Não consigo remover XMRIG.EXE

samuelmachado · 3 de julho de 2021

Olá,

Quando inicializo meu computador sempre aparece uma tela do DOS tentando instalar o XMRIG.EXE. Já tentei passar antivirus e pesquisar no windows e não localizo este arquivo/programa para removê-lo.

Gostaria de auxílio para eliminar ele.

Desde já agradeço!

Elias Pereira · 3 de julho de 2021

@samuelmachado

Por favor, atente para o seguinte:

Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento p2p/toŕŕent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Respeite a ordem das instruções passadas;
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Regras da Área de Remoção de Malware << IMPORTANTE A LEITURA

Regras Gerais do Forum Clube do Hardware << IMPORTANTE A LEITURA

Siga os passos abaixo:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

ETAPA 1

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em

Clique em VERIFICAR AGORA/SCAN NOW. Após o termino clique em LIMPAR/CLEAN e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

ETAPA 2

Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.majorgeeks.com/files/details/zhpcleaner.html

Execute o arquivo ZHPCleaner.exe Como Administrador

Clique no botão Scanner.
A ferramenta começara o exame do seu sistema.
Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
Em seguida clique no botão Reparar.
Será gerado um log chamado ZHPCleaner.txt

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

ETAPA 3

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Execute o FRST64.EXE

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:Clique com o direito sobre o arquivo FRST.EXE, depois clique em EXECUTAR COMO ADMINISTRADOR

Na opção Search, digite: XMRIG.EXE

Clique no botão SEARCH FILES

Aguarde e ao final, o log Search.txt será salvo no seu desktop.

Abra o arquivo Search.txt, copie e cole seu conteudo na sua proxima resposta.

samuelmachado · 4 de julho de 2021

ETAPA 1

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-06-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 07-03-2021
# Duration: 00:00:07
# OS: Windows 10 Pro
# Scanned: 31977
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

---------------

ETAPA 2

~ ZHPCleaner v2021.7.3.308 by Nicolas Coolman (2021/07/03)
~ Run by Samuel e Letícia (Administrator) (03/07/2021 21:33:53)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Samuel e Letícia\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Samuel e Letícia\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 19042)

---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (0)
~ No malicious or unnecessary items found.

---\\ Hosts file (1)
~ The hosts file is legitimate (22)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (2)
MOVED file: C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium
MOVED file: C:\Users\Samuel e Letícia\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium

---\\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.

---\\ Summary of the elements found (1)
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium

---\\ Other deletions. (28)
~ Registry Keys Tracing deleted (28)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK

---\\ Statistics
~ Items scanned : 1472
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of clean in 00h00mn12s

---\\ Reports (2)
ZHPCleaner-[S]-03072021-21_30_30.txt
ZHPCleaner-[R]-03072021-21_34_05.txt

-----------

ETAPA 3

Farbar Recovery Scan Tool (x64) Versão: 03-07-2021
Executado por Samuel e Letícia (03-07-2021 21:39:53)
Executando a partir de C:\Users\Samuel e Letícia\Downloads
Modo da Inicialização: Normal

================== Pesquisar Arquivos: "XMRIG.EXE" =============

====== Fim de Pesquisar ======

Elias Pereira · 4 de julho de 2021

@samuelmachado

Execute novamente o Farbar.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em http://i.imgur.com/VRIfczU.png .

Aceite o contrato e depois clique no botão Scan/Examinar.Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

samuelmachado · 4 de julho de 2021

FRST

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 04-07-2021
Executado por Samuel e Letícia (administrador) em DESKTOP-UBM4B7P (MSI MS-7817) (04-07-2021 19:49:22)
Executando a partir de E:\chapolin\Temporada 3
Perfis Carregados: Samuel e Letícia
Platform: Windows 10 Pro Versão 20H2 19042.1052 (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() [Arquivo não assinado] C:\Program Files\qBittorrent\qbittorrent.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <26>
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) pGFX 2020 -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Samuel e Letícia\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.5282.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.721.5282.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21061.10121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 8\updater-ws.exe
(pdfforge GmbH -> pdfforge GmbH) C:\Program Files\PDF Architect 8\ws.exe
(PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) C:\Program Files\Diebold\Warsaw\core.exe <2>

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [288672 2021-05-21] (IDSA Production signing key 2021 -> Intel)
HKU\S-1-5-21-2542081707-378966687-2905941670-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Print\Monitors\PDF Architect 8 Monitor: C:\Windows\system32\spool\DRIVERS\x64\architect_pdfpmon_v.4.12.26.3.dll [932984 2021-05-25] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [116736 2021-05-25] (pdfforge GmbH) [Arquivo não assinado]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-06-30] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2021-04-23]
ShortcutAndArgument: start.lnk -> C:\Program Files (x86)\Install\starter.cmd =>

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {07182ADA-3959-4600-A553-97A4BD4DB2A5} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {0F53D1EB-C79B-4051-8ABA-1A4FB0BEAE1C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {2445644A-15CD-4BD2-8222-3A04561226A4} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {2BA0827A-AD54-429E-8B58-A1313D1636A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-24] (Google LLC -> Google LLC)
Task: {5407B24D-7456-4F02-A40F-E9D3E85EF6D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {56862BA3-EC35-4DE8-8383-5B4D40E14343} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {575BEE8A-808F-487F-B4E0-4F49C51E6B5F} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29802464 2021-06-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {672FDB9E-F5CA-48D2-8D6E-093A96DB5AE3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {69F1BA2E-2ECE-44FB-AA89-0102ED5CA91B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-24] (Google LLC -> Google LLC)
Task: {6B8318EA-CB88-4450-8EA5-BD711B3BD352} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\Windows\TEMP\is-M4T57.tmp\corefixer.exe <==== ATENÇÃO
Task: {76AC1260-9B75-4B8F-B160-6129CA74B5AD} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [248552 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7C6633AD-4842-4CAD-9D5C-FD4FE3FC5B36} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1628464 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7FE31423-6F0E-474A-9FA4-95D74F61B108} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9179A8B4-800D-4821-962A-B74C563D7385} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [10893616 2021-05-20] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {A4C25941-B761-47E5-9F16-A289589DD708} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [268328 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B638CBF1-4D13-4D56-B300-8048488B57EB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () [Arquivo não assinado]
Task: {B8A95955-90DC-4DF0-9EC9-86B09C4ADBA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {BCF96FDE-BC62-431C-A258-55AEA4E0196F} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {D97735F1-036B-44F6-B3FB-8ADB1B7F0FD3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {F9485F38-347A-402A-87C0-5F20FF0F51E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job =>

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{a5e06b11-41cd-4fa3-94cb-24b82cfd74c3}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{da2fecec-e343-4739-8e3a-b5c3b1df2a58}: [DhcpNameServer] 192.168.8.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Samuel e Letícia\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-04]

FireFox:
========
FF DefaultProfile: 6fvw2zen.default
FF ProfilePath: C:\Users\Samuel e Letícia\AppData\Roaming\Mozilla\Firefox\Profiles\6fvw2zen.default [2021-03-28]
FF ProfilePath: C:\Users\Samuel e Letícia\AppData\Roaming\Mozilla\Firefox\Profiles\cothkxox.default-release [2021-07-04]
FF Extension: (Bilômetro) - C:\Users\Samuel e Letícia\AppData\Roaming\Mozilla\Firefox\Profiles\cothkxox.default-release\Extensions\{09d09f49-3615-4cf3-ad57-a6cc924f29e8}.xpi [2021-05-17]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-03-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-03-24] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2021-07-04]

