×
Ir ao conteúdo
  • Cadastre-se

brujox

Membro Júnior
  • Posts

    9
  • Cadastrado em

  • Última visita

  • Qualificações

    0%
  1. Por enquanto está tranquilo... Obrigado!
  2. Sim mas hoje percebi que um dos HD que possuo tá com defeito. Desativei ele e boot ok (creio que foi isso). Pois foi coincidência começou logo depois do malware.
  3. Perdão eu não recordo se pausei o antivírus mas abaixo o log. Só uma observação... Desde que PC ficou infectado, boot tá demorando absurdamente entre 5-10min e o incrível é que tá SSD. Só estou esperando aguardar a sua avaliação pois deverei formatar logo Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 11-08-2021 Executado por brujox (11-08-2021 19:21:39) Run:1 Executando a partir de C:\Users\brujo\OneDrive\Área de Trabalho Perfis Carregados: brujox Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO Task: {104BE413-AF8F-4A34-A848-DE263CB41B79} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {198A53D4-2702-4617-9391-71B1523D893C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd) Task: {1B4DC01E-0763-4E69-B834-EA78CB28D02B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {39483EA5-C824-4F7D-AD57-602824E7453B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {5015B864-CE24-4248-899A-540577D7E051} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {59C3EE15-55A2-4CC3-B8E4-0A0AAA50577F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {6CEE7037-786E-460E-A28D-E631F726AB50} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {81603CF9-7BCD-4397-93E3-CD1600C5182E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-21] (Mozilla Corporation -> Mozilla Foundation) Task: {8528BACD-6646-40CB-B9DF-E88349677C73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {A3D24989-44BA-400B-B7D9-F76735BA477D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {E1C46254-C45B-4786-BFD3-B59D8CB9F330} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform) Task: {E362F057-714B-4355-AE3C-B7D1336BE615} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Task: C:\Windows\Tasks\EOSv3 Scheduler onTime.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe CloseProcesses: CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{104BE413-AF8F-4A34-A848-DE263CB41B79}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{104BE413-AF8F-4A34-A848-DE263CB41B79}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{198A53D4-2702-4617-9391-71B1523D893C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{198A53D4-2702-4617-9391-71B1523D893C}" => removido (a) com sucesso. C:\Windows\System32\Tasks\CCleanerSkipUAC => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B4DC01E-0763-4E69-B834-EA78CB28D02B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B4DC01E-0763-4E69-B834-EA78CB28D02B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39483EA5-C824-4F7D-AD57-602824E7453B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39483EA5-C824-4F7D-AD57-602824E7453B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5015B864-CE24-4248-899A-540577D7E051}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5015B864-CE24-4248-899A-540577D7E051}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn2016" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{59C3EE15-55A2-4CC3-B8E4-0A0AAA50577F}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59C3EE15-55A2-4CC3-B8E4-0A0AAA50577F}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CEE7037-786E-460E-A28D-E631F726AB50}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CEE7037-786E-460E-A28D-E631F726AB50}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81603CF9-7BCD-4397-93E3-CD1600C5182E}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81603CF9-7BCD-4397-93E3-CD1600C5182E}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8528BACD-6646-40CB-B9DF-E88349677C73}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8528BACD-6646-40CB-B9DF-E88349677C73}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack2016" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3D24989-44BA-400B-B7D9-F76735BA477D}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3D24989-44BA-400B-B7D9-F76735BA477D}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E1C46254-C45B-4786-BFD3-B59D8CB9F330}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1C46254-C45B-4786-BFD3-B59D8CB9F330}" => removido (a) com sucesso. C:\Windows\System32\Tasks\CCleaner Update => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E362F057-714B-4355-AE3C-B7D1336BE615}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E362F057-714B-4355-AE3C-B7D1336BE615}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removido (a) com sucesso. C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job => movido com sucesso C:\Windows\Tasks\EOSv3 Scheduler onTime.job => movido com sucesso Processos fechados com sucesso. ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. "HKU\S-1-5-21-3185714078-54240054-2241748334-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-3185714078-54240054-2241748334-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 398286652 B Java, Flash, Steam htmlcache => 729610762 B Windows/system/drivers => 17058600 B Edge => 0 B Chrome => 628359773 B Firefox => 1127955198 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 65655 B LocalService => 126103 B NetworkService => 520459 B brujo => 32938596 B RecycleBin => 0 B EmptyTemp: => 2.7 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 19:22:34 ====
