×
Ir ao conteúdo
  • Cadastre-se

Navegadores abrindo sozinho sem parar e também fecha abas


brujox

Posts recomendados

Saudações! Acompanho o fórum anos mas nunca parei para fazer conta. rs  Enfim vamos lá...

Ontem surgiu essa dor de cabeça (coincidência ou não foi depois de ter instalado o Tenorshare 4uKey for Android) e do nada Firefox fica piscando e abrindo diversas janelas e quando fecha, abre mais ainda. E do nada dá uma pausa, você tenta pesquisar algo, ele fecha a aba. Desinstalei o Firefox, passou pro Chrome...

Verificado e nada de extensões em ambos navegadores e nem modificação no atalho.

Passei Malwarebtyes programinha que sempre gostei e foi eficiente e nada. Tanto em modo de segurança quanto normal.


Em modo de segurança, passei Eset nod32 e roguekiller e identificou algo e pelo visto hoje (6-8) até agora nada. Só estranho é desktop papel de parede preto e quando fica selecionado alguma área, mostra o papel de parede.

 

Segue logs do ZHP e AdwCleaner.Fico no aguardo para se realmente está ok ou algo a mais a fazer

ZHPCleaner (R).txt AdwCleaner[C03] 6-8.txt

 

 

 

EDIT:

 

Só foi eu terminar de postar que voltou. Fechou a aba e depois abriu 10 janelas do Firefox. 😭

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@brujox

 

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do Windows ou de compartilhamento p2p/toŕŕent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!


Regras da Área de Remoção de Malware << IMPORTANTE A LEITURA

Regras Gerais do Forum Clube do Hardware << IMPORTANTE A LEITURA
 

Siga os passos do link abaixo:

 

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

Link para o comentário
Compartilhar em outros sites

42 minutos atrás, Elias Pereira disse:

@brujox

 

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do Windows ou de compartilhamento p2p/toŕŕent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!


Regras da Área de Remoção de Malware << IMPORTANTE A LEITURA

Regras Gerais do Forum Clube do Hardware << IMPORTANTE A LEITURA
 

Siga os passos do link abaixo:

 

https://forums.malwarebytes.com/topic/258886-chrome-secure-preferences-detection-always-returns/

 

Torrent já está desinstalado... E realizei o procedimento do Chrome apesar que sempre deixo desativado pois uso mais o Firefox.

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@brujox

 

Necesito de novos logs.

 

Siga os passos abaixo:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

 

ETAPA 1

 

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e Windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em image.png

Clique em VERIFICAR AGORA/SCAN NOW. Após o termino clique em LIMPAR/CLEAN e aguarde.

Será aberto o bloco de notas com o resultado.

 

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

 

ETAPA 2

 

Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.majorgeeks.com/files/details/zhpcleaner.html

Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@brujox

 

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

** Usuários do Windows Vista, Windows 7, 8/8.1 e Windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em http://i.imgur.com/VRIfczU.png .

Aceite o contrato e depois clique no botão Scan/Examinar.Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Link para o comentário
Compartilhar em outros sites

FRST.TXT

 

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 08-08-2021
Executado por brujox (administrador) em DESKTOP-QEKIPH9 (ASUS All Series) (10-08-2021 20:24:04)
Executando a partir de C:\Users\brujo\OneDrive\Área de Trabalho
Perfis Carregados: brujox
Platform: Windows 10 Pro Versão 20H2 19042.1110 (X64) Idioma: Português (Brasil)
Navegador padrão: FF
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\brujo\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-Windows-servicingstack_31bf3856ad364e35_10.0.19041.1081_none_7e3d47227c694b34\TiWorker.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) D:\Steam\Steam.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [165928 2021-06-27] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Run: [Discord] => C:\Users\brujo\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Run: [Steam] => D:\Steam\Steam.exe [4273896 2021-08-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Run: [Snap Camera] => C:\Program Files\Snap Inc\Snap Camera\Snap Camera.exe [60299480 2021-07-26] (Snapchat Inc. (Snap Inc.) -> Snap Inc)
HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-06] (Google LLC -> Google LLC)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {104BE413-AF8F-4A34-A848-DE263CB41B79} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {198A53D4-2702-4617-9391-71B1523D893C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1B4DC01E-0763-4E69-B834-EA78CB28D02B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {39483EA5-C824-4F7D-AD57-602824E7453B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {5015B864-CE24-4248-899A-540577D7E051} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {59C3EE15-55A2-4CC3-B8E4-0A0AAA50577F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {6CEE7037-786E-460E-A28D-E631F726AB50} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {81603CF9-7BCD-4397-93E3-CD1600C5182E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {8528BACD-6646-40CB-B9DF-E88349677C73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3D24989-44BA-400B-B7D9-F76735BA477D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1C46254-C45B-4786-BFD3-B59D8CB9F330} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)
Task: {E362F057-714B-4355-AE3C-B7D1336BE615} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: C:\Windows\Tasks\EOSv3 Scheduler onTime.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: O arquivo Hosts não foi detectado no seu diretório padrão
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{1c9f7d1c-8043-42be-a767-1d9c3ec1ed16}: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF DefaultProfile: swqwjg68.default
FF ProfilePath: C:\Users\brujo\AppData\Roaming\Mozilla\Firefox\Profiles\swqwjg68.default [2021-08-06]
FF ProfilePath: C:\Users\brujo\AppData\Roaming\Mozilla\Firefox\Profiles\15xrm1is.default-release [2021-08-10]
FF Homepage: Mozilla\Firefox\Profiles\15xrm1is.default-release -> about:blank
FF Session Restore: Mozilla\Firefox\Profiles\15xrm1is.default-release -> está habilitado.
FF Notifications: Mozilla\Firefox\Profiles\15xrm1is.default-release -> hxxps://web.telegram.org
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-08-10]

