Ir ao conteúdo
  • Comunicados

    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.

imrion

Membros Juniores
  • Total de itens

    17
  • Registro em

  • Última visita

  • Qualificações

    N/D
  1. como eu dou o post como resolvido @Elias Pereira ?
  2. @Elias Pereira eu habilitei o windows update e deixei fazer todas as atualizações, depois disso parece que parou com o problema... De segunda até hoje não aconteceu nada estranho.... vou dar como caso resolvido, caso tenha algum problema novamente eu abro um novo tópico... obrigado por tudo, fica em paz
  3. @Elias Pereira Deixei o computador ligado essa madrugada e de manhã o gerenciador de tarefas tava lotado de "console window host" sendo executado Mandei um pequeno vídeo pra você ver a quantidade imensa de processos 2018-04-08 09-27-26.rar
  4. @Elias Pereira Querido, vou esperar uns dias usando diariamente.... Se tudo tiver OK reportarei como caso resolvido
  5. @Elias Pereira Segue o Log Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14.03.2018 Executado por User (05-04-2018 22:52:55) Run:1 Executando a partir de C:\Users\User\Desktop Perfis Carregados: User (Perfis Disponíveis: User) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri��o <==== ATEN��O GroupPolicy: Restri��o <==== ATEN��O GroupPolicy\User: Restri��o <==== ATEN��O FF Plugin HKU\S-1-5-21-80734308-2147152885-176964575-1001: @Legend Of Glory -> C:\Program Files (x86)\Legend Of Glory\plugin\npLegendOfGlory1.dll [Nenhum Arquivo] CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1453581122&z=a611cc38dec24b7e7594a91g6z2w8cewfb7gfgfo0o&from=amt&uid=st1000vm002-1ct162_s1g0q9zrxxxxs1g0q9zr Task: {01ACC2F7-7946-4E23-92F8-5FCE32837BEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd) Task: {07BC6475-212A-4555-B79B-C807145697D4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation) Task: {1014CBC2-A652-45B2-A68A-6472FED930F8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation) Task: {15C8FE1A-2C69-44CC-8EAF-AA633D49FABD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation) Task: {2717D1EC-494B-4DF1-9CA8-1A04D9AA25A0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Sys-User Sys => C:\Program Files\Microsoft Office\Office15\MsoSync.exe Task: {2BD8C28F-8DB1-4F03-8936-CECEE5AD783E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {3CF5D85D-1A47-4E0F-A7AC-A303944EC704} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {4ABA3D4F-79F0-4981-92FF-C5F9A6FF1075} - System32\Tasks\AdobeAAMUpdater-1.0-Sys-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated) Task: {4D61223B-931B-4CC3-A2D8-B69B8888F39F} - \WPD\SqmUpload_S-1-5-21-80734308-2147152885-176964575-1001 -> Nenhum Arquivo <==== ATEN��O Task: {531C2D54-B0C5-4C31-9CEA-39D15F1E24AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {5A66DC0E-BEEA-4079-A153-E26F7C240AF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {772F6D21-1A82-4B30-AF4A-375A34A4EEFB} - System32\Tasks\{9F734F1C-C0D7-40FF-93E2-26887791CCAA} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones Task: {7AC9A07F-C376-4B8C-B423-8FFAD5C5ACC6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation) Task: {7DF79074-572E-45DD-A043-86A2C5F5FD22} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-17] (Adobe Systems Incorporated) Task: {84174467-3F21-4797-A62C-E55B0984DB2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {8447482B-8D6C-44B2-A361-689DEE245FF6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {94800729-53A3-491A-98E6-9DB0CF88C8F6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation) Task: {9EF7221D-4DE0-451E-96D0-8F529170C20B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation) Task: {A3AE6A5B-34FD-4BB7-A170-DFA576FEDF76} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd) Task: {C9081567-FB96-4DB6-9E11-6AC4C91570B4} - System32\Tasks\Opera scheduled Autoupdate 1461083591 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software) Task: {DED08F9A-D2D6-4CF8-A853-3AC83037BE06} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-04-02] (Overwolf LTD) Task: {DFBD456B-8A2F-4CA5-B50B-8260CF672B4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-17] (Adobe Systems Incorporated) Task: {E090836F-AA3E-4F0C-B036-29E48E11842D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation) Task: {E58C358E-26DA-49D2-9D8C-DB4083EB5EA5} - System32\Tasks\{DC21E4A4-F6E7-4A9C-89C2-B2F384A347FD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe" -d C:\Windows\ImmersiveControlPanel Task: {E9D6D817-6798-417F-9756-A312CE916F08} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\XP Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] AlternateDataStreams: C:\ProgramData\Temp:890CC2F3 [123] AlternateDataStreams: C:\Users\Todos os Usu�rios\Temp:890CC2F3 [123] ShortcutWithArgument: C:\Users\User\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CipSoft GmbH\TibiaME.lnk -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.tibiame.com/?section=webclient&markup=xhtml "C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\2a04b4b2-3495824a" VirusTotal: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe VirusTotal: C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removido (a) com sucesso. C:\WINDOWS\system32\GroupPolicy\Machine => movido com sucesso C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido com sucesso C:\WINDOWS\system32\GroupPolicy\User => movido com