  4. Addition.txt Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 08-08-2021 Executado por brujox (10-08-2021 20:25:14) Executando a partir de C:\Users\brujo\OneDrive\Área de Trabalho Windows 10 Pro Versão 20H2 19042.1110 (X64) (2020-08-23 00:22:08) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-3185714078-54240054-2241748334-500 - Administrator - Disabled) brujox (S-1-5-21-3185714078-54240054-2241748334-1001 - Administrator - Enabled) => C:\Users\brujo Convidado (S-1-5-21-3185714078-54240054-2241748334-501 - Limited - Disabled) DefaultAccount (S-1-5-21-3185714078-54240054-2241748334-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-3185714078-54240054-2241748334-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Spybot - Search and Destroy (Disabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8} AV: ESET Security (Enabled - Up to date) {89B55CC4-3881-78B2-11E2-479AE0371896} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.57.44284 - Electronic Arts) Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts) CCleaner (HKLM\...\CCleaner) (Version: 5.83 - Piriform) Discord (HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Discord) (Version: 0.0.309 - Discord Inc.) ESET Security (HKLM\...\{6B1BBDBF-507A-4736-82B0-DE772C1D2AFE}) (Version: 14.2.19.0 - ESET, spol. s r.o.) FiveM (HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\CitizenFX_FiveM) (Version: - Cfx.re) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC) Grand Theft Auto V (HKLM-x32\...\{BEEFBEEF-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2372.0 - Rockstar Games) K-Lite Codec Pack 16.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.2.0 - KLCP) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.14228.20226 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.14228.20226 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\OneDriveSetup.exe) (Version: 21.139.0711.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 90.0.2 (x64 pt-BR)) (Version: 90.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0.2 - Mozilla) NVIDIA Driver de gráficos 471.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.41 - NVIDIA Corporation) NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation) NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14228.20226 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.14228.20222 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.5.102.48654 - Electronic Arts, Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.) Revo Uninstaller Pro 4.3.3 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.3.3 - VS Revo Group, Ltd.) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.8.5 - Rockstar Games) RogueKiller version 15.0.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.9.0 - Adlice Software) Snap Camera 1.14.0 (HKLM-x32\...\{024A6CF5-627D-497F-980B-B9A6EC5C40AF}_is1) (Version: 1.14.0 - Snap Inc.) Soundtrack by Twitch (HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF372D0}) (Version: 8.0.0 - Twitch Interactive, Inc.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) StreamElements OBS.Live (HKLM-x32\...\StreamElements OBS.Live) (Version: 21.6.23.745 - StreamElements) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.3 - TeamSpeak Systems GmbH) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.9.4 - TeamViewer) WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH) Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-08-05] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.7290.0_x64__8wekyb3d8bbwe [2021-08-05] (Microsoft Studios) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-08-05] (NVIDIA Corp.) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0 [2021-08-06] (Spotify AB) [Startup Task] ==================== Exame Personalizado CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-06-27] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-06-27] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\nvshext.dll [2021-07-13] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2021-06-27] (ESET, spol. s r.o. -> ESET) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2019-03-29] (VS Revo Group Ltd. -> VS Revo Group) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-06-25] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [Arquivo não assinado] ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-30] (Microsoft Corporation -> Microsoft Corporation) ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-3185714078-54240054-2241748334-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\brujo\OneDrive\Área de Trabalho\home.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) MSCONFIG\Services: asComSvc => 2 MSCONFIG\Services: EasyAntiCheat => 3 MSCONFIG\Services: EasyAntiCheat_EOS => 3 MSCONFIG\Services: FvSvc => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: rkrtservice => 3 MSCONFIG\Services: Rockstar Service => 3 MSCONFIG\Services: SDScannerService => 2 MSCONFIG\Services: SDUpdateService => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: TwitchService => 3 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "MouseDriver" HKLM\...\StartupApproved\Run32: => "Lightshot" HKLM\...\StartupApproved\Run32: => "SDTray" HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\StartupApproved\Run: => "Snap Camera" HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{A172DD13-4CE7-4C14-87E2-2D03E7B292B4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3C9E6FBD-45A6-4E65-AB9B-FA44722ABEA6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{46C7FE8F-9D89-404E-B8FF-1B00A7854F47}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{B67302FD-07FD-4C7E-AEFA-904E72EE9E67}] => (Allow) D:\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{E89201FF-8374-402B-BD35-F6A0DB0BA824}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{DA45E218-31BA-4CBB-9F3E-50284197B50C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{D8B03789-520C-4439-8F31-A7D635AE2666}] => (Allow) D:\Steam\steamapps\common\Soundpad\Soundpad.exe (Arthur Lepp -> Leppsoft) FirewallRules: [{7E857A0D-AF8F-47AB-B4E7-CF5D8D716EB9}] => (Allow) D:\Steam\steamapps\common\Soundpad\Soundpad.exe (Arthur Lepp -> Leppsoft) FirewallRules: [{EAFB4D95-7512-4AE7-A8DE-8D7CA62526EC}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{63A3C633-85DF-4054-8BB4-0A6F8C074C91}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{39421AE3-C08F-4807-A1EB-A6DD05CD1C27}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{5DF34FD6-D07B-43B6-8F33-CEA17A9AA576}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{D5C108DD-36AE-47BC-B3FB-123594076452}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{7BB777A4-0137-4CB5-B789-5B404DFFBD82}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{7F194C9D-EB5B-46C0-8923-C9855CE1FA88}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{C6B61B07-C4D6-4F53-A092-ECF1E640568E}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{F6C8C086-CD79-48CC-81DB-CD29EA016B2F}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{C1CABDBC-3E21-47D9-969F-464BD169534E}] => (Allow) D:\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe (Rockstar Games, Inc. -> Rockstar Games) FirewallRules: [{5BDAFDE2-0BBB-45AB-B236-CA462D889DB1}] => (Allow) G:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{DFD9D5B1-366B-4CF8-BD21-AD387E7BE68A}] => (Allow) G:\Steam\steamapps\common\Dead by Daylight\DeadByDaylight.