Chrome:
=======
CHR Profile: C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default [2021-08-09]
CHR Session Restore: Default -> está habilitado.
CHR Extension: (Apresentações) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-21]
CHR Extension: (Documentos) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-21]
CHR Extension: (Google Drive) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-19]
CHR Extension: (YouTube) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-21]
CHR Extension: (Planilhas) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-21]
CHR Extension: (Documentos Google off-line) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-01]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-24]
CHR Extension: (Gmail) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-19]
CHR Extension: (Chrome Media Router) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-30]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142136 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [821376 2020-08-23] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3079464 2021-06-27] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3079464 2021-06-27] (ESET, spol. s r.o. -> ESET)
S4 Origin Client Service; D:\Origin\OriginClientService.exe [2556048 2021-07-30] (Electronic Arts, Inc. -> Electronic Arts)
S4 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3474584 2021-07-30] (Electronic Arts, Inc. -> Electronic Arts)
S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13946200 2021-08-05] (ADLICE (ASCOET JULIEN) -> )
S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1934744 2021-06-27] (Rockstar Games, Inc. -> Rockstar Games)
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13147152 2020-08-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S4 TwitchService; C:\Program Files\Common Files\Twitch\TwitchService.exe [334208 2020-10-21] (Twitch Interactive, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-07-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-07-23] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169368 2021-06-25] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15824 2021-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [194728 2021-06-25] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [107408 2021-06-25] (ESET, spol. s r.o. -> ESET)
R3 SnapCameraVirtualDevice; C:\Windows\System32\drivers\SnapCameraVirtualDevice.sys [2800232 2020-10-12] (Snap Inc. -> Windows (R) Win 7 DDK provider)
S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49568 2021-07-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [434424 2021-07-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [78072 2021-07-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-08-10 20:23 - 2021-08-10 20:24 - 000000000 ____D C:\FRST
2021-08-10 20:23 - 2021-08-10 20:23 - 000000000 ___HD C:\$WinREAgent
2021-08-06 21:13 - 2021-08-10 15:17 - 000000000 ____D C:\Program Files\CCleaner
2021-08-06 21:13 - 2021-08-06 21:13 - 036246064 _____ (Piriform Software Ltd) C:\Users\brujo\Downloads\ccsetup583.exe
2021-08-06 21:13 - 2021-08-06 21:13 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-08-06 21:13 - 2021-08-06 21:13 - 000002890 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC
2021-08-06 21:13 - 2021-08-06 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-08-06 20:21 - 2021-08-06 20:21 - 000000000 ____D C:\Users\brujo\AppData\Local\TaskManClient
2021-08-06 20:21 - 2021-08-06 20:21 - 000000000 ____D C:\Users\brujo\AppData\Local\Back4BloodBeta
2021-08-06 17:01 - 2021-08-06 17:01 - 000000000 ____D C:\Users\brujo\AppData\Local\Safer-Networking Ltd
2021-08-06 16:20 - 2021-08-06 16:20 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking
2021-08-06 16:19 - 2021-08-06 21:19 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-08-06 16:19 - 2021-08-06 17:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-08-06 16:19 - 2021-08-06 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2021-08-06 16:19 - 2021-08-06 16:19 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2021-08-06 16:19 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Spybot3ELAM.sys
2021-08-06 16:19 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2021-08-06 16:17 - 2021-08-06 16:18 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\brujo\Downloads\spybotsd-2.8.68.0.exe
2021-08-06 14:58 - 2021-08-10 04:42 - 000000000 ____D C:\Users\brujo\AppData\Roaming\ZHP
2021-08-06 14:58 - 2021-08-06 14:58 - 000000000 ____D C:\Users\brujo\AppData\Local\ZHP
2021-08-06 12:04 - 2021-08-06 12:04 - 002822255 _____ C:\Users\brujo\Downloads\ZHPCleaner.zip
2021-08-06 11:24 - 2021-08-06 11:24 - 008553680 _____ (Malwarebytes) C:\Users\brujo\Downloads\AdwCleaner (2).exe
2021-08-06 11:17 - 2021-08-06 11:17 - 000057449 _____ C:\Windows\system32\NOTICE_mod
2021-08-06 11:17 - 2021-08-06 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2021-08-06 11:17 - 2021-08-06 11:17 - 000000000 ____D C:\ProgramData\ESET
2021-08-06 11:17 - 2021-08-06 11:17 - 000000000 ____D C:\Program Files\ESET
2021-08-06 11:09 - 2021-08-06 11:09 - 008703024 _____ (ESET) C:\Users\brujo\Downloads\eset_nod32_antivirus_live_installer.exe
2021-08-06 10:54 - 2021-08-06 11:07 - 000000000 ____D C:\ProgramData\RogueKiller
2021-08-06 10:54 - 2021-08-06 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-08-06 10:54 - 2021-08-06 10:54 - 000000000 ____D C:\Program Files\RogueKiller
2021-08-06 10:50 - 2021-08-06 10:50 - 041875792 _____ (Adlice Software ) C:\Users\brujo\Downloads\RogueKiller_setup.exe
2021-08-06 10:42 - 2021-08-06 10:42 - 000000342 _____ C:\Windows\Tasks\EOSv3 Scheduler onTime.job
2021-08-06 10:42 - 2021-08-06 10:42 - 000000342 _____ C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job
2021-08-06 10:30 - 2021-08-06 15:41 - 000001378 _____ C:\Users\brujo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-08-06 10:30 - 2021-08-06 10:30 - 000000000 ____D C:\Users\brujo\AppData\Local\ESET
2021-08-06 10:29 - 2021-08-06 10:29 - 011697056 _____ (ESET) C:\Users\brujo\Downloads\esetonlinescanner.exe
2021-08-06 00:14 - 2021-08-06 00:14 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-08-06 00:14 - 2021-08-06 00:14 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-08-06 00:14 - 2021-08-06 00:14 - 000000000 ____D C:\Users\brujo\AppData\Roaming\Mozilla
2021-08-06 00:14 - 2021-08-06 00:14 - 000000000 ____D C:\Users\brujo\AppData\Local\Mozilla
2021-08-06 00:13 - 2021-08-06 00:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-08-06 00:13 - 2021-08-06 00:13 - 000333024 _____ (Mozilla) C:\Users\brujo\Downloads\Firefox Installer.exe
2021-08-06 00:10 - 2021-08-06 00:10 - 000002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-08-06 00:10 - 2021-08-06 00:10 - 000000000 ____D C:\Program Files\Google