sucesso "HKU\S-1-5-21-80734308-2147152885-176964575-1001\Software\MozillaPlugins\@Legend Of Glory" => removido (a) com sucesso. "C:\Program Files (x86)\Legend Of Glory\plugin\npLegendOfGlory1.dll" => não encontrado (a) "Chrome HomePage" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01ACC2F7-7946-4E23-92F8-5FCE32837BEB}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01ACC2F7-7946-4E23-92F8-5FCE32837BEB}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\CCleanerSkipUAC => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07BC6475-212A-4555-B79B-C807145697D4}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07BC6475-212A-4555-B79B-C807145697D4}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1014CBC2-A652-45B2-A68A-6472FED930F8}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1014CBC2-A652-45B2-A68A-6472FED930F8}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15C8FE1A-2C69-44CC-8EAF-AA633D49FABD}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15C8FE1A-2C69-44CC-8EAF-AA633D49FABD}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2717D1EC-494B-4DF1-9CA8-1A04D9AA25A0}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2717D1EC-494B-4DF1-9CA8-1A04D9AA25A0}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sys-User Sys => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Office 15 Sync Maintenance for Sys-User Sys" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BD8C28F-8DB1-4F03-8936-CECEE5AD783E}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BD8C28F-8DB1-4F03-8936-CECEE5AD783E}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3CF5D85D-1A47-4E0F-A7AC-A303944EC704}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CF5D85D-1A47-4E0F-A7AC-A303944EC704}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4ABA3D4F-79F0-4981-92FF-C5F9A6FF1075}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ABA3D4F-79F0-4981-92FF-C5F9A6FF1075}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Sys-User => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeAAMUpdater-1.0-Sys-User" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D61223B-931B-4CC3-A2D8-B69B8888F39F}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D61223B-931B-4CC3-A2D8-B69B8888F39F}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-80734308-2147152885-176964575-1001" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{531C2D54-B0C5-4C31-9CEA-39D15F1E24AE}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531C2D54-B0C5-4C31-9CEA-39D15F1E24AE}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A66DC0E-BEEA-4079-A153-E26F7C240AF6}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A66DC0E-BEEA-4079-A153-E26F7C240AF6}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{772F6D21-1A82-4B30-AF4A-375A34A4EEFB}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{772F6D21-1A82-4B30-AF4A-375A34A4EEFB}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\{9F734F1C-C0D7-40FF-93E2-26887791CCAA} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9F734F1C-C0D7-40FF-93E2-26887791CCAA}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7AC9A07F-C376-4B8C-B423-8FFAD5C5ACC6}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AC9A07F-C376-4B8C-B423-8FFAD5C5ACC6}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DF79074-572E-45DD-A043-86A2C5F5FD22}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DF79074-572E-45DD-A043-86A2C5F5FD22}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player PPAPI Notifier" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84174467-3F21-4797-A62C-E55B0984DB2B}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84174467-3F21-4797-A62C-E55B0984DB2B}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8447482B-8D6C-44B2-A361-689DEE245FF6}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8447482B-8D6C-44B2-A361-689DEE245FF6}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94800729-53A3-491A-98E6-9DB0CF88C8F6}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94800729-53A3-491A-98E6-9DB0CF88C8F6}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9EF7221D-4DE0-451E-96D0-8F529170C20B}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9EF7221D-4DE0-451E-96D0-8F529170C20B}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A3AE6A5B-34FD-4BB7-A170-DFA576FEDF76}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3AE6A5B-34FD-4BB7-A170-DFA576FEDF76}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\CCleaner Update => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C9081567-FB96-4DB6-9E11-6AC4C91570B4}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9081567-FB96-4DB6-9E11-6AC4C91570B4}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1461083591 => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1461083591" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DED08F9A-D2D6-4CF8-A853-3AC83037BE06}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DED08F9A-D2D6-4CF8-A853-3AC83037BE06}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Overwolf Updater Task => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Overwolf Updater