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd) FirewallRules: [{D6E25987-F0E9-469D-ABDD-E36227A28A95}] => (Allow) G:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Arquivo não assinado] FirewallRules: [{B5FE1337-8BCB-4D66-ACE4-E1DA5F07190C}] => (Allow) G:\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe () [Arquivo não assinado] FirewallRules: [{892023FC-F095-4E1B-BE18-4776092A8397}] => (Allow) G:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [Arquivo não assinado] FirewallRules: [{94887ECA-B035-418E-9C7D-A1F59023383B}] => (Allow) G:\Steam\steamapps\common\Phasmophobia\Phasmophobia.exe () [Arquivo não assinado] FirewallRules: [{C7740A89-016E-4853-B542-228D4416A4C2}] => (Allow) G:\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [Arquivo não assinado] FirewallRules: [{A5497E81-712C-432E-B948-481CA8E09C5A}] => (Allow) G:\Steam\steamapps\common\PC Building Simulator\PCBS.exe () [Arquivo não assinado] FirewallRules: [{EF7007B7-6E1D-408D-A23F-6E0CBE45E213}] => (Allow) G:\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe => Nenhum Arquivo FirewallRules: [{A2A16FFB-1908-45FD-BC60-DE13E0F2C35C}] => (Allow) G:\Steam\steamapps\common\Magicka 2\engine\Magicka2.exe => Nenhum Arquivo FirewallRules: [{844CFF4A-29AB-4503-8347-418866768C41}] => (Allow) C:\Users\brujo\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2189_GTAProcess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re) FirewallRules: [{B33E6CB2-679D-48CE-B8CF-DB9C0C310F9E}] => (Allow) C:\Users\brujo\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2189_GTAProcess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re) FirewallRules: [{3995A387-9374-4ED3-9173-A21ADA1C6BF9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{9221AD27-9716-4D78-8748-361AA6350494}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F1BBDDE8-0323-4774-9738-2264E177F55E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{29636011-BB48-40B6-B33E-13A52823DDD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{BDF96B75-2670-49B7-B519-1DB1706756B2}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => Nenhum Arquivo FirewallRules: [{FAA57E75-E3DA-46DE-BE7E-A284ED96F7B6}] => (Allow) G:\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe => Nenhum Arquivo FirewallRules: [{56DBB683-1075-424A-AB23-7B975FC8812A}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [{FB3BCA6A-3671-4248-9BFA-796D5E3C4EF0}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [{379B9DFB-6B12-41C6-883C-F994FD1F0E47}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [{9A119D96-8479-4C85-98BB-4F728BC4F18F}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [{BAEBE1E9-CFA8-4F44-8698-6B337D100164}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [{8C39E5CF-ED9E-4B26-8CFD-397DC9CBC06B}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [{31494F28-C1AC-4027-B5C4-CA7BD2D2A295}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield V\bfv.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [{BEF3BDF6-F5CC-4A77-BF13-A29F989CCBF1}] => (Allow) D:\Program Files (x86)\Origin Games\Battlefield V\bfv.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [{CB8094D3-CD1A-491A-B4B7-12F93B1BCF43}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{CED2D83E-4E94-464F-A1D8-AB9AECE4C3B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3CB7A9DD-969D-4AC2-B39F-99BC13BDC16D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4CC8EBCA-29BC-4A20-953F-8A111EE707E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1360D7DD-ED17-4431-8D46-740CA6138D8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{571A6953-DD01-4EAB-AA79-F5822990388A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3B542C96-5FA5-4B72-B788-8A972987B27D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{803D4900-F677-42E0-9BA5-05437ED27731}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A1FDB5EC-AB2F-4927-8235-3E70B575F053}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.165.643.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{9BDD9CE4-3E5D-4B1E-B3BD-924801C83737}] => (Allow) C:\Users\brujo\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2372_GTAProcess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re) FirewallRules: [{12C643CD-B354-4D83-AA34-7671EF50DE43}] => (Allow) C:\Users\brujo\AppData\Local\FiveM\FiveM.app\data\cache\subprocess\FiveM_b2372_GTAProcess.exe (TASKS ME - IT DEVELOPMENT (AILENE BULALACAO TAGOLGOL) -> Cfx.re) StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service ==================== Pontos de Restauração ========================= 10-08-2021 04:42:07 ZHPcleaner ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (08/09/2021 07:40:31 PM) (Source: Distributed Link Tracking Client) (EventID: 12503) (User: ) Description: Event-ID 12503 Error: (08/09/2021 05:55:35 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em DOWNLOAD (F:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A) Error: (08/09/2021 05:54:55 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em Steam (G:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A) Error: (08/09/2021 05:42:38 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: Não foi possível concluir o otimizador de armazenamento desfragmentação em 320 (E:) devido a: O disco foi desconectado do sistema. (0x89000011) Error: (08/06/2021 08:44:06 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {126c6afa-6f96-4c87-a819-9e0c12f10971} Error: (08/06/2021 07:48:21 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {82ac5486-33ea-430b-89d2-0c34fcd46e39} Error: (08/06/2021 03:57:04 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa firefox.exe versão 90.0.2.7872 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 38e8 Hora de Início: 01d78af4ccded637 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\Mozilla Firefox\firefox.exe ID do Relatório: d5534e91-2b10-496d-8167-0e64f90605e8 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Tipo com falha: Top level window is idle Error: (08/06/2021 03:51:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: wmiprvse.exe, versão: 