2021-08-06 00:09 - 2021-08-06 00:09 - 001342296 _____ (Google LLC) C:\Users\brujo\Downloads\ChromeSetup.exe
2021-08-05 23:54 - 2021-08-05 23:55 - 000000000 ____D C:\AdwCleaner
2021-08-05 23:54 - 2021-08-05 23:54 - 008553680 _____ (Malwarebytes) C:\Users\brujo\Downloads\AdwCleaner.exe
2021-08-05 20:58 - 2021-08-05 20:58 - 000000000 ____D C:\Windows\pss
2021-08-05 20:50 - 2021-08-05 20:50 - 000000000 ____D C:\Users\brujo\AppData\Local\VS Revo Group
2021-08-05 20:50 - 2021-08-05 20:50 - 000000000 ____D C:\ProgramData\VS Revo Group
2021-08-05 20:50 - 2021-08-05 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2021-08-05 20:50 - 2021-08-05 20:50 - 000000000 ____D C:\Program Files\VS Revo Group
2021-08-05 20:50 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2021-08-05 20:37 - 2021-08-05 20:37 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP
2021-08-05 20:37 - 2021-08-05 20:37 - 000000000 ____D C:\Users\brujo\AppData\Local\mbamtray
2021-08-05 19:59 - 2021-08-05 19:59 - 000000000 ___HD C:\$SysReset
2021-08-05 10:52 - 2021-08-05 10:52 - 000000000 ____D C:\Users\brujo\.android
2021-08-04 23:52 - 2021-08-04 23:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-08-03 21:48 - 2021-08-03 21:49 - 000000000 ____D C:\Users\brujo\OneDrive\Documentos\Battlefield V
2021-08-03 21:48 - 2021-08-03 21:48 - 000000000 ____D C:\Users\brujo\AppData\Local\Battlefield V
2021-08-03 07:42 - 2021-08-03 07:42 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller
2021-08-01 22:04 - 2021-08-01 22:04 - 000000000 ____D C:\Windows\system32\lxss
2021-08-01 22:04 - 2021-08-01 22:04 - 000000000 ____D C:\Windows\LastGood.Tmp
2021-08-01 21:45 - 2021-07-13 14:07 - 001858664 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-08-01 21:45 - 2021-07-13 14:07 - 001858664 _____ C:\Windows\system32\vulkaninfo.exe
2021-08-01 21:45 - 2021-07-13 14:07 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-08-01 21:45 - 2021-07-13 14:07 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-08-01 21:45 - 2021-07-13 14:07 - 001097856 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-08-01 21:45 - 2021-07-13 14:07 - 001097856 _____ C:\Windows\system32\vulkan-1.dll
2021-08-01 21:45 - 2021-07-13 14:07 - 000951936 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-08-01 21:45 - 2021-07-13 14:07 - 000951936 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-08-01 21:45 - 2021-07-13 14:06 - 001474704 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-08-01 21:45 - 2021-07-13 14:06 - 001212560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-08-01 21:45 - 2021-07-13 14:02 - 001520776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-08-01 21:45 - 2021-07-13 14:02 - 000716912 _____ C:\Windows\system32\nvofapi64.dll
2021-08-01 21:45 - 2021-07-13 14:02 - 000676480 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-08-01 21:45 - 2021-07-13 14:02 - 000645232 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-08-01 21:45 - 2021-07-13 14:02 - 000577152 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-08-01 21:45 - 2021-07-13 14:02 - 000564352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-08-01 21:45 - 2021-07-13 14:01 - 002112128 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-08-01 21:45 - 2021-07-13 14:01 - 001595520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-08-01 21:45 - 2021-07-13 14:01 - 001171072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-08-01 21:45 - 2021-07-13 14:01 - 000706176 _____ (NVIDIA Corporation) C:\Windows\system32\NVIDIA-smi.exe
2021-08-01 21:45 - 2021-07-13 14:00 - 008854144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-08-01 21:45 - 2021-07-13 14:00 - 007920768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-08-01 21:45 - 2021-07-13 14:00 - 005680760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2021-08-01 21:45 - 2021-07-13 14:00 - 004987520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-08-01 21:45 - 2021-07-13 14:00 - 002925696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-08-01 21:45 - 2021-07-13 14:00 - 000447104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-08-01 21:45 - 2021-07-13 13:59 - 000849008 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-08-01 21:45 - 2021-07-13 13:57 - 006215792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-08-01 21:45 - 2021-07-12 08:32 - 000083062 _____ C:\Windows\system32\nvinfo.pb
2021-08-01 16:18 - 2021-08-01 16:18 - 000000000 ____D C:\Users\brujo\OneDrive\Documentos\Battlefield 1
2021-07-31 00:05 - 2021-07-31 00:05 - 000000000 ___HD C:\Program Files\Common FilesEAInstaller
2021-07-31 00:05 - 2021-07-31 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1
2021-07-30 21:46 - 2021-08-01 16:17 - 000000000 ____D C:\Program Files (x86)\Origin Games
2021-07-30 21:46 - 2021-07-31 04:00 - 000000000 ____D C:\ProgramData\Electronic Arts
2021-07-30 21:46 - 2021-07-30 21:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2021-07-30 21:44 - 2021-08-05 03:04 - 000000000 ____D C:\Users\brujo\AppData\Roaming\Origin
2021-07-30 21:44 - 2021-08-05 03:04 - 000000000 ____D C:\ProgramData\Origin
2021-07-30 21:44 - 2021-08-02 21:47 - 000000000 ____D C:\Users\brujo\AppData\Local\Origin
2021-07-30 21:44 - 2021-07-30 21:44 - 000000000 ____D C:\Users\brujo\.QtWebEngineProcess
2021-07-30 21:44 - 2021-07-30 21:44 - 000000000 ____D C:\Users\brujo\.Origin
2021-07-25 00:50 - 2021-07-25 00:50 - 000000000 ____D C:\Users\brujo\OneDrive\Documentos\Wastelands-Interactive
2021-07-25 00:50 - 2021-07-25 00:50 - 000000000 ____D C:\Users\brujo\AppData\LocalLow\Wastelands Interactive
2021-07-23 19:46 - 2021-07-23 19:46 - 000000000 ____D C:\Users\brujo\AppData\Local\GameAnalytics
2021-07-23 19:45 - 2021-07-23 19:45 - 000000000 ____D C:\Users\brujo\AppData\Local\Robot Entertainment
2021-07-18 00:08 - 2021-07-18 00:08 - 000000000 ____D C:\Users\brujo\AppData\Local\Strange Brigade
2021-07-15 15:14 - 2021-07-15 15:14 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-07-15 15:14 - 2021-07-15 15:14 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-15 15:14 - 2021-07-15 15:14 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2021-07-15 15:14 - 2021-07-15 15:14 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2021-07-15 15:14 - 2021-07-15 15:14 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb
2021-07-15 15:14 - 2021-07-15 15:14 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb
2021-07-15 03:13 - 2021-06-03 10:56 - 000043408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys
2021-07-13 00:16 - 2021-07-13 00:28 - 000000000 ____D C:\Users\brujo\AppData\Local\STREAMGAMES
2021-07-12 20:39 - 2021-07-13 00:11 - 000000000 ____D C:\Users\brujo\AppData\LocalLow\Behold Studios