Chrome:
=======
CHR Profile: C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default [2021-07-04]
CHR Extension: (Apresentações) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-03-24]
CHR Extension: (Documentos) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-03-24]
CHR Extension: (Google Drive) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-24]
CHR Extension: (YouTube) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-03-24]
CHR Extension: (Avira Password Manager) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-06-29]
CHR Extension: (Avira Safe Shopping) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-06-27]
CHR Extension: (Planilhas) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-03-24]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-06-29]
CHR Extension: (Documentos Google off-line) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-28]
CHR Extension: (Adblock - No More Ads) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbcmmhijbfhblohmfjopjjlagmkgem [2021-03-26]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-24]
CHR Extension: (Gmail) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-24]
CHR Extension: (Chrome Media Router) - C:\Users\Samuel e Letícia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-26]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988816 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [383976 2021-05-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [266128 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2776664 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-14] (HP Inc. -> HP Inc.)
R3 PDF Architect 8; C:\Program Files\PDF Architect 8\ws.exe [2731616 2020-11-16] (pdfforge GmbH -> pdfforge GmbH)
S3 PDF Architect 8 Creator; C:\Program Files\PDF Architect 8\creator-ws.exe [628832 2020-11-16] (pdfforge GmbH -> pdfforge GmbH)
R2 PDF Architect 8 Update Service; C:\Program Files\PDF Architect 8\updater-ws.exe [1826400 2020-11-16] (pdfforge GmbH -> pdfforge GmbH)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1141648 2020-08-10] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\Windows\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [209744 2021-03-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [50248 2021-05-06] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [8218304 2019-04-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [41008 2021-02-04] (McAfee, LLC. -> The OpenVPN Project)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49568 2021-06-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [425184 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-12] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
S1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [47800 2021-05-19] (Gas Informatica Ltda -> GAS Tecnologia)
R1 wsddntf; C:\Windows\system32\DRIVERS\wsddntf.sys [61456 2020-08-11] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
S1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [44728 2020-07-10] (Gas Informatica Ltda -> GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [43528 2020-07-23] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