10.0.19041.546, carimbo de data/hora: 0x5da7ab91 Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0x80131623 Deslocamento da falha: 0x00007ff82b9e200f ID do processo com falha: 0xc4c Hora de início do aplicativo com falha: 0x01d78af40a8f2925 Caminho do aplicativo com falha: C:\Windows\system32\wbem\wmiprvse.exe Caminho do módulo com falha: unknown ID do Relatório: 9ebd3b82-f400-48e1-bccc-49fb73c00409 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Erros de Sistema: ============= Error: (08/10/2021 03:16:38 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-QEKIPH9) Description: Não é possível iniciar o servidor DCOM: Microsoft.MicrosoftEdge_44.19041.1023.0_neutral__8wekyb3d8bbwe!MicrosoftEdge como Não Disponível/Não Disponível. O erro: "2147942402" Aconteceu ao iniciar este comando: "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca Error: (08/10/2021 03:15:49 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 1) (User: AUTORIDADE NT) Description: Erro fatal de hardware. Um registro descrevendo a condição encontra-se na seção de dados deste evento. Error: (08/10/2021 03:15:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (08/10/2021 03:15:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: AUTORIDADE NT) Description: Ocorreu um erro ao tentar ler o arquivo de hosts locais. Error: (08/10/2021 03:15:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço luafv devido ao seguinte erro: O carregamento deste driver foi bloqueado Error: (08/10/2021 03:15:48 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento do sistema que ocorreu às 15:28:17 do dia ‎10/‎08/‎2021 não era esperado. Error: (08/10/2021 04:28:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Microsoft Office Click-to-Run Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (08/09/2021 05:30:32 AM) (Source: disk) (EventID: 154) (User: ) Description: Falha na operação de ES no endereço de bloco lógico 0x11a36a98 para o Disco 2 (nome PDO: \Device\00000036) devido a um erro de hardware. Windows Defender: ================ Date: 2021-08-05 17:42:08 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {0EB65141-96C5-4901-A2F2-245DAFA40FA0} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-31 18:05:17 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {1E780801-95B2-4753-9A16-BE01F6A01B6B} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-27 17:19:09 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {9BE86FA7-7E05-4798-8F41-FCC8181C5DF1} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-27 05:19:10 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {B68AB210-AC7E-4034-89D0-F19FA893BA6F} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-26 04:18:43 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {8F8CAA34-2EDC-4C97-9E79-3A6AA25DCE2E} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-08-05 23:57:01 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.343.2295.0 Fonte da Atualização: Servidor do Microsoft Update Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.18400.4 Código de Erro: 0x8007043c Descrição do Erro: Não é possível compartilhar este serviço no modo de segurança Date: 2021-08-05 23:47:00 Description: O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou. Recurso: Em Tempo de Acesso Código do Erro: 0x8007043c Descrição do erro: Não é possível compartilhar este serviço no modo de segurança Motivo: A inteligência de segurança antimalware parou de funcionar por um motivo desconhecido. Em alguns casos, reiniciar o serviço pode resolver o problema. CodeIntegrity: =============== Date: 2021-08-10 20:25:55 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-08-10 15:15:52 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Informações da Memória =========================== BIOS: American Megatrends Inc. 0402 06/17/2015 placa-mãe: ASUSTeK COMPUTER INC. H81M-CS/BR Processador: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz Percentagem de memória em uso: 24% RAM física total: 16322.43 MB RAM física disponível: 12253.92 MB Virtual Total: 24514.43 MB Virtual disponível: 19051.89 MB ==================== Drives ================================ Drive () (Fixed) (Total:111.13 GB) (Free:41.39 GB) NTFS Drive d: (SSD NEW) (Fixed) (Total:447.01 GB) (Free:156.61 GB) NTFS Drive e: (320) (Fixed) (Total:298.09 GB) (Free:39.89 GB) NTFS Drive f: (DOWNLOAD) (Fixed) (Total:97.66 GB) (Free:33.46 GB) NTFS Drive g: (Steam) (Fixed) (Total:367.55 GB) (Free:215.86 GB) NTFS \\?\Volume{80abeef2-22aa-420b-ac6b-997d38761aa8}\ () (Fixed) (Total:0.55 GB) (Free:0.08 GB) NTFS \\?\Volume{00f9582c-9ce0-442d-b1e1-c3a5b5062b4c}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 447.1 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 2 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 00097AAE) Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS) ========================================================== Disk: 3 (Size: 465.8 GB) (Disk ID: 445173F0) Partition: GPT. ==================== Fim de Addition.txt =======================
  5. FRST.TXT Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 08-08-2021 Executado por brujox (administrador) em DESKTOP-QEKIPH9 (ASUS All Series) (10-08-2021 20:24:04) Executando a partir de C:\Users\brujo\OneDrive\Área de Trabalho Perfis Carregados: brujox Platform: Windows 10 Pro Versão 20H2 19042.1110 (X64) Idioma: Português (Brasil) Navegador padrão: FF Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\brujo\AppData\Local\Microsoft\OneDrive\21.139.0711.0001\FileCoAuth.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-Windows-servicingstack_31bf3856ad364e35_10.0.19041.1081_none_7e3d47227c694b34\TiWorker.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Valve -> Valve Corporation) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve -> Valve Corporation) D:\Steam\Steam.