Task" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFBD456B-8A2F-4CA5-B50B-8260CF672B4E}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFBD456B-8A2F-4CA5-B50B-8260CF672B4E}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E090836F-AA3E-4F0C-B036-29E48E11842D}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E090836F-AA3E-4F0C-B036-29E48E11842D}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E58C358E-26DA-49D2-9D8C-DB4083EB5EA5}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E58C358E-26DA-49D2-9D8C-DB4083EB5EA5}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\{DC21E4A4-F6E7-4A9C-89C2-B2F384A347FD} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DC21E4A4-F6E7-4A9C-89C2-B2F384A347FD}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E9D6D817-6798-417F-9756-A312CE916F08}" => removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D6D817-6798-417F-9756-A312CE916F08}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Download Codecs & Tools.lnk" => Não pode ser movido. "C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Talk about Codecs.lnk" => Não pode ser movido. "C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\XP Codec Pack homepage.lnk" => Não pode ser movido. C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso. C:\ProgramData\Temp => ":890CC2F3" ADS removido (a) com sucesso. "C:\Users\Todos os Usu�rios\Temp" => ":890CC2F3" ADS não encontrado (a). C:\Users\User\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso. C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CipSoft GmbH\TibiaME.lnk => Atalho argumento removido (a) com sucesso. VirusTotal: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe => https://www.virustotal.com/file/39c926526adb06ea4c75ac3b0cd77c0cf10b8da9fc0f44925541678e9f2cff73/analysis/1522948238/ VirusTotal: C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe => https://www.virustotal.com/file/5b778453ce94533251c01d60a8942350bed293aedc8995487f7334ea82749cde/analysis/1522904557/ ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. "HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. "HKU\S-1-5-21-80734308-2147152885-176964575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-80734308-2147152885-176964575-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 176479987 B Java, Flash, Steam htmlcache => 231299854 B Windows/system/drivers => 16502429 B Edge => 14336 B Chrome => 836857853 B Firefox => 43378449 B Opera => 1780736 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 59042 B NetworkService => 13871280 B User => 1672949287 B RecycleBin => 96812 B EmptyTemp: => 2.8 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 22:55:39 ====
  6. @Elias Pereira FRST.txt Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14.03.2018 Executado por User (administrador) em SYS (05-04-2018 02:47:31) Executando a partir de C:\Users\User\Desktop Perfis Carregados: User (Perfis Disponíveis: User) Platform: Windows 10 Pro Versão 1607 (X64) Idioma: Português (Brasil) Internet Explorer Versão 11 (Navegador padrão: Chrome) Modo da Inicialização: Normal Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe () C:\Windows\SysWOW64\PnkBstrA.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe (GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe (Google) C:\Users\User\AppData\Local\Google\Chrome\User Data\SwReporter\27.148.201\software_reporter_tool.exe (Google) C:\Users\User\AppData\Local\Google\Chrome\User Data\SwReporter\27.148.201\software_reporter_tool.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registro (Whitelisted) =========================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation) HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation) HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1519312 2017-06-25] (Highresolution Enterprises) HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [986648 2016-09-21] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3048256 2017-08-29] (Electronic Arts) HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd) HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [986648 2016-09-21] (BlueStack Systems, Inc.) HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1208648 2018-04-02] () HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [f.lux] => C:\Users\User\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC) HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\wtfast.exe [6903928 2018-02-21] (AAA Internet Publishing Inc.) GroupPolicy: Restrição <==== ATENÇÃO GroupPolicy\User: Restrição <==== ATENÇÃO ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{b6932cad-7427-4c9b-b298-dc3886e28834}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKU\S-1-5-21-80734308-2147152885-176964575-1001 -> {24E91212-E735-4C44-99DF-1818DCD47A92} URL = hxxps://br.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-03-13] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-03-13] (Oracle Corporation) Toolbar: HKLM - Sem Nome - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Nenhum Arquivo Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hefto18c.default [2018-04-04] FF HKLM\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-03-16] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi FF HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\cef\xpi FF Extension: (GBBD Caixa Economica Federal) - C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2015-01-16] [Legacy] [não assinado] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] () FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-03-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-03-13] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-03-23] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-03-23] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems) FF