Erro ao ler arquivo: "C:\Users\Samuel e Letícia\Desktop\APznzaZ02wY1jACcFNx49V8A91mInxCRzIEkioAGyxIFiwbser48X0c4ACQ-b8qP2URIPikRBOth9PdHqP2tOdEXkeGrIngeTNtmPiSVbqNmHo1XeACRHFvVMt7NOTLDhGIjgRxD5iA-N41DotbgpUXdoa5JIqAgaOYbQExvbqCj3Lvq_WqDeVx6yw28eSQI6N9NZFR_3sABSNb6rsqHYH5006mgu7O8FsJXXNBfdTTTNcXrM767xjp6GKt.pdf"
2021-07-04 01:05 - 2021-07-04 01:05 - 000001425 _____ C:\Windows\system32\default_error_stack-000001-000000.txt
2021-07-03 21:42 - 2021-07-03 21:42 - 000000304 _____ C:\Users\Samuel e Letícia\Desktop\Search 2.txt
2021-07-03 21:39 - 2021-07-03 21:39 - 000000304 _____ C:\Users\Samuel e Letícia\Desktop\Search.txt
2021-07-03 21:37 - 2021-07-04 19:49 - 000000000 ____D C:\FRST
2021-07-03 21:34 - 2021-07-03 21:34 - 000008332 _____ C:\Users\Samuel e Letícia\Desktop\ZHPCleaner (R).html
2021-07-03 21:34 - 2021-07-03 21:34 - 000002294 _____ C:\Users\Samuel e Letícia\Desktop\zhp.txt
2021-07-03 21:34 - 2021-07-03 21:34 - 000002279 _____ C:\Users\Samuel e Letícia\Desktop\ZHPCleaner (R).txt
2021-07-03 21:32 - 2021-07-03 21:32 - 000002127 _____ C:\Users\Samuel e Letícia\Desktop\report zhp.txt
2021-07-03 21:30 - 2021-07-03 21:30 - 000008050 _____ C:\Users\Samuel e Letícia\Desktop\ZHPCleaner (S).html
2021-07-03 21:30 - 2021-07-03 21:30 - 000002106 _____ C:\Users\Samuel e Letícia\Desktop\ZHPCleaner (S).txt
2021-07-03 21:21 - 2021-07-03 21:21 - 000001405 _____ C:\Users\Samuel e Letícia\Desktop\AdwCleaner[S00].txt
2021-07-03 21:20 - 2021-07-03 21:34 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\ZHP
2021-07-03 21:20 - 2021-07-03 21:20 - 000000886 _____ C:\Users\Samuel e Letícia\Desktop\ZHPCleaner.lnk
2021-07-03 21:20 - 2021-07-03 21:20 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Local\ZHP
2021-07-03 21:18 - 2021-07-03 21:18 - 000000000 ____D C:\AdwCleaner
2021-07-03 19:24 - 2021-07-03 19:24 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-07-03 15:59 - 2021-07-04 10:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-07-03 08:20 - 2021-07-03 08:21 - 000000000 ____D C:\Users\Samuel e Letícia\Desktop\Virus
2021-06-27 18:27 - 2021-06-27 18:27 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\Avira
2021-06-27 16:41 - 2021-06-27 16:43 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\com.nst.iptvsmartersplayer
2021-06-27 16:41 - 2021-06-27 16:41 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\IPTV Smarters Player
2021-06-27 16:40 - 2021-06-27 16:40 - 000002824 _____ C:\Users\Samuel e Letícia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IPTV Smarters Player.lnk
2021-06-27 16:40 - 2021-06-27 16:40 - 000002816 _____ C:\Users\Samuel e Letícia\Desktop\IPTV Smarters Player.lnk
2021-06-27 16:40 - 2021-06-27 16:40 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Local\com.nst.iptvsmartersplayer-updater
2021-06-27 14:24 - 2021-06-27 14:39 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\Wise Registry Cleaner
2021-06-27 14:24 - 2021-06-27 14:24 - 000001300 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2021-06-27 14:24 - 2021-06-27 14:24 - 000001300 _____ C:\ProgramData\Desktop\Wise Registry Cleaner.lnk
2021-06-27 14:24 - 2021-06-27 14:24 - 000000000 ____D C:\Windows\system32\Tasks\WiseCleaner
2021-06-27 14:24 - 2021-06-27 14:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2021-06-27 14:24 - 2021-06-27 14:24 - 000000000 ____D C:\Program Files (x86)\Wise
2021-06-27 14:22 - 2021-06-27 14:24 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\GlarySoft
2021-06-27 14:22 - 2021-06-27 14:24 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2021-06-27 14:05 - 2021-07-01 20:24 - 000000000 ____D C:\Users\Public\Security Sessions
2021-06-27 14:01 - 2021-06-27 14:01 - 000003374 _____ C:\Windows\system32\Tasks\Avira_Antivirus_Systray
2021-06-27 14:01 - 2021-06-27 14:01 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2021-06-27 14:01 - 2021-03-25 17:05 - 000209744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2021-06-27 14:01 - 2021-02-09 18:03 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2021-06-27 14:01 - 2019-06-07 15:09 - 000078936 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avdevprot.sys
2021-06-27 14:01 - 2019-03-20 18:50 - 000089736 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2021-06-27 14:01 - 2019-03-20 18:50 - 000046704 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2021-06-27 14:01 - 2019-03-20 18:50 - 000045472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2021-06-27 14:01 - 2019-03-20 18:50 - 000022336 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avelam.sys
2021-06-27 13:59 - 2021-07-04 13:59 - 000003786 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate
2021-06-27 13:59 - 2021-07-01 17:08 - 000003718 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2021-06-27 13:59 - 2021-06-27 14:05 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Local\Avira
2021-06-27 13:59 - 2021-06-27 13:59 - 000003428 _____ C:\Windows\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2021-06-27 13:59 - 2021-06-27 13:59 - 000002816 _____ C:\Windows\system32\Tasks\Avira_Security_Systray
2021-06-27 13:59 - 2021-06-27 13:59 - 000000000 ____D C:\Users\Public\Speedup Sessions
2021-06-27 13:58 - 2021-07-01 17:07 - 000001078 _____ C:\Users\Public\Desktop\Avira.lnk
2021-06-27 13:58 - 2021-07-01 17:07 - 000001078 _____ C:\ProgramData\Desktop\Avira.lnk
2021-06-27 13:58 - 2021-07-01 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-06-27 13:58 - 2021-06-27 14:05 - 000000000 ____D C:\ProgramData\Avira
2021-06-27 13:58 - 2021-06-27 14:04 - 000070143 _____ C:\Users\Samuel
2021-06-27 13:58 - 2021-06-27 14:01 - 000000000 ____D C:\Program Files (x86)\Avira
2021-06-27 13:29 - 2021-06-27 13:29 - 000001389 _____ C:\Users\Samuel e Letícia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-06-27 13:29 - 2021-06-27 13:29 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Local\ESET
2021-06-27 13:12 - 2021-07-03 19:07 - 000000000 ____D C:\Program Files (x86)\Install
2021-06-25 22:43 - 2021-06-25 22:43 - 000051322 _____ C:\Users\Samuel e Letícia\Desktop\Contracheque_062021_264362426580.pdf
2021-06-25 19:24 - 2021-06-25 19:24 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\LocalLow\Voxler
2021-06-25 19:23 - 2021-06-25 19:23 - 000000722 _____ C:\Users\Samuel e Letícia\Desktop\Lets Sing 2019.lnk
2021-06-25 19:23 - 2021-06-25 19:23 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lets Sing 2019
2021-06-25 14:16 - 2021-06-25 14:16 - 000352874 _____ C:\Users\Samuel e Letícia\Desktop\PROVA 2 CRÍTICA LITERÁRIA - LETÍCIA SOARES.pdf
2021-06-24 11:51 - 2021-06-24 11:51 - 000303692 _____ C:\Users\Samuel e Letícia\Desktop\(96) Pinterest.html
2021-06-24 11:51 - 2021-06-24 11:51 - 000000000 ____D C:\Users\Samuel e Letícia\Desktop\(96) Pinterest_files
2021-06-23 21:08 - 2021-06-23 21:08 - 013853606 _____ C:\Users\Samuel e Letícia\Desktop\Gaulejac 2007 Gestão como doença social.pdf
2021-06-21 18:25 - 2021-06-21 18:25 - 000148949 _____ C:\Users\Samuel e Letícia\Desktop\Recibo.pdf
2021-06-20 18:27 - 2021-06-20 18:27 - 001873383 _____ C:\Users\Samuel e Letícia\Desktop\catalogo_HB20S_Diamond_digital.pdf
2021-06-19 16:30 - 2021-06-19 16:38 - 000005120 _____ C:\Users\Samuel e Letícia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-06-19 16:28 - 2021-06-19 16:28 - 000000408 _____ C:\Users\Samuel e Letícia\AppData\Roaming\CamShapes.ini
2021-06-19 16:28 - 2021-06-19 16:28 - 000000408 _____ C:\Users\Samuel e Letícia\AppData\Roaming\CamLayout.ini
2021-06-19 16:28 - 2021-06-19 16:28 - 000000064 _____ C:\Users\Samuel e Letícia\AppData\Roaming\Camdata.ini
2021-06-19 16:27 - 2021-06-19 16:28 - 000004536 _____ C:\Users\Samuel e Letícia\AppData\Roaming\CamStudio.cfg
2021-06-19 16:27 - 2021-06-19 16:28 - 000000000 ____D C:\Users\Samuel e Letícia\Documents\My CamStudio Temp Files
2021-06-19 16:27 - 2021-06-19 16:27 - 000000000 ____D C:\Users\Samuel e Letícia\Documents\My CamStudio Videos
2021-06-19 16:26 - 2021-06-19 16:26 - 000000096 _____ C:\Users\Samuel e Letícia\AppData\Roaming\version2.xml
2021-06-19 15:50 - 2021-06-20 10:21 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\Doblon
2021-06-19 15:40 - 2021-06-19 16:46 - 000000000 ____D C:\Users\Samuel e Letícia\Desktop\List Samuquinha
2021-06-19 15:30 - 2021-06-20 10:21 - 000000000 ____D C:\Users\Samuel e Letícia\Documents\My Karaoke
2021-06-19 15:30 - 2021-06-20 10:21 - 000000000 ____D C:\Program Files (x86)\Doblon
2021-06-19 11:26 - 2021-06-19 12:05 - 000000000 ____D C:\Users\Samuel e Letícia\Desktop\Banda
2021-06-12 09:04 - 2021-06-12 09:04 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Local\Helios
2021-06-12 00:23 - 2021-06-12 00:23 - 000000987 _____ C:\Users\Public\Desktop\Little Nightmares II.lnk
2021-06-12 00:23 - 2021-06-12 00:23 - 000000987 _____ C:\ProgramData\Desktop\Little Nightmares II.lnk
2021-06-10 16:10 - 2021-06-10 16:10 - 002942821 _____ C:\Users\Samuel e Letícia\Desktop\Gramatica.pdf
2021-06-09 22:18 - 2021-06-12 09:04 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Local\UnrealEngine
2021-06-08 19:05 - 2021-06-08 19:05 - 000001425 _____ C:\Windows\system32\default_error_stack-000000-000000.txt
2021-06-08 16:19 - 2021-06-08 16:19 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-06-08 16:19 - 2021-06-08 16:19 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-06-08 16:19 - 2021-06-08 16:19 - 002260480 _____ (The ICU Project) C:\Windows\system32\icu.dll
2021-06-08 16:19 - 2021-06-08 16:19 - 001864192 _____ (The ICU Project) C:\Windows\SysWOW64\icu.dll
2021-06-08 16:19 - 2021-06-08 16:19 - 001823792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-06-08 16:19 - 2021-06-08 16:19 - 001393496 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-06-08 16:19 - 2021-06-08 16:19 - 001314120 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-06-08 16:19 - 2021-06-08 16:19 - 000657464 _____ C:\Windows\system32\WindowManagementAPI.dll
2021-06-08 16:19 - 2021-06-08 16:19 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-06-08 16:19 - 2021-06-08 16:19 - 000468440 _____ C:\Windows\SysWOW64\WindowManagementAPI.dll
2021-06-08 16:19 - 2021-06-08 16:19 - 000451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-06-08 16:19 - 2021-06-08 16:19 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-06-08 16:19 - 2021-06-08 16:19 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-06-08 16:19 - 2021-06-08 16:19 - 000097280 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-06-08 16:19 - 2021-06-08 16:19 - 000011353 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-06-08 16:18 - 2021-06-08 16:18 - 000563712 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-06-08 16:18 - 2021-06-08 16:18 - 000287232 _____ C:\Windows\system32\CoreMas.dll
2021-06-08 16:18 - 2021-06-08 16:18 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-06-07 20:02 - 2021-06-07 20:02 - 006593748 _____ C:\Users\Samuel e Letícia\Desktop\Leticia da Rosa Soares - Evaluacion.pdf
2021-06-07 18:15 - 2021-06-07 18:15 - 001498694 _____ C:\Users\Samuel e Letícia\Desktop\ACFrOgCmM_1ARxbDy6mWlJd2TeO1Hi9k2ZKJAcTmhPo4TKkOwNJsy8OH5BkfOmUXl8YCre8nlIbqq11BSxbhIVJtwN1ZnM-JbB_svlM94UnjzyiFAebrb5MT_xdEWE1bKPlwnsjI-kjsWpej72XO.pdf
2021-06-07 13:09 - 2021-06-07 13:09 - 000409449 _____ C:\Users\Samuel e Letícia\Desktop\aula_luciane_07_junho.pdf
2021-06-06 19:17 - 2021-06-06 19:17 - 000069947 _____ C:\Users\Samuel e Letícia\Desktop\documento.pdf
2021-06-05 15:51 - 2021-06-05 15:51 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\PDF Architect 8
2021-06-05 15:38 - 2021-06-05 15:38 - 000076635 _____ C:\Users\Samuel e Letícia\Desktop\Atestado_medico_vacinacao_comorbidades.pdf
2021-06-04 19:49 - 2021-06-04 19:49 - 052109466 _____ C:\Users\Samuel e Letícia\Desktop\strawberry_shortcake_v1.2.3_mod.apk