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Pixart Imaging Inc) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [165928 2021-06-27] (ESET, spol. s r.o. -> ESET) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Run: [Discord] => C:\Users\brujo\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Run: [Steam] => D:\Steam\Steam.exe [4273896 2021-08-09] (Valve -> Valve Corporation) HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Run: [Snap Camera] => C:\Program Files\Snap Inc\Snap Camera\Snap Camera.exe [60299480 2021-07-26] (Snapchat Inc. (Snap Inc.) -> Snap Inc) HKU\S-1-5-21-3185714078-54240054-2241748334-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35062912 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-06] (Google LLC -> Google LLC) BootExecute: autocheck autochk * sdnclean64.exe ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {104BE413-AF8F-4A34-A848-DE263CB41B79} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {198A53D4-2702-4617-9391-71B1523D893C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [29136000 2021-07-16] (Piriform Software Ltd -> Piriform Software Ltd) Task: {1B4DC01E-0763-4E69-B834-EA78CB28D02B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {39483EA5-C824-4F7D-AD57-602824E7453B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {5015B864-CE24-4248-899A-540577D7E051} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {59C3EE15-55A2-4CC3-B8E4-0A0AAA50577F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) Task: {6CEE7037-786E-460E-A28D-E631F726AB50} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139112 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {81603CF9-7BCD-4397-93E3-CD1600C5182E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [681400 2021-07-21] (Mozilla Corporation -> Mozilla Foundation) Task: {8528BACD-6646-40CB-B9DF-E88349677C73} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5722536 2021-08-06] (Microsoft Corporation -> Microsoft Corporation) Task: {A3D24989-44BA-400B-B7D9-F76735BA477D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {E1C46254-C45B-4786-BFD3-B59D8CB9F330} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-07-16] (Piriform Software Ltd -> Piriform) Task: {E362F057-714B-4355-AE3C-B7D1336BE615} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23252888 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe Task: C:\Windows\Tasks\EOSv3 Scheduler onTime.job => C:\Users\brujo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: O arquivo Hosts não foi detectado no seu diretório padrão Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{1c9f7d1c-8043-42be-a767-1d9c3ec1ed16}: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF DefaultProfile: swqwjg68.default FF ProfilePath: C:\Users\brujo\AppData\Roaming\Mozilla\Firefox\Profiles\swqwjg68.default [2021-08-06] FF ProfilePath: C:\Users\brujo\AppData\Roaming\Mozilla\Firefox\Profiles\15xrm1is.default-release [2021-08-10] FF Homepage: Mozilla\Firefox\Profiles\15xrm1is.default-release -> about:blank FF Session Restore: Mozilla\Firefox\Profiles\15xrm1is.default-release -> está habilitado. FF Notifications: Mozilla\Firefox\Profiles\15xrm1is.default-release -> hxxps://web.telegram.org FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2021-08-10] Chrome: ======= CHR Profile: C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default [2021-08-09] CHR Session Restore: Default -> está habilitado. CHR Extension: (Apresentações) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-09-21] CHR Extension: (Documentos) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-09-21] CHR Extension: (Google Drive) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-19] CHR Extension: (YouTube) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-09-21] CHR Extension: (Planilhas) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-09-21] CHR Extension: (Documentos Google off-line) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-01] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-24] CHR Extension: (Gmail) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-19] CHR Extension: (Chrome Media Router) - C:\Users\brujo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-30] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9142136 2021-07-30] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [821376 2020-08-23] (EasyAntiCheat Oy -> Epic Games, Inc) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [3079464 2021-06-27] (ESET, spol. s r.o. -> ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [3079464 2021-06-27] (ESET, spol. s r.o. -> ESET) S4 Origin Client Service; D:\Origin\OriginClientService.exe [2556048 2021-07-30] (Electronic Arts, Inc. -> Electronic Arts) S4 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3474584 2021-07-30] (Electronic Arts, Inc. -> Electronic Arts) S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13946200 2021-08-05] (ADLICE (ASCOET JULIEN) -> ) S4 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1934744 2021-06-27] (Rockstar Games, Inc. -> Rockstar Games) S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-15] (Microsoft Windows Publisher -> Microsoft Corporation) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13147152 2020-08-19] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) S4 TwitchService; C:\Program Files\Common Files\Twitch\TwitchService.exe [334208 2020-10-21] (Twitch Interactive, Inc. -> ) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-07-23] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-07-23] (Microsoft Windows Publisher -> Microsoft Corporation) S4 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5d5c294bb8d17217\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> ) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169368 2021-06-25] (ESET, spol. s r.o. -> ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15824 2021-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [194728 2021-06-25] (ESET, spol. s r.o. -> ESET) R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [107408 2021-06-25] (ESET, spol. s r.o. -> ESET) R3 SnapCameraVirtualDevice; C:\Windows\System32\drivers\SnapCameraVirtualDevice.sys [2800232 2020-10-12] (Snap Inc. -> Windows (R) Win 7 DDK provider) S0 Spybot3ELAM; C:\Windows\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2012-12-19] (Microsoft Windows Hardware Compatibility Publisher -> ) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [49568 2021-07-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [434424 2021-07-23] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [78072 2021-07-23] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-08-10 20:23 - 2021-08-10 20:24 - 000000000 ____D C:\FRST 2021-08-10 20:23 - 2021-08-10 20:23 - 000000000 ___HD C:\$WinREAgent 2021-08-06 21:13 - 2021-08-10 15:17 - 000000000 ____D C:\Program Files\CCleaner 2021-08-06 21:13 - 2021-08-06 21:13 - 036246064 _____ (Piriform Software Ltd) C:\Users\brujo\Downloads\ccsetup583.exe 2021-08-06 21:13 - 2021-08-06 21:13 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update 2021-08-06 21:13 - 2021-08-06 21:13 - 000002890 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC 2021-08-06 21:13 - 2021-08-06 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2021-08-06 20:21 - 2021-08-06 20:21 - 000000000 ____D C:\Users\brujo\AppData\Local\TaskManClient 2021-08-06 20:21 - 2021-08-06 20:21 - 000000000 ____D C:\Users\brujo\AppData\Local\Back4BloodBeta 2021-08-06 17:01 - 2021-08-06 17:01 - 000000000 ____D C:\Users\brujo\AppData\Local\Safer-Networking Ltd 2021-08-06 16:20 - 2021-08-06 16:20 - 000000000 ____D C:\Windows\system32\Tasks\Safer-Networking 2021-08-06 16:19 - 2021-08-06 21:19 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2021-08-06 16:19 - 2021-08-06 17:01 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2021-08-06 16:19 - 2021-08-06 16:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2021-08-06 16:19 - 2021-08-06 16:19 - 000001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2021-08-06 16:19 - 2019-06-21 08:34 - 000019904 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\Spybot3ELAM.sys 2021-08-06 16:19 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe 2021-08-06 16:17 - 2021-08-06 16:18 - 069300040 _____ (Safer-Networking Ltd. ) C:\Users\brujo\Downloads\spybotsd-2.8.68.0.exe 2021-08-06 14:58 - 2021-08-10 04:42 - 000000000 ____D C:\Users\brujo\AppData\Roaming\ZHP 2021-08-06 14:58 - 2021-08-06 14:58 - 000000000 ____D C:\Users\brujo\AppData\Local\ZHP 2021-08-06 12:04 - 2021-08-06 12:04 - 002822255 _____ C:\Users\brujo\Downloads\ZHPCleaner.zip 2021-08-06 11:24 - 2021-08-06 11:24 - 008553680 _____ (Malwarebytes) C:\Users\brujo\Downloads\AdwCleaner (2).exe 2021-08-06 11:17 - 2021-08-06 11:17 - 000057449 _____ C:\Windows\system32\NOTICE_mod 2021-08-06 11:17 - 2021-08-06 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2021-08-06 11:17 - 2021-08-06 11:17 - 000000000 ____D C:\ProgramData\ESET 2021-08-06 11:17 - 2021-08-06 11:17 - 000000000 ____D C:\Program Files\ESET 2021-08-06 11:09 - 2021-08-06 11:09 - 008703024 _____ (ESET) C:\Users\brujo\Downloads\eset_nod32_antivirus_live_installer.exe 2021-08-06 10:54 - 2021-08-06 11:07 - 000000000 ____D C:\ProgramData\RogueKiller 2021-08-06 10:54 - 2021-08-06 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2021-08-06 10:54 - 2021-08-06 10:54 - 000000000 ____D C:\Program Files\RogueKiller 2021-08-06 10:50 - 2021-08-06 10:50 - 041875792 _____ (Adlice Software ) C:\Users\brujo\Downloads\RogueKiller_setup.exe 2021-08-06 10:42 - 2021-08-06 10:42 - 000000342 _____ C:\Windows\Tasks\EOSv3 Scheduler onTime.job 2021-08-06 10:42 - 2021-08-06 10:42 - 000000342 _____ C:\Windows\Tasks\EOSv3 Scheduler onLogOn.job 2021-08-06 10:30 - 2021-08-06 15:41 - 000001378 _____ C:\Users\brujo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-08-06 10:30 - 2021-08-06 10:30 - 000000000 ____D C:\Users\brujo\AppData\Local\ESET 2021-08-06 10:29 - 2021-08-06 10:29 - 011697056 _____ (ESET) C:\Users\brujo\Downloads\esetonlinescanner.exe 2021-08-06 00:14 - 2021-08-06 00:14 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-08-06 00:14 - 2021-08-06 00:14 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-08-06 00:14 - 2021-08-06 00:14 - 000000000 ____D C:\Users\brujo\AppData\Roaming\Mozilla 2021-08-06 00:14 - 2021-08-06 00:14 - 000000000 ____D C:\Users\brujo\AppData\Local\Mozilla 2021-08-06 00:13 - 2021-08-06 00:14 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-08-06 00:13 - 2021-08-06 00:13 - 000333024 _____ (Mozilla) C:\Users\brujo\Downloads\Firefox Installer.exe 2021-08-06 00:10 - 2021-08-06 00:10 - 000002317 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-08-06 00:10 - 2021-08-06 00:10 - 000000000 ____D C:\Program Files\Google 2021-08-06 00:09 - 2021-08-06 00:09 - 001342296 _____ (Google LLC) C:\Users\brujo\Downloads\ChromeSetup.exe 2021-08-05 23:54 - 2021-08-05 23:55 - 000000000 ____D C:\AdwCleaner 2021-08-05 23:54 - 2021-08-05 23:54 - 008553680 _____ (Malwarebytes) C:\Users\brujo\Downloads\AdwCleaner.exe 2021-08-05 20:58 - 2021-08-05 20:58 - 000000000 ____D C:\Windows\pss 2021-08-05 20:50 - 2021-08-05 20:50 - 000000000 ____D C:\Users\brujo\AppData\Local\VS Revo Group 2021-08-05 20:50 - 2021-08-05 20:50 - 000000000 ____D C:\ProgramData\VS Revo Group 2021-08-05 20:50 - 2021-08-05 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2021-08-05 20:50 - 2021-08-05 20:50 - 000000000 ____D C:\Program Files\VS Revo Group 2021-08-05 20:50 - 2016-12-21 14:52 - 000040240 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2021-08-05 20:37 - 2021-08-05 20:37 - 000000000 ____D C:\Windows\system32\Drivers\etc\BACKUP 2021-08-05 20:37 - 2021-08-05 20:37 - 000000000 ____D C:\Users\brujo\AppData\Local\mbamtray 2021-08-05 19:59 - 2021-08-05 19:59 - 000000000 ___HD C:\$SysReset 2021-08-05 10:52 - 2021-08-05 10:52 - 000000000 ____D C:\Users\brujo\.android 2021-08-04 23:52 - 2021-08-04 23:52 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2021-08-03 21:48 - 2021-08-03 21:49 - 000000000 ____D C:\Users\brujo\OneDrive\Documentos\Battlefield V 2021-08-03 21:48 - 2021-08-03 21:48 - 000000000 ____D C:\Users\brujo\AppData\Local\Battlefield V 2021-08-03 07:42 - 2021-08-03 07:42 - 000000000 ___HD C:\Program Files\Common Files\EAInstaller 2021-08-01 22:04 - 2021-08-01 22:04 - 000000000 ____D C:\Windows\system32\lxss 2021-08-01 22:04 - 2021-08-01 22:04 - 000000000 ____D C:\Windows\LastGood.Tmp 2021-08-01 21:45 - 2021-07-13 14:07 - 001858664 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 2021-08-01 21:45 - 2021-07-13 14:07 - 001858664 _____ C:\Windows\system32\vulkaninfo.exe 2021-08-01 21:45 - 2021-07-13 14:07 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2021-08-01 21:45 - 2021-07-13 14:07 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2021-08-01 21:45 - 2021-07-13 14:07 - 001097856 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2021-08-01 21:45 - 2021-07-13 14:07 - 001097856 _____ C:\Windows\system32\vulkan-1.dll 2021-08-01 21:45 - 2021-07-13 14:07 - 000951936 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2021-08-01 