Plugin HKU\S-1-5-21-80734308-2147152885-176964575-1001: @Legend Of Glory -> C:\Program Files (x86)\Legend Of Glory\plugin\npLegendOfGlory1.dll [Nenhum Arquivo] FF Plugin HKU\S-1-5-21-80734308-2147152885-176964575-1001: gastecnologia.com.br/sf/cef -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll [2015-01-16] (GAS Tecnologia) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2018-04-05] Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1453581122&z=a611cc38dec24b7e7594a91g6z2w8cewfb7gfgfo0o&from=amt&uid=st1000vm002-1ct162_s1g0q9zrxxxxs1g0q9zr CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2018-04-05] CHR Extension: (Apresentações) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-16] CHR Extension: (Documentos) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-16] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-16] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-01-26] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Video Downloader professional) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-03-16] CHR Extension: (Google Apps Script) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoieeedlomnegifmaghhjnghhmcldobl [2015-11-25] CHR Extension: (Planilhas) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-16] CHR Extension: (Área de trabalho remota do Google Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-11-07] CHR Extension: (Documentos Google off-line) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-16] CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-03-10] CHR Extension: (YouTube Center) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajdnnooakmbbclhphfffkpafehdmgk [2016-01-05] CHR Extension: (Morpheon Dark) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2018-03-16] CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-03-16] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Baixar videos com FVD Video Downloader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nocpfkkbaekckhcoekockfbidpcjgkbd [2015-10-10] CHR Extension: (PDF Viewer) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oemmndcbldboiebfnladdacbdfmadadm [2018-03-28] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30] CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-28] CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk ==================== Serviços (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-20] () S4 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-09-21] (BlueStack Systems, Inc.) S4 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-09-21] (BlueStack Systems, Inc.) S4 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [466456 2016-09-21] (BlueStack Systems, Inc.) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe [71000 2018-03-06] (Google Inc.) S4 COMCdbService; C:\Program Files (x86)\Legendas-3.1\srvcdb.exe [1860784 2015-12-18] () S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [382504 2017-09-21] (EasyAntiCheat Ltd) S4 HiPatchService; E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2017-09-19] (Hi-Rez Studios) [Arquivo não assinado] S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-03-16] (AO Kaspersky Lab) S4 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab) S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.) S4 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation) S4 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519992 2018-01-10] (NVIDIA Corporation) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2168672 2017-08-29] (Electronic Arts) S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148128 2017-08-29] (Electronic Arts) S4 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1453384 2018-04-02] (Overwolf LTD) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-03-04] () S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [Arquivo não assinado] S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation) S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3022896 2013-09-26] (Samsung Electronics CO., LTD.) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1068376 2017-12-14] (GAS Tecnologia LTDA) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S4 WTFast.Service; C:\Program Files (x86)\WTFast\service\WTFast.Service.exe [102912 2018-02-21] () [Arquivo não assinado] S4 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 S4 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R0 799B2A0D; C:\WINDOWS\System32\drivers\799B2A0D.sys [478392 2018-03-21] (Kaspersky Lab ZAO) S3 andnetadb; C:\WINDOWS\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc) S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-09-21] (BlueStack Systems) S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-09-13] (Bluestack System Inc. ) R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab) R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-10-04] (Disc Soft Ltd) S3 EasyAntiCheatSys; C:\WINDOWS\system32\drivers\EasyAntiCheat.sys [830704 2018-03-07] (EasyAntiCheat Oy) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76200 2018-01-18] () S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [46136 2014-09-04] (LogMeIn Inc.) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab) R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [120008 2018-03-16] (AO Kaspersky Lab) R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab) R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207576 2018-03-16] (AO Kaspersky Lab) R1 KLHK; C:\WINDOWS\System32\drivers\klhk.sys [594144 2018-03-16] (AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1055944 2018-03-16] (AO Kaspersky Lab) R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-03-16] (AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab) S3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab) R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project) R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [231312 2018-03-16] (AO Kaspersky Lab) R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-03-17] (AO Kaspersky Lab) S3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [252600 2018-03-16] (AO Kaspersky Lab) R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [107656 2018-03-16] (AO Kaspersky Lab) R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [174664 2018-03-16] (AO Kaspersky Lab) S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-03-16] (AO Kaspersky Lab) R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [135904 2017-12-25] (AO Kaspersky Lab) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab) R1 legendasdrv; C:\WINDOWS\System32\drivers\legendasdrv.sys [59120 2015-12-04] (Windows (R) Win 7 DDK provider) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193248 2018-03-15] (Malwarebytes) S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [109800 2018-03-15] (Malwarebytes) S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [45960 2018-03-15] (Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-03-15] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [101600 2018-03-15] (Malwarebytes) R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys [17544792 2018-03-25] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31024 2018-01-10] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [59240 2017-12-14] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [58816 2018-03-23] (NVIDIA Corporation) S3 PAC7302; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.) U5 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.sys [93960 2018-04-02] (Sysinternals - www.sysinternals.com) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42064 2016-06-15] (Anchorfree Inc.) S3 tapwp01; C:\WINDOWS\system32\DRIVERS\tapwp01.sys [40664 2014-12-11] (The OpenVPN Project) S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation) S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [125008 2015-07-09] (Oracle Corporation) S3 vmcam325av; C:\WINDOWS\System32\Drivers\Vm323av64.sys [164864 2007-04-09] (Vimicro Corporation) S3 vvftav323; C:\WINDOWS\system32\drivers\vvftav323.sys [301824 2007-03-19] (Vimicro Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [28376 2018-04-05] (GAS Tecnologia) R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [47176 2016-06-21] (GAS Tecnologia) S1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [44624 2017-12-14] (GAS Tecnologia) R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [43608 2017-12-14] (GAS Tecnologia) R2 WtfEngineDrv; C:\WINDOWS\system32WtfEngineDrv.sys [40352 2016-12-16] (AAA Internet Publishing, Inc.) S3 xhunter1; C:\WINDOWS\xhunter1.sys [48656 2018-02-28] (Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um Mês Criados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2018-04-05 02:47 - 2018-04-05 02:48 - 000026818 _____ C:\Users\User\Desktop\FRST.txt 2018-04-05 02:46 - 2018-04-05 02:47 - 000000000 ____D C:\FRST 2018-04-04 23:30 - 2018-04-04 23:31 - 000000000 ____D C:\Users\User\Desktop\It (2017) [1080p] [YTS.AG] 2018-04-04 17:19 - 2018-04-04 17:19 - 002403328 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe 2018-04-04 12:55 - 2018-04-04 12:55 - 000532849 _____ C:\Users\User\Downloads\download (1).htm 2018-04-04 04:42 - 2018-04-04 04:50 - 000080472 _____ C:\TDSSKiller.2.8.16.0_04.04.2018_04.42.06_log.txt 2018-04-04 04:40 - 2018-04-04 04:40 - 000208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\12966589.sys 2018-04-04 04:39 - 2018-04-04 04:41 - 000007616 _____ C:\TDSSKiller.2.8.16.0_04.04.2018_04.39.59_log.txt 2018-04-04 02:11 - 2018-04-04 02:11 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\User\Desktop\tdsskiller.exe 2018-04-02 03:14 - 2018-04-02 12:17 - 000093960 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON24.SYS 2018-04-02 01:52 - 2018-04-02 01:52 - 001911256 _____ C:\Users\User\Downloads\Saturn.zip 2018-04-01 21:56 - 2018-04-02 12:20 - 000000000 ____D C:\Users\User\Desktop\organizar 2018-04-01 21:28 - 2018-04-01 21:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2018-04-01 21:28 - 2018-03-23 20:05 - 000138120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2018-04-01 21:28 - 2017-12-08 19:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2018-04-01 21:28 - 2017-12-08 19:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2018-04-01 21:28 - 2017-12-08 19:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll 2018-04-01 21:28 - 2017-12-08 19:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe 2018-04-01 21:27 - 2018-04-01 21:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation 2018-04-01 21:25 - 2018-03-25 13:15 - 