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-08-10 20:23 - 2020-08-22 21:39 - 000000000 ____D C:\Users\brujo\AppData\LocalLow\Mozilla
2021-08-10 15:39 - 2020-08-22 21:39 - 000000000 ____D C:\Users\brujo\AppData\Roaming\discord
2021-08-10 15:17 - 2020-08-22 21:39 - 000000000 ____D C:\ProgramData\Mozilla
2021-08-10 15:16 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness
2021-08-10 15:15 - 2020-08-22 21:24 - 000000000 ____D C:\Users\brujo
2021-08-10 15:15 - 2020-08-22 21:19 - 000008192 ___SH C:\DumpStack.log.tmp
2021-08-10 15:15 - 2020-08-22 21:19 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-08-10 15:15 - 2020-08-22 21:19 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-08-10 15:15 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-08-10 12:05 - 2020-08-22 21:39 - 000000000 ____D C:\Users\brujo\AppData\Local\Discord
2021-08-10 05:26 - 2020-08-22 21:34 - 000000000 ____D C:\Users\brujo\AppData\Local\Packages
2021-08-10 05:26 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-08-10 05:02 - 2020-08-23 03:00 - 000000000 ____D C:\Users\brujo\AppData\Roaming\obs-studio
2021-08-10 03:56 - 2020-08-23 04:04 - 000000000 ____D C:\Users\brujo\AppData\Roaming\Leppsoft
2021-08-10 02:34 - 2020-09-07 04:15 - 000000000 ____D C:\Users\brujo\AppData\Local\FiveM
2021-08-09 18:49 - 2020-08-25 21:48 - 000000000 ____D C:\Users\brujo\AppData\Roaming\TS3Client
2021-08-09 01:52 - 2020-08-22 22:28 - 000000000 ____D C:\ProgramData\NVIDIA
2021-08-06 21:43 - 2020-08-23 00:00 - 000000000 ____D C:\Users\brujo\AppData\Local\D3DSCache
2021-08-06 21:34 - 2020-08-22 21:28 - 001741824 _____ C:\Windows\system32\PerfStringBackup.INI
2021-08-06 21:34 - 2019-12-07 11:54 - 000752436 _____ C:\Windows\system32\prfh0416.dat
2021-08-06 21:34 - 2019-12-07 11:54 - 000148550 _____ C:\Windows\system32\prfc0416.dat
2021-08-06 21:34 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF
2021-08-06 21:26 - 2019-12-07 06:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-08-06 21:20 - 2020-09-21 12:44 - 000000000 ____D C:\Program Files (x86)\Google
2021-08-06 21:19 - 2020-08-22 21:35 - 000000000 ___RD C:\Users\brujo\OneDrive
2021-08-06 21:18 - 2020-09-02 02:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-08-06 20:57 - 2020-08-30 17:26 - 000000000 ____D C:\Users\brujo\AppData\Roaming\EasyAntiCheat
2021-08-06 11:18 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-08-06 11:09 - 2020-10-25 11:49 - 000000000 ____D C:\Program Files\Microsoft Office
2021-08-06 11:02 - 2020-10-07 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2021-08-06 10:38 - 2020-10-01 03:10 - 000000000 ____D C:\Users\brujo\AppData\Roaming\uTorrent
2021-08-06 00:44 - 2020-08-22 21:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-08-05 23:30 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-08-05 20:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\registration
2021-08-03 21:49 - 2020-08-22 23:38 - 000000000 ____D C:\Users\brujo\AppData\Local\NVIDIA Corporation
2021-08-02 23:47 - 2020-09-13 03:36 - 000000000 ____D C:\Users\brujo\AppData\Local\ElevatedDiagnostics
2021-08-01 22:06 - 2020-09-06 22:30 - 000000000 ____D C:\Users\brujo\AppData\Local\NVIDIA
2021-08-01 22:04 - 2020-08-22 21:30 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2021-08-01 21:46 - 2020-08-22 21:30 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-07-30 19:58 - 2020-10-27 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snap Inc
2021-07-30 19:58 - 2020-10-27 17:04 - 000000000 ____D C:\Program Files\Snap Inc
2021-07-30 19:25 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-07-30 19:18 - 2020-08-22 21:24 - 000002385 _____ C:\Users\brujo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-07-23 19:45 - 2020-08-30 17:26 - 000000000 ____D C:\Users\brujo\AppData\Local\UnrealEngine
2021-07-23 16:29 - 2020-08-22 21:19 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-19 23:01 - 2020-08-23 00:00 - 000000000 ____D C:\Users\brujo\AppData\Roaming\CitizenFX
2021-07-19 20:07 - 2020-08-30 20:29 - 000000000 ____D C:\Users\brujo\AppData\Local\CrashDumps
2021-07-19 19:45 - 2020-08-22 21:19 - 000290552 _____ C:\Windows\system32\FNTCACHE.DAT
2021-07-19 19:44 - 2020-06-20 14:27 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-07-19 19:44 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources
2021-07-19 19:44 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-19 19:44 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr
2021-07-19 19:44 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-15 15:15 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-15 15:10 - 2020-08-22 22:04 - 000000000 ____D C:\Windows\system32\MRT
2021-07-15 15:08 - 2020-08-22 22:04 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-07-15 03:13 - 2020-08-22 22:28 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-07-15 03:13 - 2020-08-22 21:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-07-15 03:09 - 2020-11-11 23:14 - 000002120 _____ C:\Users\brujo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk
2021-07-13 14:01 - 2020-08-22 22:22 - 000919168 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-07-13 14:01 - 2020-08-22 21:29 - 000750208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-07-13 13:57 - 2020-08-22 21:29 - 007280312 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-07-12 20:07 - 2020-11-20 15:03 - 000000000 ____D C:\Users\brujo\OneDrive\Documentos\My Games
2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup
2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe
2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism
2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\Provisioning
2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions

==================== Arquivos na raiz de alguns diretórios ========

2020-11-05 20:32 - 2020-11-05 20:32 - 000000000 _____ () C:\Program Files\Blade Group
2020-12-01 18:32 - 2020-12-01 18:32 - 000000015 _____ () C:\Users\brujo\AppData\Roaming\obs-virtualcam.txt
2020-08-22 23:34 - 2020-08-22 23:34 - 000000017 _____ () C:\Users\brujo\AppData\Local\resmon.resmoncfg
2020-08-25 22:20 - 2020-08-25 22:20 - 000000003 _____ () C:\Users\brujo\AppData\Local\updater.log
2020-08-25 22:20 - 2020-08-25 22:20 - 000000424 _____ () C:\Users\brujo\AppData\Local\UserProducts.xml

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Link para o comentário
Compartilhar em outros sites

Addition.txt

 

 

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 08-08-2021
Executado por brujox (10-08-2021 20:25:14)
Executando a partir de C:\Users\brujo\OneDrive\Área de Trabalho
Windows 10 Pro Versão 20H2 19042.1110 (X64) (2020-08-23 00:22:08)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================


(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-3185714078-54240054-2241748334-500 - Administrator - Disabled)
brujox (S-1-5-21-3185714078-54240054-2241748334-1001 - Administrator - Enabled) => C:\Users\brujo
Convidado (S-1-5-21-3185714078-54240054-2241748334-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3185714078-54240054-2241748334-503 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3185714078-54240054-2241748334-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Spybot - Search and Destroy (Disabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.57.44284 - Electronic Arts)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts)
CCleaner (HKLM\...\CCleaner) (Version: 5.83 - Piriform)
Discord (HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
ESET Security (HKLM\...\{6B1BBDBF-507A-4736-82B0-DE772C1D2AFE}) (Version: 14.2.19.0 - ESET, spol. s r.o.)
FiveM (HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\CitizenFX_FiveM) (Version:  - Cfx.re)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC)
Grand Theft Auto V (HKLM-x32\...\{BEEFBEEF-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2372.0 - Rockstar Games)
K-Lite Codec Pack 16.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.2.0 - KLCP)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.14228.20226 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 90.0.2 (x64 pt-BR)) (Version: 90.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0.2 - Mozilla)
NVIDIA Driver de gráficos 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.14228.20222 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 4.3.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.3 - VS Revo Group, Ltd.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.5 - Rockstar Games)
RogueKiller version 15.0.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.9.0 - Adlice Software)
Snap Camera 1.14.0 (HKLM-x32\...\{024A6CF5-627D-497F-980B-B9A6EC5C40AF}_is1) (Version: 1.14.0 - Snap Inc.)
Soundtrack by Twitch (HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF372D0}) (Version: 8.0.0 - Twitch Interactive, Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamElements OBS.Live (HKLM-x32\...\StreamElements OBS.Live) (Version: 21.6.23.745 - StreamElements)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.9.4 - TeamViewer)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-05] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0 [2021-08-06] (Spotify AB) [Startup Task]

==================== Exame Personalizado CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-06-27] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-06-27] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-06-27] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [Arquivo não assinado]

==================== Atalhos & WMI ========================

==================== Módulos Carregados (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation)