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-07-04 19:41 - 2020-11-18 23:45 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-04 19:37 - 2021-03-25 00:12 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\qBittorrent
2021-07-04 19:37 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-04 12:06 - 2021-03-28 13:39 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\LocalLow\Mozilla
2021-07-04 11:52 - 2021-03-28 13:39 - 000000000 ____D C:\ProgramData\Mozilla
2021-07-04 10:48 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-04 10:42 - 2021-03-24 22:59 - 001651946 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-04 10:42 - 2019-12-07 11:53 - 000715500 _____ C:\Windows\system32\prfh0416.dat
2021-07-04 10:42 - 2019-12-07 11:53 - 000140656 _____ C:\Windows\system32\prfc0416.dat
2021-07-04 10:42 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF
2021-07-04 10:39 - 2021-05-19 00:45 - 000000000 ____D C:\Windows\Minidump
2021-07-04 10:37 - 2021-03-28 13:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-07-04 10:37 - 2021-03-24 23:10 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-07-04 10:37 - 2021-03-24 23:10 - 000000000 __SHD C:\Users\Samuel e Letícia\IntelGraphicsProfiles
2021-07-04 10:37 - 2021-03-24 23:02 - 000000000 ___RD C:\Users\Samuel e Letícia\OneDrive
2021-07-04 10:37 - 2021-03-24 22:53 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-04 10:37 - 2020-11-18 23:45 - 000472000 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-04 10:37 - 2020-11-18 23:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-04 01:06 - 2019-12-07 06:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-07-03 19:24 - 2021-03-28 13:39 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-07-02 19:20 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-02 18:31 - 2020-11-18 23:48 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-02 18:31 - 2020-11-18 23:48 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-07-02 18:31 - 2020-11-18 23:48 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-07-02 18:30 - 2021-03-24 23:02 - 000003400 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2542081707-378966687-2905941670-1001
2021-07-02 18:30 - 2021-03-24 22:58 - 000002418 _____ C:\Users\Samuel e Letícia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-30 02:40 - 2021-03-24 23:29 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-30 02:40 - 2021-03-24 23:29 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-06-30 02:40 - 2021-03-24 23:29 - 000002204 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-06-29 16:09 - 2020-11-18 23:47 - 000003618 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-06-29 16:09 - 2020-11-18 23:47 - 000003494 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-06-28 01:05 - 2021-03-24 22:58 - 000000000 ____D C:\Users\Samuel e Letícia
2021-06-27 14:59 - 2021-03-27 18:11 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\LocalLow\Temp
2021-06-27 14:40 - 2021-03-24 23:29 - 000000000 ____D C:\Program Files\Google
2021-06-27 14:01 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-06-27 13:38 - 2021-05-25 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 8
2021-06-27 13:15 - 2021-03-24 22:59 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Local\VirtualStore
2021-06-25 13:30 - 2021-05-18 12:10 - 000000000 ____D C:\Users\Samuel e Letícia\Desktop\LETÍCIA - ATIVIDADES DA SEMANA
2021-06-25 10:53 - 2021-04-11 11:17 - 000000000 ____D C:\Users\Samuel e Letícia\Desktop\LÍVIA - AULA DA SEMANA
2021-06-25 08:29 - 2021-03-24 22:59 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Local\Packages
2021-06-14 18:15 - 2021-04-08 19:09 - 000000000 ____D C:\Users\Samuel e Letícia\AppData\Roaming\DS4Windows
2021-06-12 23:40 - 2021-05-20 23:31 - 000040401 _____ C:\Users\Samuel e Letícia\Desktop\Financeiro Casa.xlsx
2021-06-12 11:09 - 2020-11-18 23:45 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-06-09 22:14 - 2021-03-24 23:33 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-08 19:07 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-06-08 19:04 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lv-LV
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\et-EE
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-06-08 19:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr
2021-06-08 16:22 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp
2021-06-08 16:11 - 2021-03-24 23:21 - 000000000 ____D C:\Windows\system32\MRT
2021-06-08 16:09 - 2021-03-24 23:20 - 132447432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-06-05 15:51 - 2021-05-25 21:30 - 000000000 ____D C:\ProgramData\PDF Architect 8
2021-06-05 15:50 - 2021-06-02 17:46 - 000000000 ____D C:\Users\Samuel e Letícia\Desktop\RELAÇÃO ESTUDANTES - VACINA

==================== Arquivos na raiz de alguns diretórios ========

2021-06-19 16:28 - 2021-06-19 16:28 - 000000064 _____ () C:\Users\Samuel e Letícia\AppData\Roaming\Camdata.ini
2021-06-19 16:28 - 2021-06-19 16:28 - 000000408 _____ () C:\Users\Samuel e Letícia\AppData\Roaming\CamLayout.ini
2021-06-19 16:28 - 2021-06-19 16:28 - 000000408 _____ () C:\Users\Samuel e Letícia\AppData\Roaming\CamShapes.ini
2021-06-19 16:27 - 2021-06-19 16:28 - 000004536 _____ () C:\Users\Samuel e Letícia\AppData\Roaming\CamStudio.cfg
2021-06-19 16:26 - 2021-06-19 16:26 - 000000096 _____ () C:\Users\Samuel e Letícia\AppData\Roaming\version2.xml
2021-06-19 16:30 - 2021-06-19 16:38 - 000005120 _____ () C:\Users\Samuel e Letícia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2021-04-03 23:03 - 2021-04-03 23:03 - 000003446 _____ () C:\Users\Samuel e Letícia\AppData\Local\recently-used.xbel