000998424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2018-04-01 21:25 - 2018-03-25 13:15 - 000950016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2018-04-01 21:25 - 2018-03-25 13:15 - 000625504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2018-04-01 21:25 - 2018-03-25 13:15 - 000516024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2018-04-01 21:25 - 2018-03-25 13:14 - 004318112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2018-04-01 21:25 - 2018-03-25 13:14 - 003719096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2018-04-01 21:25 - 2018-03-25 13:14 - 001985112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439135.dll 2018-04-01 21:25 - 2018-03-25 13:14 - 001683712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439135.dll 2018-04-01 21:25 - 2018-03-25 13:14 - 001138720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2018-04-01 21:25 - 2018-03-25 13:14 - 001065888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2018-04-01 21:25 - 2018-03-25 13:14 - 000749312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2018-04-01 21:25 - 2018-03-25 13:14 - 000608344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2018-04-01 21:25 - 2018-03-25 13:13 - 040278608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2018-04-01 21:25 - 2018-03-25 13:13 - 035188992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2018-04-01 21:25 - 2018-03-25 13:10 - 013571520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2018-04-01 21:25 - 2018-03-25 13:10 - 011132384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2018-04-01 21:25 - 2018-03-25 13:09 - 019855144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2018-04-01 21:25 - 2018-03-25 13:09 - 016496776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2018-04-01 21:25 - 2018-03-25 13:09 - 001346128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2018-04-01 21:25 - 2018-03-25 13:09 - 001153744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2018-04-01 21:25 - 2018-03-25 13:09 - 001061352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2018-04-01 21:25 - 2018-03-25 13:09 - 000902096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2018-04-01 21:25 - 2018-03-25 13:09 - 000811808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2018-04-01 21:25 - 2018-03-25 13:09 - 000650232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2018-04-01 21:25 - 2018-03-25 13:08 - 012967056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2018-04-01 21:25 - 2018-03-25 13:08 - 011001504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2018-04-01 21:25 - 2018-03-25 13:08 - 003939624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2018-04-01 21:25 - 2018-03-23 22:19 - 000045600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2018-03-30 01:15 - 2018-03-30 01:15 - 000056396 _____ C:\Users\User\Downloads\radiohead-paranoid-android.gp3 2018-03-29 10:28 - 2018-03-29 10:28 - 005159584 _____ (Husdawg, LLC) C:\Users\User\Downloads\Detection.exe 2018-03-22 14:03 - 2018-03-22 14:03 - 352231948 _____ C:\Users\User\Downloads\Bootlog.pml 2018-03-21 14:38 - 2018-03-21 14:38 - 000478392 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\799B2A0D.sys 2018-03-21 14:38 - 2018-03-21 14:38 - 000000000 ____D C:\KVRT_Data 2018-03-21 14:25 - 2018-03-21 14:29 - 141909800 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\KVRT.exe 2018-03-21 03:05 - 2018-03-21 03:05 - 000021541 _____ C:\Users\User\Downloads\dexter.s05.e11.hop.a.freighter.(2010).pob.1cd.(5140595).zip 2018-03-20 21:21 - 2018-03-20 21:21 - 001521785 _____ C:\Users\User\Downloads\Ruiva Amorzinho.pdf.pdf 2018-03-20 11:37 - 2018-03-20 11:37 - 000010901 _____ C:\Users\User\Downloads\login.htm 2018-03-20 11:22 - 2018-03-20 11:22 - 017281886 _____ (COMADSOFT ) C:\Users\User\Downloads\medivia-2.3.0-windows-32bits.exe 2018-03-20 05:22 - 2018-03-20 05:33 - 000002362 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-03-18 16:08 - 2018-03-18 16:08 - 006201344 _____ C:\Users\User\Downloads\Aula-13-Punção-venosa1.ppt 2018-03-16 14:21 - 2018-04-03 01:16 - 000000000 ____D C:\Users\User\AppData\LocalLow\uTorrent 2018-03-16 14:18 - 2018-03-16 14:18 - 003114288 _____ (BitTorrent Inc.) C:\Users\User\Downloads\uTorrent.exe 2018-03-16 05:17 - 2018-03-17 10:07 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys 2018-03-16 05:09 - 2018-03-16 05:09 - 000252600 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys 2018-03-16 04:59 - 2018-03-16 04:59 - 000231312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys 2018-03-16 04:59 - 2018-03-16 04:59 - 000174664 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys 2018-03-16 04:59 - 2018-03-16 04:59 - 000107656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys 2018-03-16 04:59 - 2018-03-16 04:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2018-03-16 04:59 - 2018-03-16 04:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Free 2018-03-16 04:59 - 2013-05-06 08:13 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll 2018-03-16 04:58 - 2018-04-05 02:45 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab 2018-03-16 04:58 - 2018-04-05 02:45 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2018-03-16 04:58 - 2018-03-16 05:16 - 001055944 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys 2018-03-16 04:58 - 2018-03-16 04:59 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2018-03-16 