 06:24:35 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (04/03/2018 06:22:18 PM) (Source: DCOM) (EventID: 10010) (User: SYS)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.

Error: (04/03/2018 11:41:15 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.


Windows Defender:
===================================
Date: 2017-11-30 23:27:59.731
Description: 
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {0161DD25-5781-4F30-8AFB-446E3BE93568}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-11-30 14:07:27.471
Description: 
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {DFDB650E-6AB7-4DB1-8BF6-30D6618C1568}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-11-29 12:49:32.202
Description: 
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {48F28DC8-9C4B-41CD-8107-FF50362817E5}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-11-29 11:44:52.070
Description: 
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {634876CF-EC95-481B-B2A6-190F097DAEA0}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-11-28 12:25:24.498
Description: 
O exame do Windows Defender foi interrompido antes da conclusão.
ID do Exame: {3F069BCE-0E93-4966-8730-A1491C114195}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2017-11-30 13:32:27.617
Description: 
O Windows Defender encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura: 
Versão da Assinatura Anterior: 1.257.1139.0
Origem da Atualização: Servidor do Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão do Mecanismo Atual: 
Versão do Mecanismo Anterior: 1.1.14306.0
Código de erro: 0x80070422
Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. 

Date: 2017-11-29 11:37:35.762
Description: 
O Windows Defender encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura: 
Versão da Assinatura Anterior: 1.257.1037.0
Origem da Atualização: Servidor do Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão do Mecanismo Atual: 
Versão do Mecanismo Anterior: 1.1.14306.0
Código de erro: 0x80070422
Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. 

Date: 2017-11-27 11:34:16.334
Description: 
O Windows Defender encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura: 
Versão da Assinatura Anterior: 1.257.959.0
Origem da Atualização: Servidor do Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão do Mecanismo Atual: 
Versão do Mecanismo Anterior: 1.1.14306.0
Código de erro: 0x80070422
Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. 

Date: 2017-11-25 11:21:04.026
Description: 
O Windows Defender encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura: 
Versão da Assinatura Anterior: 1.257.930.0
Origem da Atualização: Servidor do Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão do Mecanismo Atual: 
Versão do Mecanismo Anterior: 1.1.14306.0
Código de erro: 0x80070422
Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. 

Date: 2017-11-24 10:15:19.514
Description: 
O Windows Defender encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura: 
Versão da Assinatura Anterior: 1.257.835.0
Origem da Atualização: Servidor do Microsoft Update
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão do Mecanismo Atual: 
Versão do Mecanismo Anterior: 1.1.14306.0
Código de erro: 0x80070422
Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. 

CodeIntegrity:
===================================

Date: 2018-04-04 22:42:25.270
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-04 22:31:17.640
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-04 19:41:26.484
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-04 19:24:14.297
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-04 12:03:58.463
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-04 03:58:29.561
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-04 00:57:29.760
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-04-02 22:09:45.092
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

==================== Informações da Memória =========================== 

Processador: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentagem de memória em uso: 34%
RAM física total: 7659.95 MB
RAM física disponível: 5021.64 MB
Virtual Total: 14571.95 MB
Virtual disponível: 11583.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.19 GB) (Free:97.16 GB) NTFS
Drive e: () (Fixed) (Total:638.54 GB) (Free:284.12 GB) NTFS
Drive f: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive g: () (Fixed) (Total:97.56 GB) (Free:84.99 GB) NTFS
Drive h: () (Fixed) (Total:200.43 GB) (Free:27.8 GB) NTFS
Drive k: () (Removable) (Total:7.31 GB) (Free:4.1 GB) FAT32

\\?\Volume{e96b257a-4b26-11e4-824b-806e6f6e6963}\ (Reservado pelo Sistema) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
\\?\Volume{0db6540b-0000-0000-0000-e02149000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0DB6540B)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 50455045)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=0F Extended)

========================================================
Disk: 2 (Protective MBR) (Size: 7.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Fim de Addition.txt ============================