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

------------------------------

Addition

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 04-07-2021
Executado por Samuel e Letícia (04-07-2021 19:50:27)
Executando a partir de E:\chapolin\Temporada 3
Windows 10 Pro Versão 20H2 19042.1052 (X64) (2021-03-25 01:55:12)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-2542081707-378966687-2905941670-500 - Administrator - Disabled)
Convidado (S-1-5-21-2542081707-378966687-2905941670-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-2542081707-378966687-2905941670-503 - Limited - Disabled)
Samuel e Letícia (S-1-5-21-2542081707-378966687-2905941670-1001 - Administrator - Enabled) => C:\Users\Samuel e Letícia
WDAGUtilityAccount (S-1-5-21-2542081707-378966687-2905941670-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Avira Antivirus (Disabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2104.2083 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.4.17510 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.51.20430 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.11.0.11177 - Avira Operations GmbH & Co. KG) Hidden
CPUID HWMonitor 1.43 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.43 - CPUID, Inc.)
CrystalDiskInfo 8.12.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.12.0 - Crystal Dew World)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Intel Driver && Support Assistant (HKLM-x32\...\{C38DE4F8-DF58-4B5D-9D4C-1F68773A2AE2}) (Version: 21.3.21.5 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{50883721-017E-40C5-9B65-F11F20DE8B45}) (Version: 2.4.07630 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{d9e1af9c-46b1-481f-bd13-dffef7b14da2}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5171 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{9360c8cc-b617-469a-bb35-829c13e21d97}) (Version: 21.3.21.5 - Intel)
IPTV Smarters Player 3.0.0 (HKU\S-1-5-21-2542081707-378966687-2905941670-1001\...\fee38e36-bd5c-5f8c-a4c4-29d7f942a22c) (Version: 3.0.0 - IPTV Smarters Player)
IRPF2021 (HKLM-x32\...\IRPF2021) (Version: 1.3 - Receita Federal do Brasil)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
K-Lite Mega Codec Pack 16.1.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.1.4 - KLCP)
Little Nightmares II (HKLM-x32\...\Little Nightmares II_is1) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.64 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.4266.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2542081707-378966687-2905941670-1001\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual Basic/C++ Runtime (x86) (HKLM-x32\...\{C5E3A69D-D391-45A6-A8FB-00B01E2B010D}) (Version: 1.1.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.29917 (HKLM\...\{E81E55D9-90EF-4123-B1B9-033E296772FD}) (Version: 14.29.29917 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.29917 (HKLM\...\{5FD9933E-9C5E-48E5-AED3-5CB9C39DAB0E}) (Version: 14.29.29917 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.29917 (HKLM-x32\...\{FCC30AAF-0D27-403D-AA35-5C6D94D682B6}) (Version: 14.29.29917 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.29917 (HKLM-x32\...\{FF8C8F7D-1BDA-4D1D-92CF-C756A2722C1B}) (Version: 14.29.29917 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{47C2CCDB-7A04-3797-992B-A84D3E90258F}) (Version: 10.0.60833 - Microsoft Corporation)
Mozilla Firefox 89.0.2 (x64 pt-BR) (HKLM\...\Mozilla Firefox 89.0.2 (x64 pt-BR)) (Version: 89.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 87.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.4266.1003 - Microsoft Corporation) Hidden
PDF Architect 8 Edit Module (HKLM\...\{C0F370AC-91F0-4AF0-8974-E61F91830082}) (Version: 8.0.56.12577 - pdfforge GmbH) Hidden
PDF Architect 8 View Module (HKLM\...\{742A4199-7DB6-4830-95C4-570D5CB709AF}) (Version: 8.0.56.12577 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{00010FEF-82A2-497E-983A-7105A0364FA7}) (Version: 4.2.0 - pdfforge GmbH)
qBittorrent 4.3.4.1 (HKLM-x32\...\qBittorrent) (Version: 4.3.4.1 - The qBittorrent project)
Silent Hill 3 - Dublado em Português (HKLM-x32\...\Silent Hill 3 - Dublado em Português) (Version: - )
SILENT HILL 3 (HKLM-x32\...\InstallShield_{14D10AAC-9737-454E-A247-8075C26C30E1}) (Version: 1.00.0000 - Konami Computer Entertainment Tokyo, Inc.)
TP-Link Archer T2U Nano Driver (HKLM-x32\...\{2162AC17-3E53-42BC-9CBA-D60EAFAB8628}) (Version: 2.1.0 - TP-Link)
Warsaw 2.18.0.65 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.18.0.65 - Diebold Nixdorf)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Wise Registry Cleaner 10.3.5 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 10.3.5 - WiseCleaner.com, Inc.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_128.1.219.0_x64__v10z8vjag6ke6 [2021-07-02] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-03-26] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-19] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0 [2021-06-30] (Spotify AB) [Startup Task]

==================== Exame Personalizado CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-2542081707-378966687-2905941670-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
ContextMenuHandlers1: [PDFArchitect8_ManagerExt] -> {DDD1CFB8-3C9C-4269-B905-43CC309D569E} => C:\Program Files\PDF Architect 8\context-menu.dll [2020-11-16] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2020-07-10] (Dev Code-Sign -> pdfforge GmbH) [Arquivo não assinado] [O arquivo está em uso]
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-03-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-03-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-12-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-03-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-02-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32-x32: [VIDC.XVID] => xvidvfw.dll
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [Arquivo não assinado]

==================== Atalhos & WMI ========================

==================== Módulos Carregados (Whitelisted) =============

2021-04-22 08:31 - 2021-04-22 08:31 - 005745664 _____ () [Arquivo não assinado] C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
2021-05-25 21:30 - 2021-05-25 21:30 - 000116736 _____ (pdfforge GmbH) [Arquivo não assinado] C:\Windows\System32\pdfcmon.dll
2021-05-12 20:07 - 2021-05-12 20:07 - 001638912 _____ (Robert Simpson, et al.) [Arquivo não assinado] C:\Program Files\Intel\SUR\QUEENCREEK\x64\SQLite.Interop.dll
2021-05-21 08:12 - 2021-05-21 08:12 - 000130048 _____ (Sam Grogan) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Driver and Support Assistant\NotifyIconWin32.dll
2021-05-12 20:07 - 2021-05-12 20:07 - 002122240 _____ (SQLite Development Team) [Arquivo não assinado] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll
2021-03-25 00:50 - 2021-04-04 13:12 - 000759296 _____ (Tabibito Technology) [Arquivo não assinado] C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosPropertyHandler.dll
2020-06-30 13:37 - 2020-06-30 13:37 - 000460288 _____ (The curl library, hxxps://curl.haxx.se/) [Arquivo não assinado] C:\Program Files\PDF Architect 8\libcurl.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [14514]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [14514]
AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [14514]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [14514]

==================== Modo de Segurança (Whitelisted) ==================

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-03-24] (Oracle America, Inc. -> Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-03-24] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-03-25] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2019-12-07 06:14 - 2021-03-24 23:41 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2542081707-378966687-2905941670-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall do Windows está habilitado.