04:58 - 2018-03-16 04:58 - 000594144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys 2018-03-16 04:58 - 2018-03-16 04:58 - 000207576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys 2018-03-16 04:58 - 2018-03-16 04:58 - 000149304 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll 2018-03-16 04:19 - 2018-03-16 04:21 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab Setup Files 2018-03-16 04:19 - 2018-03-16 04:21 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2018-03-16 04:19 - 2018-03-16 04:19 - 002377776 _____ (Kaspersky Lab) C:\Users\User\Downloads\kfa18.0.0.405abpt_13157.exe 2018-03-15 15:39 - 2018-03-16 13:17 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2018-03-15 15:38 - 2018-03-15 17:09 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller 2018-03-15 15:38 - 2018-03-15 17:09 - 000000000 ____D C:\ProgramData\RogueKiller 2018-03-15 12:55 - 2018-03-15 13:19 - 000000000 ____D C:\Users\User\AppData\Roaming\ZHP 2018-03-15 12:55 - 2018-03-15 12:55 - 000000000 ____D C:\Users\User\AppData\Local\ZHP 2018-03-15 12:50 - 2018-03-15 12:52 - 000000000 ____D C:\Users\TEMP.SYS 2018-03-15 12:50 - 2018-03-15 12:50 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-03-15 12:50 - 2018-03-15 12:50 - 000193248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-03-15 12:50 - 2018-03-15 12:50 - 000109800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-03-15 12:50 - 2018-03-15 12:50 - 000101600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-03-15 12:50 - 2018-03-15 12:50 - 000045960 ____N (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-03-15 12:39 - 2018-03-15 12:49 - 000000000 ____D C:\AdwCleaner 2018-03-14 13:31 - 2018-03-14 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-14 13:31 - 2018-01-18 09:03 - 000076200 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2018-03-14 13:30 - 2018-03-14 13:30 - 069445584 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4326.exe 2018-03-13 18:48 - 2018-03-13 18:48 - 000060724 _____ C:\Users\User\Downloads\cartao-de-visita.dotx 2018-03-13 15:50 - 2018-03-13 15:50 - 000026578 _____ C:\ZA-Scan.txt 2018-03-13 15:46 - 2018-03-13 15:46 - 001374720 _____ C:\Users\User\Downloads\ZA-Scan.exe 2018-03-13 15:46 - 2018-03-13 15:46 - 000000000 ____D C:\zoek_backup 2018-03-13 03:52 - 2018-03-13 03:52 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CipSoft GmbH 2018-03-13 03:43 - 2018-03-13 03:44 - 001861696 _____ (Oracle Corporation) C:\Users\User\Downloads\JavaSetup8u161.exe 2018-03-13 02:50 - 2018-03-13 02:50 - 000000000 ____D C:\Users\Todos os Usuários\EA Games 2018-03-13 02:50 - 2018-03-13 02:50 - 000000000 ____D C:\ProgramData\EA Games 2018-03-13 01:54 - 2018-03-13 01:54 - 005660059 _____ (Swearware) C:\Users\User\Downloads\combofix-17-5-4-1.exe 2018-03-13 01:20 - 2018-03-13 01:20 - 000000000 ____D C:\Users\User\Documents\EA Games 2018-03-13 01:19 - 2018-03-13 04:40 - 000000000 ____D C:\Users\Todos os Usuários\Media Center Programs 2018-03-13 01:19 - 2018-03-13 04:40 - 000000000 ____D C:\ProgramData\Media Center Programs 2018-03-13 01:19 - 2018-03-13 01:19 - 000000000 ___HD C:\WINDOWS\PIF 2018-03-13 01:17 - 2018-03-13 01:19 - 018886071 _____ C:\Users\User\Downloads\UOEnhancedSetup_4_0_10_1.exe 2018-03-13 00:20 - 2018-03-13 00:20 - 000284591 _____ C:\Users\User\Downloads\Gears.of.War.4-CODEX.torrent 2018-03-10 18:09 - 2018-03-10 18:09 - 000102170 _____ C:\Users\User\Downloads\download.htm 2018-03-10 14:28 - 2018-03-10 14:28 - 000003387 _____ C:\Users\User\Downloads\thom-yorke-cymbal_rush_intro.gp3 2018-03-08 12:17 - 2018-03-08 12:17 - 000131459 _____ C:\Users\User\Downloads\stay_classy_sldt.zip 2018-03-07 21:54 - 2018-03-07 21:54 - 000023275 _____ C:\Users\User\Downloads\DRAGON.BALL.FighterZ-FULL.UNLOCKED.torrent 2018-03-06 00:00 - 2018-03-06 00:00 - 000000000 ____D C:\Program Files\Malwarebytes ==================== Um Mês Modificados arquivos e pastas ======== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2018-04-05 02:45 - 2014-11-16 23:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-04-05 02:44 - 2017-08-08 15:53 - 000028376 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys 2018-04-05 02:44 - 2016-10-04 10:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-04-05 02:42 - 2016-07-16 03:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-04-05 02:29 - 2014-10-19 11:44 - 000000000 ____D C:\Users\User\AppData\Roaming\vlc 2018-04-05 02:17 - 2016-10-06 13:05 - 000000000 ____D C:\Users\User\.MemuHyperv 2018-04-05 02:00 - 2014-10-14 02:18 - 000000000 ____D C:\Users\User\AppData\Local\Adobe 2018-04-05 01:53 - 2016-10-04 10:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-04-04 21:40 - 2016-10-11 21:39 - 000000000 ____D C:\Program Files (x86)\Overwolf 2018-04-04 20:36 - 2014-11-14 15:40 - 000000000 ____D C:\Users\User\AppData\Roaming\Audacity 2018-04-04 17:12 - 2016-10-04 12:10 - 000005210 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Sys-User Sys 2018-04-04 16:13 - 2016-10-04 11:00 - 001864654 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-04-04 16:13 - 2016-07-16 20:10 - 000508246 _____ C:\WINDOWS\system32\prfh0416.dat 2018-04-04 16:13 - 2016-07-16 20:10 - 000185150 _____ C:\WINDOWS\system32\prfc0416.dat 2018-04-04 12:25 - 2014-10-03 18:32 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA 2018-04-04 12:25 - 2014-10-03 18:32 - 