Compartilhar este post


Link para o post
Compartilhar em outros sites

@imrion

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
GroupPolicy: Restrição <==== ATENÇÃO
GroupPolicy\User: Restrição <==== ATENÇÃO
FF Plugin HKU\S-1-5-21-80734308-2147152885-176964575-1001: @Legend Of Glory -> C:\Program Files (x86)\Legend Of Glory\plugin\npLegendOfGlory1.dll [Nenhum Arquivo]
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1453581122&z=a611cc38dec24b7e7594a91g6z2w8cewfb7gfgfo0o&from=amt&uid=st1000vm002-1ct162_s1g0q9zrxxxxs1g0q9zr
Task: {01ACC2F7-7946-4E23-92F8-5FCE32837BEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {07BC6475-212A-4555-B79B-C807145697D4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {1014CBC2-A652-45B2-A68A-6472FED930F8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {15C8FE1A-2C69-44CC-8EAF-AA633D49FABD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {2717D1EC-494B-4DF1-9CA8-1A04D9AA25A0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Sys-User Sys => C:\Program Files\Microsoft Office\Office15\MsoSync.exe
Task: {2BD8C28F-8DB1-4F03-8936-CECEE5AD783E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {3CF5D85D-1A47-4E0F-A7AC-A303944EC704} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4ABA3D4F-79F0-4981-92FF-C5F9A6FF1075} - System32\Tasks\AdobeAAMUpdater-1.0-Sys-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {4D61223B-931B-4CC3-A2D8-B69B8888F39F} - \WPD\SqmUpload_S-1-5-21-80734308-2147152885-176964575-1001 -> Nenhum Arquivo <==== ATENÇÃO
Task: {531C2D54-B0C5-4C31-9CEA-39D15F1E24AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {5A66DC0E-BEEA-4079-A153-E26F7C240AF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {772F6D21-1A82-4B30-AF4A-375A34A4EEFB} - System32\Tasks\{9F734F1C-C0D7-40FF-93E2-26887791CCAA} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones
Task: {7AC9A07F-C376-4B8C-B423-8FFAD5C5ACC6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {7DF79074-572E-45DD-A043-86A2C5F5FD22} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-17] (Adobe Systems Incorporated)
Task: {84174467-3F21-4797-A62C-E55B0984DB2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {8447482B-8D6C-44B2-A361-689DEE245FF6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {94800729-53A3-491A-98E6-9DB0CF88C8F6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {9EF7221D-4DE0-451E-96D0-8F529170C20B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {A3AE6A5B-34FD-4BB7-A170-DFA576FEDF76} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {C9081567-FB96-4DB6-9E11-6AC4C91570B4} - System32\Tasks\Opera scheduled Autoupdate 1461083591 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {DED08F9A-D2D6-4CF8-A853-3AC83037BE06} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-04-02] (Overwolf LTD)
Task: {DFBD456B-8A2F-4CA5-B50B-8260CF672B4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-17] (Adobe Systems Incorporated)
Task: {E090836F-AA3E-4F0C-B036-29E48E11842D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {E58C358E-26DA-49D2-9D8C-DB4083EB5EA5} - System32\Tasks\{DC21E4A4-F6E7-4A9C-89C2-B2F384A347FD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe" -d C:\Windows\ImmersiveControlPanel
Task: {E9D6D817-6798-417F-9756-A312CE916F08} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\XP Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\ProgramData\Temp:890CC2F3 [123]
AlternateDataStreams: C:\Users\Todos os Usuários\Temp:890CC2F3 [123]
ShortcutWithArgument: C:\Users\User\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CipSoft GmbH\TibiaME.lnk -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.tibiame.com/?section=webclient&markup=xhtml "C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\2a04b4b2-3495824a"
VirusTotal: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
VirusTotal: C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:


Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST.EXE, depois clique em VRIfczU.png.

Clique no botão 0h0YlDEzRbKP9R7xLrUlzA.png

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Elias Pereira

 