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-3185714078-54240054-2241748334-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\brujo\OneDrive\Área de Trabalho\home.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: EasyAntiCheat_EOS => 3
MSCONFIG\Services: FvSvc => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvContainerLocalSystem => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: rkrtservice => 3
MSCONFIG\Services: Rockstar Service => 3
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TwitchService => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\StartupApproved\Run: => "Snap Camera"
HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{A172DD13-4CE7-4C14-87E2-2D03E7B292B4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C9E6FBD-45A6-4E65-AB9B-FA44722ABEA6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{46C7FE8F-9D89-404E-B8FF-1B00A7854F47}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B67302FD-07FD-4C7E-AEFA-904E72EE9E67}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{E89201FF-8374-402B-BD35-F6A0DB0BA824}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DA45E218-31BA-4CBB-9F3E-50284197B50C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{D8B03789-520C-4439-8F31-A7D635AE2666}] => (Allow) D:\Steam\steamapps\common\Soundpad\Soundpad.exe (Arthur Lepp -> Leppsoft)
FirewallRules: [{7E857A0D-AF8F-47AB-B4E7-CF5D8D716EB9}] => (Allow) D:\Steam\steamapps\common\Soundpad\Soundpad.exe (Arthur Lepp -> Leppsoft)
FirewallRules: [{EAFB4D95-7512-4AE7-A8DE-8D7CA62526EC}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{63A3C633-85DF-4054-8BB4-0A6F8C074C91}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{39421AE3-C08F-4807-A1EB-A6DD05CD1C27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5DF34FD6-D07B-43B6-8F33-CEA17A9AA576}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D5C108DD-36AE-47BC-B3FB-123594076452}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7BB777A4-0137-4CB5-B789-5B404DFFBD82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7F194C9D-EB5B-46C0-8923-C9855CE1FA88}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{C6B61B07-C4D6-4F53-A092-ECF1E640568E}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{F6C8C086-CD79-48CC-81DB-CD29EA016B2F}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{C1CABDBC-3E21-47D9-969F-464BD169534E}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{5BDAFDE2-0BBB-45AB-B236-CA462D889DB1}] => (Allow) G:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{DFD9D5B1-366B-4CF8-BD21-AD387E7BE68A}] => (Allow) G:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{D6E25987-F0E9-469D-ABDD-E36227A28A95}] => (Allow) G:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Arquivo não assinado]
FirewallRules: [{B5FE1337-8BCB-4D66-ACE4-E1DA5F07190C}] => (Allow) G:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Arquivo não assinado]
FirewallRules: [{892023FC-F095-4E1B-BE18-4776092A8397}] => (Allow) G:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [Arquivo não assinado]
FirewallRules: [{94887ECA-B035-418E-9C7D-A1F59023383B}] => (Allow) G:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [Arquivo não assinado]
FirewallRules: [{C7740A89-016E-4853-B542-228D4416A4C2}] => (Allow) G:\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [Arquivo não assinado]
FirewallRules: [{A5497E81-712C-432E-B948-481CA8E09C5A}] => (Allow) G:\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [Arquivo não assinado]
FirewallRules: [{EF7007B7-6E1D-408D-A23F-6E0CBE45E213}] => (Allow) G:\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe => Nenhum Arquivo
FirewallRules: [{A2A16FFB-1908-45FD-BC60-DE13E0F2C35C}] => (Allow) G:\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe => Nenhum Arquivo
FirewallRules: [{844CFF4A-29AB-4503-8347-418866768C41}] => (Allow) C:\Users\brujo\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2189_GTAProcess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [{B33E6CB2-679D-48CE-B8CF-DB9C0C310F9E}] => (Allow) C:\Users\brujo\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2189_GTAProcess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [{3995A387-9374-4ED3-9173-A21ADA1C6BF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{9221AD27-9716-4D78-8748-361AA6350494}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F1BBDDE8-0323-4774-9738-2264E177F55E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{29636011-BB48-40B6-B33E-13A52823DDD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BDF96B75-2670-49B7-B519-1DB1706756B2}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => Nenhum Arquivo
FirewallRules: [{FAA57E75-E3DA-46DE-BE7E-A284ED96F7B6}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => Nenhum Arquivo
FirewallRules: [{56DBB683-1075-424A-AB23-7B975FC8812A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{FB3BCA6A-3671-4248-9BFA-796D5E3C4EF0}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{379B9DFB-6B12-41C6-883C-F994FD1F0E47}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{9A119D96-8479-4C85-98BB-4F728BC4F18F}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{BAEBE1E9-CFA8-4F44-8698-6B337D100164}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{8C39E5CF-ED9E-4B26-8CFD-397DC9CBC06B}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{31494F28-C1AC-4027-B5C4-CA7BD2D2A295}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield V\bfv.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{BEF3BDF6-F5CC-4A77-BF13-A29F989CCBF1}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield V\bfv.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{CB8094D3-CD1A-491A-B4B7-12F93B1BCF43}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CED2D83E-4E94-464F-A1D8-AB9AECE4C3B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3CB7A9DD-969D-4AC2-B39F-99BC13BDC16D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4CC8EBCA-29BC-4A20-953F-8A111EE707E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1360D7DD-ED17-4431-8D46-740CA6138D8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{571A6953-DD01-4EAB-AA79-F5822990388A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3B542C96-5FA5-4B72-B788-8A972987B27D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{803D4900-F677-42E0-9BA5-05437ED27731}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A1FDB5EC-AB2F-4927-8235-3E70B575F053}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9BDD9CE4-3E5D-4B1E-B3BD-924801C83737}] => (Allow) C:\Users\brujo\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2372_GTAProcess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
FirewallRules: [{12C643CD-B354-4D83-AA34-7671EF50DE43}] => (Allow) C:\Users\brujo\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2372_GTAProcess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Pontos de Restauração =========================

10-08-2021 04:42:07 ZHPcleaner

==================== Dispositivos Apresentando Falhas No Gerenciador ============


==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (08/09/2021 07:40:31 PM) (Source: Distributed Link Tracking Client) (EventID: 12503) (User: )
Description: Event-ID 12503

Error: (08/09/2021 05:55:35 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em DOWNLOAD (F:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (08/09/2021 05:54:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em Steam (G:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (08/09/2021 05:42:38 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento desfragmentação em 320 (E:) devido a: O disco foi desconectado do sistema. (0x89000011)

Error: (08/06/2021 08:44:06 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
   Obtendo Dados do Gravador

Contexto:
   Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome do Gravador: System Writer
   ID de Instância de Gravador: {126c6afa-6f96-4c87-a819-9e0c12f10971}

Error: (08/06/2021 07:48:21 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.