Network Binding:
=============
Wi-Fi: Diebold Network Monitor -> nt_wsddntf (enabled)
Ethernet: Diebold Network Monitor -> nt_wsddntf (enabled)
Conexão Local: Diebold Network Monitor -> nt_wsddntf (enabled)

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{96A380E3-C213-4B61-8CEA-BBBCBD4E9A5C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Arquivo não assinado]
FirewallRules: [{9664865B-D3CD-4F90-B168-96A827E4E53A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Arquivo não assinado]
FirewallRules: [{8E95BA21-1CE9-4AAD-A9FE-E8A35304B975}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5859BB5-B4CD-491B-A340-94DCB683E3EF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{15D84E83-7A1E-4C38-83E0-4455ADAD17B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6F90D5EB-1253-4224-B80D-DD2852A36222}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0F7E3394-FD01-4B9E-8D75-E321C2027F3A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9B365C2C-E904-48E8-81CA-1E4966DEE9CD}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
FirewallRules: [{AEB95C64-04B7-406C-A069-E82E663EAF7C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{04F7EE12-CE34-4309-BBF6-9DEEE76D19BA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{495CBC9E-257A-4C31-B2FA-BC2DE039ABC5}C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe] => (Allow) C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe
FirewallRules: [UDP Query User{0C1054F1-80A6-4CD0-B159-B19CD4FCF952}C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe] => (Allow) C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe
FirewallRules: [{213C1C54-2D3D-4F0D-B460-D5259DDE6E96}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{0A8AB5BD-AFD7-4BEC-9EBB-FCA933E4A120}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{353D549D-40EC-4156-B6F3-3B1343959A7D}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{2673DC3E-CD53-4845-994E-9C504F2A25C4}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{C3FF412B-8A11-4B2B-8794-D3B16770E27E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C3B91A90-CF82-452B-BC09-CC2C3EECCBCC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DF49A79F-EA6B-452D-A936-7E8F2DB27948}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{31FC0DAD-6E8D-4F50-BE12-493B0D0B7B9E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{36076B22-5D9A-419A-9373-37983EAC2C0D}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{ECC32111-FFAD-43DE-912B-AC082175967B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{F8DE71F5-DD45-4C7A-990C-77E090DBEA08}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{52810A96-9B0E-452C-8CA4-C641F2A114E7}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D3648EBA-77A2-4592-BD6D-248D374966D4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10759821-6FFB-4856-B245-3C52910EB928}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{AC8AF78F-CFB8-417B-BCE9-5FE2B366878C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A1E38B44-5FBE-4332-BDE2-6A86A8FDD508}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{954C2091-3892-4A85-B1C6-B8DF307034B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{42E6609F-0026-4247-8304-0BF5492857EF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A3B2113E-39BC-4AF8-976A-2FE269CA5CFC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6B5AE38E-F4E1-4483-935D-9DCA24232A1B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Pontos de Restauração =========================

03-07-2021 21:33:28 ZHPcleaner

==================== Dispositivos Apresentando Falhas No Gerenciador ============

Name: Controlador de barramento SM
Description: Controlador de barramento SM
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: DeskJet 3700 series
Description: DeskJet 3700 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (07/04/2021 10:37:40 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: AUTORIDADE NT)
Description: O Windows não pode carregar a DLL de contador extensível "C:\Windows\system32\sysmain.dll" (código de erro do Win32 126).

Error: (07/03/2021 08:22:32 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.

Error: (07/02/2021 07:22:15 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em Unidade D (E:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (07/01/2021 05:08:20 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: AUTORIDADE NT)
Description: O Windows não pode carregar a DLL de contador extensível "C:\Windows\system32\sysmain.dll" (código de erro do Win32 126).

Error: (06/27/2021 01:59:19 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: AUTORIDADE NT)
Description: O Windows não pode carregar a DLL de contador extensível "C:\Windows\system32\sysmain.dll" (código de erro do Win32 126).

Error: (06/25/2021 07:50:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Let's Sing 2019.exe, versão: 2017.4.18.9071, carimbo de data/hora: 0x5c1a626c
Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.19041.1023, carimbo de data/hora: 0x924f9cdb
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000000000034b89
ID do processo com falha: 0x2cdc
Hora de início do aplicativo com falha: 0x01d76a110dce4c93
Caminho do aplicativo com falha: C:\Lets Sing 2019\Let's Sing 2019.exe
Caminho do módulo com falha: C:\Windows\System32\KERNELBASE.dll
ID do Relatório: 06b820d3-0978-4b25-a532-6b2ee8751aeb
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (06/25/2021 04:48:16 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em Unidade D (E:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (06/19/2021 04:41:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: KaraokeVideoCreator.exe, versão: 2.5.5.8, carimbo de data/hora: 0x609d3767
Nome do módulo com falha: ntdll.dll, versão: 10.0.19041.1023, carimbo de data/hora: 0xf739c3a5
Código de exceção: 0xc0150010
Deslocamento da falha: 0x00098e8b
ID do processo com falha: 0x154c
Hora de início do aplicativo com falha: 0x01d7654305712ccd
Caminho do aplicativo com falha: C:\Program Files (x86)\Doblon\Karaoke Video Creator\KaraokeVideoCreator.exe
Caminho do módulo com falha: C:\Windows\SYSTEM32\ntdll.dll
ID do Relatório: 1bcd5c40-c3bc-459c-986a-6f79189178a2
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Erros de Sistema:
=============
Error: (07/04/2021 01:05:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço User Energy Server Service queencreek terminou com o erro:
O driver %2 retornou um ID inválido para um dispositivo filho (%3).

Error: (07/03/2021 05:28:17 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UBM4B7P)
Description: O servidor {3EB3C877-1F16-487C-9050-104DBCD66683} não se registrou no DCOM dentro do tempo limite necessário.

Error: (07/03/2021 05:28:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-UBM4B7P)
Description: O servidor Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca não se registrou no DCOM dentro do tempo limite necessário.

Error: (06/27/2021 01:50:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento do sistema que ocorreu às 13:21:41 do dia ‎27/‎06/‎2021 não era esperado.

Error: (06/27/2021 01:31:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro:
O carregamento deste driver foi bloqueado

Error: (06/27/2021 01:31:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\SAMUEL~1\AppData\Local\Temp\ehdrv.sys

Error: (06/27/2021 01:31:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço eapihdrv devido ao seguinte erro:
O carregamento deste driver foi bloqueado

Error: (06/27/2021 01:31:18 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\SAMUEL~1\AppData\Local\Temp\ehdrv.sys

Windows Defender:
================
Date: 2021-06-27 13:31:47
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!rfn&threatid=2147721515&enterprise=0
Nome: Trojan:Win32/Dynamer!rfn
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Lets Sing 2019\DARKSiDERSTRO01.EXE
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-UBM4B7P\Samuel e Letícia
Nome do Processo: C:\Users\Samuel e Letícia\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Versão da Inteligência de Segurança: AV: 1.341.1556.0, AS: 1.341.1556.0, NIS: 1.341.1556.0
Versão do Mecanismo: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-27 13:22:19
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=App:XMRigMiner&threatid=268622&enterprise=0
Nome: App:XMRigMiner
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_C:\Program Files (x86)\Install\xmrig.exe
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-UBM4B7P\Samuel e Letícia
Nome do Processo: C:\Windows\System32\cmd.exe
Versão da Inteligência de Segurança: AV: 1.341.1556.0, AS: 1.341.1556.0, NIS: 1.341.1556.0
Versão do Mecanismo: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-25 20:07:29
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C54&threatid=2147756041&enterprise=0
Nome: Trojan:Win32/Occamy.C54
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_C:\Users\Samuel e Letícia\Desktop\Instalar_PcKaraoke\Instalar_PcKaraoke.exe
Origem da Detecção: Computador local
Tipo da Detecção: FastPath
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-UBM4B7P\Samuel e Letícia
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.341.1413.0, AS: 1.341.1413.0, NIS: 1.341.1413.0
Versão do Mecanismo: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-25 19:20:24
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!rfn&threatid=2147721515&enterprise=0
Nome: Trojan:Win32/Dynamer!rfn
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: file:_F:\DARKSiDERS\DARKSiDERSTRO01.EXE
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Proteção em Tempo Real
Usuário: DESKTOP-UBM4B7P\Samuel e Letícia
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.341.1413.0, AS: 1.341.1413.0, NIS: 1.341.1413.0
Versão do Mecanismo: AM: 1.1.18200.4, NIS: 1.1.18200.4

Date: 2021-06-25 11:58:33
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {EA3B47A5-0D16-41E2-81D2-B4A5C632B3CA}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-06-09 22:11:37
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.341.401.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.18200.4
Código de Erro: 0x80246007
Descrição do Erro: Erro inesperado ao verificar atualizações. Para obter informações sobre como instalar ou solucionar problemas de atualizações, consulte Ajuda e Suporte.