21:45 - 2021-07-13 14:07 - 000951936 _____ C:\Windows\SysWOW64\vulkan-1.dll 2021-08-01 21:45 - 2021-07-13 14:06 - 001474704 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2021-08-01 21:45 - 2021-07-13 14:06 - 001212560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2021-08-01 21:45 - 2021-07-13 14:02 - 001520776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2021-08-01 21:45 - 2021-07-13 14:02 - 000716912 _____ C:\Windows\system32\nvofapi64.dll 2021-08-01 21:45 - 2021-07-13 14:02 - 000676480 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2021-08-01 21:45 - 2021-07-13 14:02 - 000645232 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll 2021-08-01 21:45 - 2021-07-13 14:02 - 000577152 _____ C:\Windows\SysWOW64\nvofapi.dll 2021-08-01 21:45 - 2021-07-13 14:02 - 000564352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2021-08-01 21:45 - 2021-07-13 14:01 - 002112128 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2021-08-01 21:45 - 2021-07-13 14:01 - 001595520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2021-08-01 21:45 - 2021-07-13 14:01 - 001171072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2021-08-01 21:45 - 2021-07-13 14:01 - 000706176 _____ (NVIDIA Corporation) C:\Windows\system32\NVIDIA-smi.exe 2021-08-01 21:45 - 2021-07-13 14:00 - 008854144 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2021-08-01 21:45 - 2021-07-13 14:00 - 007920768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2021-08-01 21:45 - 2021-07-13 14:00 - 005680760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2021-08-01 21:45 - 2021-07-13 14:00 - 004987520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2021-08-01 21:45 - 2021-07-13 14:00 - 002925696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2021-08-01 21:45 - 2021-07-13 14:00 - 000447104 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe 2021-08-01 21:45 - 2021-07-13 13:59 - 000849008 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe 2021-08-01 21:45 - 2021-07-13 13:57 - 006215792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2021-08-01 21:45 - 2021-07-12 08:32 - 000083062 _____ C:\Windows\system32\nvinfo.pb 2021-08-01 16:18 - 2021-08-01 16:18 - 000000000 ____D C:\Users\brujo\OneDrive\Documentos\Battlefield 1 2021-07-31 00:05 - 2021-07-31 00:05 - 000000000 ___HD C:\Program Files\Common FilesEAInstaller 2021-07-31 00:05 - 2021-07-31 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1 2021-07-30 21:46 - 2021-08-01 16:17 - 000000000 ____D C:\Program Files (x86)\Origin Games 2021-07-30 21:46 - 2021-07-31 04:00 - 000000000 ____D C:\ProgramData\Electronic Arts 2021-07-30 21:46 - 2021-07-30 21:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2021-07-30 21:44 - 2021-08-05 03:04 - 000000000 ____D C:\Users\brujo\AppData\Roaming\Origin 2021-07-30 21:44 - 2021-08-05 03:04 - 000000000 ____D C:\ProgramData\Origin 2021-07-30 21:44 - 2021-08-02 21:47 - 000000000 ____D C:\Users\brujo\AppData\Local\Origin 2021-07-30 21:44 - 2021-07-30 21:44 - 000000000 ____D C:\Users\brujo\.QtWebEngineProcess 2021-07-30 21:44 - 2021-07-30 21:44 - 000000000 ____D C:\Users\brujo\.Origin 2021-07-25 00:50 - 2021-07-25 00:50 - 000000000 ____D C:\Users\brujo\OneDrive\Documentos\Wastelands-Interactive 2021-07-25 00:50 - 2021-07-25 00:50 - 000000000 ____D C:\Users\brujo\AppData\LocalLow\Wastelands Interactive 2021-07-23 19:46 - 2021-07-23 19:46 - 000000000 ____D C:\Users\brujo\AppData\Local\GameAnalytics 2021-07-23 19:45 - 2021-07-23 19:45 - 000000000 ____D C:\Users\brujo\AppData\Local\Robot Entertainment 2021-07-18 00:08 - 2021-07-18 00:08 - 000000000 ____D C:\Users\brujo\AppData\Local\Strange Brigade 2021-07-15 15:14 - 2021-07-15 15:14 - 001823280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2021-07-15 15:14 - 2021-07-15 15:14 - 000011357 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-07-15 15:14 - 2021-07-15 15:14 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb 2021-07-15 15:14 - 2021-07-15 15:14 - 000007680 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb 2021-07-15 15:14 - 2021-07-15 15:14 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendezvousSession.tlb 2021-07-15 15:14 - 2021-07-15 15:14 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\rendezvousSession.tlb 2021-07-15 03:13 - 2021-06-03 10:56 - 000043408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\NvModuleTracker.sys 2021-07-13 00:16 - 2021-07-13 00:28 - 000000000 ____D C:\Users\brujo\AppData\Local\STREAMGAMES 2021-07-12 20:39 - 2021-07-13 00:11 - 000000000 ____D C:\Users\brujo\AppData\LocalLow\Behold Studios ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-08-10 20:23 - 2020-08-22 21:39 - 000000000 ____D C:\Users\brujo\AppData\LocalLow\Mozilla 2021-08-10 15:39 - 2020-08-22 21:39 - 000000000 ____D C:\Users\brujo\AppData\Roaming\discord 2021-08-10 15:17 - 2020-08-22 21:39 - 000000000 ____D C:\ProgramData\Mozilla 2021-08-10 15:16 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness 2021-08-10 15:15 - 2020-08-22 21:24 - 000000000 ____D C:\Users\brujo 2021-08-10 15:15 - 2020-08-22 21:19 - 000008192 ___SH C:\DumpStack.log.tmp 2021-08-10 15:15 - 2020-08-22 21:19 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-08-10 15:15 - 2020-08-22 21:19 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-08-10 15:15 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-10 12:05 - 2020-08-22 21:39 - 000000000 ____D C:\Users\brujo\AppData\Local\Discord 2021-08-10 05:26 - 2020-08-22 21:34 - 000000000 ____D C:\Users\brujo\AppData\Local\Packages 2021-08-10 05:26 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-08-10 05:02 - 2020-08-23 03:00 - 000000000 ____D C:\Users\brujo\AppData\Roaming\obs-studio 2021-08-10 03:56 - 2020-08-23 04:04 - 000000000 ____D C:\Users\brujo\AppData\Roaming\Leppsoft 2021-08-10 02:34 - 2020-09-07 04:15 - 000000000 ____D C:\Users\brujo\AppData\Local\FiveM 2021-08-09 18:49 - 2020-08-25 21:48 - 000000000 ____D C:\Users\brujo\AppData\Roaming\TS3Client 2021-08-09 01:52 - 2020-08-22 22:28 - 000000000 ____D C:\ProgramData\NVIDIA 2021-08-06 21:43 - 2020-08-23 00:00 - 000000000 ____D C:\Users\brujo\AppData\Local\D3DSCache 2021-08-06 21:34 - 2020-08-22 21:28 - 001741824 _____ C:\Windows\system32\PerfStringBackup.INI 2021-08-06 21:34 - 2019-12-07 11:54 - 000752436 _____ C:\Windows\system32\prfh0416.dat 