Operação:
   Obtendo Dados do Gravador

Contexto:
   Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome do Gravador: System Writer
   ID de Instância de Gravador: {82ac5486-33ea-430b-89d2-0c34fcd46e39}

Error: (08/06/2021 03:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa firefox.exe versão 90.0.2.7872 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção.

ID do Processo: 38e8

Hora de Início: 01d78af4ccded637

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\Mozilla Firefox\firefox.exe

ID do Relatório: d5534e91-2b10-496d-8167-0e64f90605e8

Nome completo do pacote com falha:

ID do aplicativo relativo ao pacote com falha:

Tipo com falha: Top level window is idle

Error: (08/06/2021 03:51:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: wmiprvse.exe, versão: 10.0.19041.546, carimbo de data/hora: 0x5da7ab91
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0x80131623
Deslocamento da falha: 0x00007ff82b9e200f
ID do processo com falha: 0xc4c
Hora de início do aplicativo com falha: 0x01d78af40a8f2925
Caminho do aplicativo com falha: C:\Windows\system32\wbem\wmiprvse.exe
Caminho do módulo com falha: unknown
ID do Relatório: 9ebd3b82-f400-48e1-bccc-49fb73c00409
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:


Erros de Sistema:
=============
Error: (08/10/2021 03:16:38 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-QEKIPH9)
Description: Não é possível iniciar o servidor DCOM: Microsoft.MicrosoftEdge_44.19041.1023.0_neutral__8wekyb3d8bbwe!MicrosoftEdge como Não Disponível/Não Disponível. O erro:
"2147942402"
Aconteceu ao iniciar este comando:
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

Error: (08/10/2021 03:15:49 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: AUTORIDADE NT)
Description: Erro fatal de hardware. Um registro descrevendo a condição encontra-se na seção de dados deste evento.

Error: (08/10/2021 03:15:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (08/10/2021 03:15:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT)
Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais.

Error: (08/10/2021 03:15:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço luafv devido ao seguinte erro:
O carregamento deste driver foi bloqueado

Error: (08/10/2021 03:15:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento do sistema que ocorreu às 15:28:17 do dia ‎10/‎08/‎2021 não era esperado.

Error: (08/10/2021 04:28:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Microsoft Office Click-to-Run Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (08/09/2021 05:30:32 AM) (Source: disk) (EventID: 154) (User: )
Description: Falha na operação de ES no endereço de bloco lógico 0x11a36a98 para o Disco 2 (nome PDO: \Device\00000036) devido a um erro de hardware.


Windows Defender:
================
Date: 2021-08-05 17:42:08
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {0EB65141-96C5-4901-A2F2-245DAFA40FA0}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-07-31 18:05:17
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {1E780801-95B2-4753-9A16-BE01F6A01B6B}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-07-27 17:19:09
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {9BE86FA7-7E05-4798-8F41-FCC8181C5DF1}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-07-27 05:19:10
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {B68AB210-AC7E-4034-89D0-F19FA893BA6F}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-07-26 04:18:43
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {8F8CAA34-2EDC-4C97-9E79-3A6AA25DCE2E}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-08-05 23:57:01
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.343.2295.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.18400.4
Código de Erro: 0x8007043c
Descrição do Erro: Não é possível compartilhar este serviço no modo de segurança

Date: 2021-08-05 23:47:00
Description:
O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x8007043c
Descrição do erro: Não é possível compartilhar este serviço no modo de segurança
Motivo: A inteligência de segurança antimalware parou de funcionar por um motivo desconhecido. Em alguns casos, reiniciar o serviço pode resolver o problema.

CodeIntegrity:
===============
Date: 2021-08-10 20:25:55
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-08-10 15:15:52
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Informações da Memória ===========================

BIOS: American Megatrends Inc. 0402 06/17/2015
placa-mãe: ASUSTeK COMPUTER INC. H81M-CS/BR
Processador: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentagem de memória em uso: 24%
RAM física total: 16322.43 MB
RAM física disponível: 12253.92 MB
Virtual Total: 24514.43 MB
Virtual disponível: 19051.89 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:111.13 GB) (Free:41.39 GB) NTFS
Drive d: (SSD NEW) (Fixed) (Total:447.01 GB) (Free:156.61 GB) NTFS
Drive e: (320) (Fixed) (Total:298.09 GB) (Free:39.89 GB) NTFS
Drive f: (DOWNLOAD) (Fixed) (Total:97.66 GB) (Free:33.46 GB) NTFS
Drive g: (Steam) (Fixed) (Total:367.55 GB) (Free:215.86 GB) NTFS

\\?\Volume{80abeef2-22aa-420b-ac6b-997d38761aa8}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS
\\?\Volume{00f9582c-9ce0-442d-b1e1-c3a5b5062b4c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 447.1 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 00097AAE)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: 445173F0)

Partition: GPT.