Date: 2021-06-03 23:12:45
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.339.1957.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.18100.6
Código de Erro: 0x80070643
Descrição do Erro: Erro fatal durante a instalação.

Date: 2021-06-03 23:12:42
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança: 1.341.8.0
Versão da Inteligência de Segurança anterior: 1.339.1957.0
Fonte da Atualização: Usuário
Tipo da Inteligência de Segurança: Anti-spyware
Tipo da atualização: Delta
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo: 1.1.18200.4
Versão Anterior do Mecanismo: 1.1.18100.6
Código de Erro: 0x80070666
Descrição do Erro: Outra versão deste produto já está instalada. A instalação desta versão não pode continuar. Para configurar ou remover a versão existente deste produto, use 'Adicionar ou remover programas' no Painel de Controle.

Date: 2021-06-03 23:12:42
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança: 1.341.8.0
Versão da Inteligência de Segurança anterior: 1.339.1957.0
Fonte da Atualização: Usuário
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Delta
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo: 1.1.18200.4
Versão Anterior do Mecanismo: 1.1.18100.6
Código de Erro: 0x80070666
Descrição do Erro: Outra versão deste produto já está instalada. A instalação desta versão não pode continuar. Para configurar ou remover a versão existente deste produto, use 'Adicionar ou remover programas' no Painel de Controle.

Date: 2021-06-03 23:12:42
Description:
O Microsoft Defender Antivírus encontrou um erro ao tentar atualizar o mecanismo.
Nova Versão do Mecanismo: 1.1.18200.4
Versão Anterior do Mecanismo: 1.1.18100.6
Usuário: AUTORIDADE NT\SISTEMA
Código do Erro: 0x80070666
Descrição do erro: Outra versão deste produto já está instalada. A instalação desta versão não pode continuar. Para configurar ou remover a versão existente deste produto, use 'Adicionar ou remover programas' no Painel de Controle.

CodeIntegrity:
===============
Date: 2021-07-02 22:42:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

==================== Informações da Memória ===========================

BIOS: American Megatrends Inc. V6.6 07/22/2014
placa-mãe: MSI H81M-E33 (MS-7817)
Processador: Intel(R) Core(TM) i3-4170 CPU @ 3.70GHz
Percentagem de memória em uso: 67%
RAM física total: 8069.7 MB
RAM física disponível: 2601.16 MB
Virtual Total: 9349.7 MB
Virtual disponível: 2944.77 MB

==================== Drives ================================

Drive () (Fixed) (Total:111.24 GB) (Free:60.85 GB) NTFS
Drive d: (ELMIRA) (Removable) (Total:14.43 GB) (Free:13.22 GB) FAT32
Drive e: (Unidade D) (Fixed) (Total:931.51 GB) (Free:384 GB) NTFS

\\?\Volume{e58384ac-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: 5BA40118)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0C)

==================== Fim de Addition.txt =======================

Elias Pereira · 5 de julho de 2021

@samuelmachado

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
() [Arquivo não assinado] C:\Program Files\qBittorrent\qbittorrent.exe
C:\Program Files\qBittorrent
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2021-04-23]
ShortcutAndArgument: start.lnk -> C:\Program Files (x86)\Install\starter.cmd => 
C:\Program Files (x86)\Install\xmrig.exe
C:\Program Files (x86)\Install
Task: {07182ADA-3959-4600-A553-97A4BD4DB2A5} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {0F53D1EB-C79B-4051-8ABA-1A4FB0BEAE1C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {2445644A-15CD-4BD2-8222-3A04561226A4} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {2BA0827A-AD54-429E-8B58-A1313D1636A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-24] (Google LLC -> Google LLC)
Task: {5407B24D-7456-4F02-A40F-E9D3E85EF6D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {56862BA3-EC35-4DE8-8383-5B4D40E14343} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {575BEE8A-808F-487F-B4E0-4F49C51E6B5F} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29802464 2021-06-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {672FDB9E-F5CA-48D2-8D6E-093A96DB5AE3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {69F1BA2E-2ECE-44FB-AA89-0102ED5CA91B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-24] (Google LLC -> Google LLC)
Task: {6B8318EA-CB88-4450-8EA5-BD711B3BD352} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\Windows\TEMP\is-M4T57.tmp\corefixer.exe <==== ATENÇÃO
Task: {76AC1260-9B75-4B8F-B160-6129CA74B5AD} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [248552 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7C6633AD-4842-4CAD-9D5C-FD4FE3FC5B36} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1628464 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7FE31423-6F0E-474A-9FA4-95D74F61B108} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9179A8B4-800D-4821-962A-B74C563D7385} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [10893616 2021-05-20] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {A4C25941-B761-47E5-9F16-A289589DD708} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [268328 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B638CBF1-4D13-4D56-B300-8048488B57EB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () [Arquivo não assinado]
Task: {B8A95955-90DC-4DF0-9EC9-86B09C4ADBA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {BCF96FDE-BC62-431C-A258-55AEA4E0196F} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {D97735F1-036B-44F6-B3FB-8ADB1B7F0FD3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {F9485F38-347A-402A-87C0-5F20FF0F51E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => 
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [14514]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [14514]
AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [14514]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [14514]
FirewallRules: [{96A380E3-C213-4B61-8CEA-BBBCBD4E9A5C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Arquivo não assinado]
FirewallRules: [{9664865B-D3CD-4F90-B168-96A827E4E53A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Arquivo não assinado]
CloseProcesses:
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