2021-08-06 21:34 - 2019-12-07 11:54 - 000148550 _____ C:\Windows\system32\prfc0416.dat 2021-08-06 21:34 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF 2021-08-06 21:26 - 2019-12-07 06:03 - 000524288 _____ C:\Windows\system32\config\BBI 2021-08-06 21:20 - 2020-09-21 12:44 - 000000000 ____D C:\Program Files (x86)\Google 2021-08-06 21:19 - 2020-08-22 21:35 - 000000000 ___RD C:\Users\brujo\OneDrive 2021-08-06 21:18 - 2020-09-02 02:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-08-06 20:57 - 2020-08-30 17:26 - 000000000 ____D C:\Users\brujo\AppData\Roaming\EasyAntiCheat 2021-08-06 11:18 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2021-08-06 11:09 - 2020-10-25 11:49 - 000000000 ____D C:\Program Files\Microsoft Office 2021-08-06 11:02 - 2020-10-07 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher 2021-08-06 10:38 - 2020-10-01 03:10 - 000000000 ____D C:\Users\brujo\AppData\Roaming\uTorrent 2021-08-06 00:44 - 2020-08-22 21:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-08-05 23:30 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\LiveKernelReports 2021-08-05 20:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\registration 2021-08-03 21:49 - 2020-08-22 23:38 - 000000000 ____D C:\Users\brujo\AppData\Local\NVIDIA Corporation 2021-08-02 23:47 - 2020-09-13 03:36 - 000000000 ____D C:\Users\brujo\AppData\Local\ElevatedDiagnostics 2021-08-01 22:06 - 2020-09-06 22:30 - 000000000 ____D C:\Users\brujo\AppData\Local\NVIDIA 2021-08-01 22:04 - 2020-08-22 21:30 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation 2021-08-01 21:46 - 2020-08-22 21:30 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2021-07-30 19:58 - 2020-10-27 17:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snap Inc 2021-07-30 19:58 - 2020-10-27 17:04 - 000000000 ____D C:\Program Files\Snap Inc 2021-07-30 19:25 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-07-30 19:18 - 2020-08-22 21:24 - 000002385 _____ C:\Users\brujo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-07-23 19:45 - 2020-08-30 17:26 - 000000000 ____D C:\Users\brujo\AppData\Local\UnrealEngine 2021-07-23 16:29 - 2020-08-22 21:19 - 000000000 ____D C:\Windows\system32\Drivers\wd 2021-07-19 23:01 - 2020-08-23 00:00 - 000000000 ____D C:\Users\brujo\AppData\Roaming\CitizenFX 2021-07-19 20:07 - 2020-08-30 20:29 - 000000000 ____D C:\Users\brujo\AppData\Local\CrashDumps 2021-07-19 19:45 - 2020-08-22 21:19 - 000290552 _____ C:\Windows\system32\FNTCACHE.DAT 2021-07-19 19:44 - 2020-06-20 14:27 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-07-19 19:44 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources 2021-07-19 19:44 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2021-07-19 19:44 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr 2021-07-19 19:44 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-07-15 15:15 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp 2021-07-15 15:10 - 2020-08-22 22:04 - 000000000 ____D C:\Windows\system32\MRT 2021-07-15 15:08 - 2020-08-22 22:04 - 133422552 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-07-15 03:13 - 2020-08-22 22:28 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2021-07-15 03:13 - 2020-08-22 21:30 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2021-07-15 03:09 - 2020-11-11 23:14 - 000002120 _____ C:\Users\brujo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FiveM.lnk 2021-07-13 14:01 - 2020-08-22 22:22 - 000919168 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2021-07-13 14:01 - 2020-08-22 21:29 - 000750208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2021-07-13 13:57 - 2020-08-22 21:29 - 007280312 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2021-07-12 20:07 - 2020-11-20 15:03 - 000000000 ____D C:\Users\brujo\OneDrive\Documentos\My Games 2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup 2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe 2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism 2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\Provisioning 2021-07-12 05:01 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions ==================== Arquivos na raiz de alguns diretórios ======== 2020-11-05 20:32 - 2020-11-05 20:32 - 000000000 _____ () C:\Program Files\Blade Group 2020-12-01 18:32 - 2020-12-01 18:32 - 000000015 _____ () C:\Users\brujo\AppData\Roaming\obs-virtualcam.txt 2020-08-22 23:34 - 2020-08-22 23:34 - 000000017 _____ () C:\Users\brujo\AppData\Local\resmon.resmoncfg 2020-08-25 22:20 - 2020-08-25 22:20 - 000000003 _____ () C:\Users\brujo\AppData\Local\updater.log 2020-08-25 22:20 - 2020-08-25 22:20 - 000000424 _____ () C:\Users\brujo\AppData\Local\UserProducts.xml ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ========================
  6. Segue o pedido... Só lembrando que no sábado eu desativei tudo iniciar (msconfig) e digamos que "hibernou" a praga. Até hoje não se manifestou. ZHPCleaner (R).txt AdwCleaner[C04].txt
  7. Torrent já está desinstalado... E realizei o procedimento do Chrome apesar que sempre deixo desativado pois uso mais o Firefox.
  8. Saudações! Acompanho o fórum anos mas nunca parei para fazer conta. rs Enfim vamos lá... Ontem surgiu essa dor de cabeça (coincidência ou não foi depois de ter instalado o Tenorshare 4uKey for Android) e do nada Firefox fica piscando e abrindo diversas janelas e quando fecha, abre mais ainda. E do nada dá uma pausa, você tenta pesquisar algo, ele fecha a aba. Desinstalei o Firefox, passou pro Chrome... Verificado e nada de extensões em ambos navegadores e nem modificação no atalho. Passei Malwarebtyes programinha que sempre gostei e foi eficiente e nada. Tanto em modo de segurança quanto normal. Em modo de segurança, passei Eset nod32 e roguekiller e identificou algo e pelo visto hoje (6-8) até agora nada. Só estranho é desktop papel de parede preto e quando fica selecionado alguma área, mostra o papel de parede. Segue logs do ZHP e AdwCleaner.Fico no aguardo para se realmente está ok ou algo a mais a fazer ZHPCleaner (R).txt AdwCleaner[C03] 6-8.txt EDIT: Só foi eu terminar de postar que voltou. Fechou a aba e depois abriu 10 janelas do Firefox.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Ebook grátis: Aprenda a ler resistores e capacitores!

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!