Segue o Log

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14.03.2018
Executado por User (05-04-2018 22:52:55) Run:1
Executando a partir de C:\Users\User\Desktop
Perfis Carregados: User (Perfis Disponíveis: User)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri��o <==== ATEN��O
GroupPolicy: Restri��o <==== ATEN��O
GroupPolicy\User: Restri��o <==== ATEN��O
FF Plugin HKU\S-1-5-21-80734308-2147152885-176964575-1001: @Legend Of Glory -> C:\Program Files (x86)\Legend Of Glory\plugin\npLegendOfGlory1.dll [Nenhum Arquivo]
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1453581122&z=a611cc38dec24b7e7594a91g6z2w8cewfb7gfgfo0o&from=amt&uid=st1000vm002-1ct162_s1g0q9zrxxxxs1g0q9zr
Task: {01ACC2F7-7946-4E23-92F8-5FCE32837BEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {07BC6475-212A-4555-B79B-C807145697D4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {1014CBC2-A652-45B2-A68A-6472FED930F8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation)
Task: {15C8FE1A-2C69-44CC-8EAF-AA633D49FABD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {2717D1EC-494B-4DF1-9CA8-1A04D9AA25A0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Sys-User Sys => C:\Program Files\Microsoft Office\Office15\MsoSync.exe
Task: {2BD8C28F-8DB1-4F03-8936-CECEE5AD783E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {3CF5D85D-1A47-4E0F-A7AC-A303944EC704} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4ABA3D4F-79F0-4981-92FF-C5F9A6FF1075} - System32\Tasks\AdobeAAMUpdater-1.0-Sys-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {4D61223B-931B-4CC3-A2D8-B69B8888F39F} - \WPD\SqmUpload_S-1-5-21-80734308-2147152885-176964575-1001 -> Nenhum Arquivo <==== ATEN��O
Task: {531C2D54-B0C5-4C31-9CEA-39D15F1E24AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {5A66DC0E-BEEA-4079-A153-E26F7C240AF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {772F6D21-1A82-4B30-AF4A-375A34A4EEFB} - System32\Tasks\{9F734F1C-C0D7-40FF-93E2-26887791CCAA} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones
Task: {7AC9A07F-C376-4B8C-B423-8FFAD5C5ACC6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation)
Task: {7DF79074-572E-45DD-A043-86A2C5F5FD22} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-17] (Adobe Systems Incorporated)
Task: {84174467-3F21-4797-A62C-E55B0984DB2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {8447482B-8D6C-44B2-A361-689DEE245FF6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {94800729-53A3-491A-98E6-9DB0CF88C8F6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation)
Task: {9EF7221D-4DE0-451E-96D0-8F529170C20B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation)
Task: {A3AE6A5B-34FD-4BB7-A170-DFA576FEDF76} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {C9081567-FB96-4DB6-9E11-6AC4C91570B4} - System32\Tasks\Opera scheduled Autoupdate 1461083591 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software)
Task: {DED08F9A-D2D6-4CF8-A853-3AC83037BE06} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-04-02] (Overwolf LTD)
Task: {DFBD456B-8A2F-4CA5-B50B-8260CF672B4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-17] (Adobe Systems Incorporated)
Task: {E090836F-AA3E-4F0C-B036-29E48E11842D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation)
Task: {E58C358E-26DA-49D2-9D8C-DB4083EB5EA5} - System32\Tasks\{DC21E4A4-F6E7-4A9C-89C2-B2F384A347FD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe" -d C:\Windows\ImmersiveControlPanel
Task: {E9D6D817-6798-417F-9756-A312CE916F08} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation)
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\XP Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\ProgramData\Temp:890CC2F3 [123]
AlternateDataStreams: C:\Users\Todos os Usu�rios\Temp:890CC2F3 [123]
ShortcutWithArgument: C:\Users\User\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CipSoft GmbH\TibiaME.lnk -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.tibiame.com/?section=webclient&markup=xhtml "C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\2a04b4b2-3495824a"
VirusTotal: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
VirusTotal: C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removido (a) com sucesso.
C:\WINDOWS\system32\GroupPolicy\Machine => movido com sucesso
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido com sucesso
C:\WINDOWS\system32\GroupPolicy\User => movido com sucesso
"HKU\S-1-5-21-80734308-2147152885-176964575-1001\Software\MozillaPlugins\@Legend Of Glory" => removido (a) com sucesso.
"C:\Program Files (x86)\Legend Of Glory\plugin\npLegendOfGlory1.dll" => não encontrado (a)
"Chrome HomePage" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01ACC2F7-7946-4E23-92F8-5FCE32837BEB}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01ACC2F7-7946-4E23-92F8-5FCE32837BEB}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07BC6475-212A-4555-B79B-C807145697D4}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07BC6475-212A-4555-B79B-C807145697D4}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1014CBC2-A652-45B2-A68A-6472FED930F8}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1014CBC2-A652-45B2-A68A-6472FED930F8}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15C8FE1A-2C69-44CC-8EAF-AA633D49FABD}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15C8FE1A-2C69-44CC-8EAF-AA633D49FABD}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2717D1EC-494B-4DF1-9CA8-1A04D9AA25A0}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2717D1EC-494B-4DF1-9CA8-1A04D9AA25A0}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sys-User Sys => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Office 15 Sync Maintenance for Sys-User