Clique no botão

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

samuelmachado · 5 de julho de 2021

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 04-07-2021
Executado por Samuel e Letícia (04-07-2021 23:30:57) Run:1
Executando a partir de C:\Users\Samuel e Letícia\Desktop
Perfis Carregados: Samuel e Letícia
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
() [Arquivo não assinado] C:\Program Files\qBittorrent\qbittorrent.exe
C:\Program Files\qBittorrent
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2021-04-23]
ShortcutAndArgument: start.lnk -> C:\Program Files (x86)\Install\starter.cmd =>
C:\Program Files (x86)\Install\xmrig.exe
C:\Program Files (x86)\Install
Task: {07182ADA-3959-4600-A553-97A4BD4DB2A5} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {0F53D1EB-C79B-4051-8ABA-1A4FB0BEAE1C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-07-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {2445644A-15CD-4BD2-8222-3A04561226A4} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {2BA0827A-AD54-429E-8B58-A1313D1636A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-24] (Google LLC -> Google LLC)
Task: {5407B24D-7456-4F02-A40F-E9D3E85EF6D5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {56862BA3-EC35-4DE8-8383-5B4D40E14343} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3074176 2021-04-15] (Intel(R) System Usage Report -> Intel Corporation)
Task: {575BEE8A-808F-487F-B4E0-4F49C51E6B5F} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29802464 2021-06-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {672FDB9E-F5CA-48D2-8D6E-093A96DB5AE3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {69F1BA2E-2ECE-44FB-AA89-0102ED5CA91B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-03-24] (Google LLC -> Google LLC)
Task: {6B8318EA-CB88-4450-8EA5-BD711B3BD352} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\Windows\TEMP\is-M4T57.tmp\corefixer.exe <==== ATENÇÃO
Task: {76AC1260-9B75-4B8F-B160-6129CA74B5AD} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [248552 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7C6633AD-4842-4CAD-9D5C-FD4FE3FC5B36} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1628464 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7FE31423-6F0E-474A-9FA4-95D74F61B108} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [5967976 2015-08-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9179A8B4-800D-4821-962A-B74C563D7385} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [10893616 2021-05-20] (Lespeed Technology Co., Ltd -> WiseCleaner.com)
Task: {A4C25941-B761-47E5-9F16-A289589DD708} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [268328 2021-06-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B638CBF1-4D13-4D56-B300-8048488B57EB} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-02-25] () [Arquivo não assinado]
Task: {B8A95955-90DC-4DF0-9EC9-86B09C4ADBA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [315056 2021-03-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {BCF96FDE-BC62-431C-A258-55AEA4E0196F} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-11] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {D97735F1-036B-44F6-B3FB-8ADB1B7F0FD3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {F9485F38-347A-402A-87C0-5F20FF0F51E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job =>
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [14514]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [14514]
AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [14514]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [14514]
FirewallRules: [{96A380E3-C213-4B61-8CEA-BBBCBD4E9A5C}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Arquivo não assinado]
FirewallRules: [{9664865B-D3CD-4F90-B168-96A827E4E53A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [Arquivo não assinado]
CloseProcesses:
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
C:\Program Files\qBittorrent\qbittorrent.exe => Não foi encontrado em execução o processo
C:\Program Files\qBittorrent => movido com sucesso
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk => movido com sucesso
ShortcutAndArgument: start.lnk -> C:\Program Files (x86)\Install\starter.cmd => => Erro: Nenhuma correção automática foi encontrada para esta entrada.
"C:\Program Files (x86)\Install\xmrig.exe" => não encontrado (a)
C:\Program Files (x86)\Install => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07182ADA-3959-4600-A553-97A4BD4DB2A5}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07182ADA-3959-4600-A553-97A4BD4DB2A5}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F53D1EB-C79B-4051-8ABA-1A4FB0BEAE1C}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F53D1EB-C79B-4051-8ABA-1A4FB0BEAE1C}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2445644A-15CD-4BD2-8222-3A04561226A4}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2445644A-15CD-4BD2-8222-3A04561226A4}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\USER_ESRV_SVC_QUEENCREEK" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BA0827A-AD54-429E-8B58-A1313D1636A1}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BA0827A-AD54-429E-8B58-A1313D1636A1}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5407B24D-7456-4F02-A40F-E9D3E85EF6D5}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5407B24D-7456-4F02-A40F-E9D3E85EF6D5}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack2016" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{56862BA3-EC35-4DE8-8383-5B4D40E14343}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56862BA3-EC35-4DE8-8383-5B4D40E14343}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{575BEE8A-808F-487F-B4E0-4F49C51E6B5F}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{575BEE8A-808F-487F-B4E0-4F49C51E6B5F}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\AviraSystemSpeedupUpdate => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AviraSystemSpeedupUpdate" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{672FDB9E-F5CA-48D2-8D6E-093A96DB5AE3}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{672FDB9E-F5CA-48D2-8D6E-093A96DB5AE3}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69F1BA2E-2ECE-44FB-AA89-0102ED5CA91B}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69F1BA2E-2ECE-44FB-AA89-0102ED5CA91B}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6B8318EA-CB88-4450-8EA5-BD711B3BD352}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B8318EA-CB88-4450-8EA5-BD711B3BD352}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Rerun Warsaw's CoreFixer => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rerun Warsaw's CoreFixer" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76AC1260-9B75-4B8F-B160-6129CA74B5AD}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76AC1260-9B75-4B8F-B160-6129CA74B5AD}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Avira_Security_Service_SCM_Watchdog => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Security_Service_SCM_Watchdog" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C6633AD-4842-4CAD-9D5C-FD4FE3FC5B36}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C6633AD-4842-4CAD-9D5C-FD4FE3FC5B36}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Avira_Security_Systray => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Security_Systray" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FE31423-6F0E-474A-9FA4-95D74F61B108}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FE31423-6F0E-474A-9FA4-95D74F61B108}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9179A8B4-800D-4821-962A-B74C563D7385}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9179A8B4-800D-4821-962A-B74C563D7385}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\WiseCleaner\WRCSkipUAC => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WiseCleaner\WRCSkipUAC" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4C25941-B761-47E5-9F16-A289589DD708}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4C25941-B761-47E5-9F16-A289589DD708}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Avira_Security_Update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Security_Update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B638CBF1-4D13-4D56-B300-8048488B57EB}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B638CBF1-4D13-4D56-B300-8048488B57EB}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\klcp_update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8A95955-90DC-4DF0-9EC9-86B09C4ADBA0}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8A95955-90DC-4DF0-9EC9-86B09C4ADBA0}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn2016" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BCF96FDE-BC62-431C-A258-55AEA4E0196F}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCF96FDE-BC62-431C-A258-55AEA4E0196F}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Avira_Antivirus_Systray => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira_Antivirus_Systray" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D97735F1-036B-44F6-B3FB-8ADB1B7F0FD3}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D97735F1-036B-44F6-B3FB-8ADB1B7F0FD3}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F9485F38-347A-402A-87C0-5F20FF0F51E4}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9485F38-347A-402A-87C0-5F20FF0F51E4}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso.
C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => movido com sucesso
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh => removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => removido (a) com sucesso.
C:\ProgramData => ":chnpbmzkyg" ADS removido (a) com sucesso.
C:\ProgramData => ":YXVtLmh6aQ" ADS removido (a) com sucesso.
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.
"C:\Users\All Users" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\Users\All Users" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\Users\Todos os Usuários" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\Users\Todos os Usuários" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\ProgramData\Dados de Aplicativos" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\ProgramData\Dados de Aplicativos" => ":YXVtLmh6aQ" ADS não encontrado (a).
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{96A380E3-C213-4B61-8CEA-BBBCBD4E9A5C}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9664865B-D3CD-4F90-B168-96A827E4E53A}" => removido (a) com sucesso.
Processos fechados com sucesso.

========= ipconfig /flushdns =========

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-2542081707-378966687-2905941670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-2542081707-378966687-2905941670-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.

========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27437131 B
Java, Flash, Steam htmlcache => 17129111 B
Windows/system/drivers => 169141 B
Edge => 0 B
Chrome => 1278361471 B
Firefox => 98205279 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8178 B
NetworkService => 6280022 B
Samuel e Letícia => 11361164 B

RecycleBin => 0 B
EmptyTemp: => 1.3 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 23:33:14 ====

Elias Pereira · 5 de julho de 2021

@samuelmachado

Os problemas iniciais persistem?

samuelmachado · 6 de julho de 2021

Oi Elias!

Quando eu inicio o computador não aparece mais o DOS pedindo para instalar o XMRIG.EXE.

Acredito que o problema esteja resolvido!!!!

Elias Pereira · 6 de julho de 2021

@samuelmachado

Em relação a malwares, não temos mais problemas.

MANTENHA O SO ATUALIZADO:
Mantenha como "automatica" as atualizações do windows. Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações. Por isso é fundamental manter o seu sistema atualizado.

Se não tiver mais problema em relação a malwares, clique em Denunciar Post localizado no topo da pagina e diga que seu topico está RESOLVIDO. Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do CdH.

samuelmachado · 8 de julho de 2021

Muito obrigado pela ajuda Elias.

Sem palavras.

Um forte abraço!

Elias Pereira · 8 de julho de 2021

Problema resolvido!

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.