==================== Fim de Addition.txt =======================

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@brujox

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
Task: {104BE413-AF8F-4A34-A848-DE263CB41B79} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {198A53D4-2702-4617-9391-71B1523D893C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1B4DC01E-0763-4E69-B834-EA78CB28D02B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {39483EA5-C824-4F7D-AD57-602824E7453B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {5015B864-CE24-4248-899A-540577D7E051} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {59C3EE15-55A2-4CC3-B8E4-0A0AAA50577F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {6CEE7037-786E-460E-A28D-E631F726AB50} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {81603CF9-7BCD-4397-93E3-CD1600C5182E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {8528BACD-6646-40CB-B9DF-E88349677C73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3D24989-44BA-400B-B7D9-F76735BA477D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1C46254-C45B-4786-BFD3-B59D8CB9F330} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)
Task: {E362F057-714B-4355-AE3C-B7D1336BE615} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: C:\Windows\Tasks\EOSv3 Scheduler onTime.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
CloseProcesses:
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

 

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e Windows 10:Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

 

Clique no botão image.png

 

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

 

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Link para o comentário
Compartilhar em outros sites

Perdão eu não recordo se pausei o antivírus mas abaixo o log. Só uma observação... Desde que PC ficou infectado, boot tá demorando absurdamente entre 5-10min e o incrível é que tá SSD. Só estou esperando aguardar a sua avaliação pois deverei formatar logo

 

 

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 11-08-2021
Executado por brujox (11-08-2021 19:21:39) Run:1
Executando a partir de C:\Users\brujo\OneDrive\Área de Trabalho
Perfis Carregados: brujox
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
Task: {104BE413-AF8F-4A34-A848-DE263CB41B79} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {198A53D4-2702-4617-9391-71B1523D893C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {1B4DC01E-0763-4E69-B834-EA78CB28D02B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {39483EA5-C824-4F7D-AD57-602824E7453B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {5015B864-CE24-4248-899A-540577D7E051} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {59C3EE15-55A2-4CC3-B8E4-0A0AAA50577F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {6CEE7037-786E-460E-A28D-E631F726AB50} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {81603CF9-7BCD-4397-93E3-CD1600C5182E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {8528BACD-6646-40CB-B9DF-E88349677C73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3D24989-44BA-400B-B7D9-F76735BA477D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1C46254-C45B-4786-BFD3-B59D8CB9F330} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform)
Task: {E362F057-714B-4355-AE3C-B7D1336BE615} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation)
Task: C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Task: C:\Windows\Tasks\EOSv3 Scheduler onTime.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
CloseProcesses:
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{104BE413-AF8F-4A34-A848-DE263CB41B79}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{104BE413-AF8F-4A34-A848-DE263CB41B79}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{198A53D4-2702-4617-9391-71B1523D893C}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{198A53D4-2702-4617-9391-71B1523D893C}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\CCleanerSkipUAC => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B4DC01E-0763-4E69-B834-EA78CB28D02B}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B4DC01E-0763-4E69-B834-EA78CB28D02B}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39483EA5-C824-4F7D-AD57-602824E7453B}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39483EA5-C824-4F7D-AD57-602824E7453B}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5015B864-CE24-4248-899A-540577D7E051}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5015B864-CE24-4248-899A-540577D7E051}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn2016" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59C3EE15-55A2-4CC3-B8E4-0A0AAA50577F}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59C3EE15-55A2-4CC3-B8E4-0A0AAA50577F}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CEE7037-786E-460E-A28D-E631F726AB50}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CEE7037-786E-460E-A28D-E631F726AB50}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81603CF9-7BCD-4397-93E3-CD1600C5182E}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81603CF9-7BCD-4397-93E3-CD1600C5182E}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8528BACD-6646-40CB-B9DF-E88349677C73}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8528BACD-6646-40CB-B9DF-E88349677C73}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack2016" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3D24989-44BA-400B-B7D9-F76735BA477D}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3D24989-44BA-400B-B7D9-F76735BA477D}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E1C46254-C45B-4786-BFD3-B59D8CB9F330}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1C46254-C45B-4786-BFD3-B59D8CB9F330}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\CCleaner Update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E362F057-714B-4355-AE3C-B7D1336BE615}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E362F057-714B-4355-AE3C-B7D1336BE615}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removido (a) com sucesso.
C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job => movido com sucesso
C:\Windows\Tasks\EOSv3 Scheduler onTime.job => movido com sucesso
Processos fechados com sucesso.

========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-3185714078-54240054-2241748334-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-3185714078-54240054-2241748334-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.


========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 398286652 B
Java, Flash, Steam htmlcache => 729610762 B
Windows/system/drivers => 17058600 B
Edge => 0 B
Chrome => 628359773 B
Firefox => 1127955198 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 65655 B
LocalService => 126103 B
NetworkService => 520459 B
brujo => 32938596 B

RecycleBin => 0 B
EmptyTemp: => 2.7 GB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 19:22:34 ====

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança
Em 10/08/2021 às 04:46, brujox disse:

Só lembrando que no sábado eu desativei tudo iniciar (msconfig) e digamos que "hibernou" a praga. Até hoje não se manifestou.

Mesmo depois de você desativar tudo, continua a demora no boot?

Link para o comentário
Compartilhar em outros sites

12 horas atrás, Elias Pereira disse:

Mesmo depois de você desativar tudo, continua a demora no boot?

Sim mas hoje percebi que um dos HD que possuo tá com defeito. Desativei ele e boot ok (creio que foi isso). Pois foi coincidência começou logo depois do malware.

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@brujox

 

Em relação a malwares, não temos mais problemas.

MANTENHA O SO ATUALIZADO:
Mantenha como "automatica" as atualizações do Windows. Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações. Por isso é fundamental manter o seu sistema atualizado.

Se não tiver mais problema em relação a malwares, clique em Denunciar Post localizado no topo da pagina e diga que seu topico está RESOLVIDO. Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do CdH.

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novas respostas.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Ebook grátis: Aprenda a ler resistores e capacitores!

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!