Sys" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BD8C28F-8DB1-4F03-8936-CECEE5AD783E}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD8C28F-8DB1-4F03-8936-CECEE5AD783E}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CF5D85D-1A47-4E0F-A7AC-A303944EC704}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CF5D85D-1A47-4E0F-A7AC-A303944EC704}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4ABA3D4F-79F0-4981-92FF-C5F9A6FF1075}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ABA3D4F-79F0-4981-92FF-C5F9A6FF1075}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Sys-User => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-Sys-User" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D61223B-931B-4CC3-A2D8-B69B8888F39F}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D61223B-931B-4CC3-A2D8-B69B8888F39F}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-80734308-2147152885-176964575-1001" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{531C2D54-B0C5-4C31-9CEA-39D15F1E24AE}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531C2D54-B0C5-4C31-9CEA-39D15F1E24AE}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A66DC0E-BEEA-4079-A153-E26F7C240AF6}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A66DC0E-BEEA-4079-A153-E26F7C240AF6}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{772F6D21-1A82-4B30-AF4A-375A34A4EEFB}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{772F6D21-1A82-4B30-AF4A-375A34A4EEFB}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\{9F734F1C-C0D7-40FF-93E2-26887791CCAA} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9F734F1C-C0D7-40FF-93E2-26887791CCAA}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AC9A07F-C376-4B8C-B423-8FFAD5C5ACC6}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AC9A07F-C376-4B8C-B423-8FFAD5C5ACC6}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DF79074-572E-45DD-A043-86A2C5F5FD22}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DF79074-572E-45DD-A043-86A2C5F5FD22}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84174467-3F21-4797-A62C-E55B0984DB2B}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84174467-3F21-4797-A62C-E55B0984DB2B}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8447482B-8D6C-44B2-A361-689DEE245FF6}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8447482B-8D6C-44B2-A361-689DEE245FF6}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94800729-53A3-491A-98E6-9DB0CF88C8F6}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94800729-53A3-491A-98E6-9DB0CF88C8F6}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EF7221D-4DE0-451E-96D0-8F529170C20B}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EF7221D-4DE0-451E-96D0-8F529170C20B}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A3AE6A5B-34FD-4BB7-A170-DFA576FEDF76}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AE6A5B-34FD-4BB7-A170-DFA576FEDF76}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleaner Update => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C9081567-FB96-4DB6-9E11-6AC4C91570B4}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9081567-FB96-4DB6-9E11-6AC4C91570B4}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1461083591 => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1461083591" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DED08F9A-D2D6-4CF8-A853-3AC83037BE06}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DED08F9A-D2D6-4CF8-A853-3AC83037BE06}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Overwolf Updater Task => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFBD456B-8A2F-4CA5-B50B-8260CF672B4E}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFBD456B-8A2F-4CA5-B50B-8260CF672B4E}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E090836F-AA3E-4F0C-B036-29E48E11842D}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E090836F-AA3E-4F0C-B036-29E48E11842D}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E58C358E-26DA-49D2-9D8C-DB4083EB5EA5}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E58C358E-26DA-49D2-9D8C-DB4083EB5EA5}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\{DC21E4A4-F6E7-4A9C-89C2-B2F384A347FD} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC21E4A4-F6E7-4A9C-89C2-B2F384A347FD}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9D6D817-6798-417F-9756-A312CE916F08}" => removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D6D817-6798-417F-9756-A312CE916F08}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso.
"C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Download Codecs & Tools.lnk" => Não pode ser movido.
"C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Talk about Codecs.lnk" => Não pode ser movido.
"C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\XP Codec Pack homepage.lnk" => Não pode ser movido.
C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.
C:\ProgramData\Temp => ":890CC2F3" ADS removido (a) com sucesso.
"C:\Users\Todos os Usu�rios\Temp" => ":890CC2F3" ADS não encontrado (a).
C:\Users\User\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CipSoft GmbH\TibiaME.lnk => Atalho argumento removido (a) com sucesso.
VirusTotal: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe => https://www.virustotal.com/file/39c926526adb06ea4c75ac3b0cd77c0cf10b8da9fc0f44925541678e9f2cff73/analysis/1522948238/
VirusTotal: C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe => https://www.virustotal.com/file/5b778453ce94533251c01d60a8942350bed293aedc8995487f7334ea82749cde/analysis/1522904557/

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-80734308-2147152885-176964575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-80734308-2147152885-176964575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.


========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 176479987 B
Java, Flash, Steam htmlcache => 231299854 B
Windows/system/drivers => 16502429 B
Edge => 14336 B
Chrome => 836857853 B
Firefox => 43378449 B
Opera => 1780736 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 59042 B
NetworkService => 13871280 B
User => 1672949287 B

RecycleBin => 96812 B
EmptyTemp: => 2.8 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 22:55:39 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×