000000000 ____D C:\ProgramData\NVIDIA 2018-04-04 04:41 - 2016-10-05 12:58 - 000000000 ____D C:\Users\User\AppData\Local\CrashDumps 2018-04-04 01:40 - 2017-08-28 13:25 - 000000000 ____D C:\Users\User\AppData\LocalLow\Mozilla 2018-04-03 01:16 - 2014-10-03 19:46 - 000000000 ____D C:\Users\User\AppData\Roaming\uTorrent 2018-04-02 20:44 - 2014-10-04 11:50 - 000000000 ____D C:\Users\User\AppData\Roaming\DAEMON Tools Lite 2018-04-02 02:02 - 2016-10-04 12:00 - 000000000 ____D C:\Users\User\AppData\Local\NVIDIA 2018-04-02 00:31 - 2016-09-28 12:35 - 000000000 ____D C:\Users\User\AppData\Roaming\obs-studio 2018-04-01 21:46 - 2014-10-03 18:31 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2018-04-01 21:29 - 2016-10-04 12:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2018-04-01 21:29 - 2016-07-16 08:45 - 000000000 ____D C:\WINDOWS\INF 2018-04-01 21:28 - 2014-10-03 21:22 - 000000000 ____D C:\Users\User\AppData\Roaming\NVIDIA 2018-04-01 21:28 - 2014-10-03 18:31 - 000000000 ____D C:\Users\Todos os Usuários\NVIDIA Corporation 2018-04-01 21:28 - 2014-10-03 18:31 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2018-04-01 21:28 - 2014-10-03 18:31 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2018-04-01 21:09 - 2017-09-12 00:27 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-04-01 21:09 - 2017-09-12 00:27 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-04-01 21:09 - 2016-10-04 12:00 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-04-01 21:09 - 2016-10-04 12:00 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-04-01 21:09 - 2016-10-04 12:00 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-04-01 21:09 - 2016-10-04 12:00 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-04-01 21:09 - 2016-10-04 12:00 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-04-01 21:09 - 2016-10-04 12:00 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-04-01 18:27 - 2014-10-03 21:22 - 000000000 ____D C:\Users\User\AppData\Local\Battle.net 2018-04-01 18:05 - 2014-10-03 21:21 - 000000000 ____D C:\Program Files (x86)\Battle.net 2018-03-31 11:54 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-03-28 11:42 - 2014-10-03 15:03 - 000000000 ____D C:\Users\User\AppData\Local\Packages 2018-03-25 13:49 - 2014-10-03 15:06 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-03-25 13:08 - 2015-07-13 20:45 - 004633920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2018-03-23 22:19 - 2017-09-12 00:27 - 000058816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2018-03-23 22:19 - 2016-10-04 12:23 - 001682288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2018-03-23 22:19 - 2016-10-04 12:23 - 000226760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2018-03-23 22:19 - 2014-08-19 22:14 - 000048407 _____ C:\WINDOWS\system32\nvinfo.pb 2018-03-23 20:50 - 2016-10-04 12:00 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2018-03-23 20:02 - 2016-10-04 12:24 - 000633224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2018-03-23 20:02 - 2016-10-04 12:24 - 000083072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2018-03-23 20:02 - 2014-10-03 18:31 - 005952392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2018-03-23 20:02 - 2014-10-03 18:31 - 002596320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2018-03-23 20:02 - 2014-10-03 18:31 - 001767824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2018-03-23 20:02 - 2014-10-03 18:31 - 000451040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2018-03-23 20:02 - 2014-10-03 18:31 - 000123840 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2018-03-21 08:22 - 2014-10-03 18:31 - 008114212 _____ C:\WINDOWS\system32\nvcoproc.bin 2018-03-20 11:23 - 2016-11-11 13:17 - 000000000 ____D C:\Program Files (x86)\Medivia Online 2018-03-20 11:23 - 2016-05-19 03:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medivia Online 2018-03-20 05:35 - 2017-07-27 12:26 - 000003346 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-80734308-2147152885-176964575-1001 2018-03-20 05:24 - 2016-10-04 11:22 - 000000000 ___RD C:\Users\User\OneDrive 2018-03-18 20:20 - 2014-10-08 11:31 - 000000000 ____D C:\Users\User\AppData\Local\Warframe 2018-03-18 20:18 - 2014-10-03 15:18 - 000000000 ____D C:\Users\User\AppData\Roaming\Skype 2018-03-17 10:38 - 2016-10-04 10:57 - 000004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2018-03-17 10:38 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-03-17 10:38 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-03-16 05:16 - 2017-12-25 08:33 - 000120008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klbackupflt.sys 2018-03-16 05:16 - 2016-12-20 17:51 - 000093888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwfp.sys 2018-03-16 05:16 - 2016-10-12 12:29 - 000057032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys 2018-03-16 04:59 - 2015-12-03 11:39 - 000000000 ____D C:\Program Files\Common Files\AV 2018-03-16 04:58 - 2016-07-16 08:47 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2018-03-15 12:51 - 2014-10-03 23:16 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-03-15 12:49 - 2014-10-03 15:28 - 000000000 ____D C:\Users\Todos os Usuários\IObit 2018-03-15 12:49 - 2014-10-03 15:28 - 000000000 ____D C:\ProgramData\IObit 2018-03-15 03:29 - 2017-09-20 23:14 - 000000000 ____D C:\Users\User\AppData\Local\Deployment 2018-03-15 03:29 - 2016-08-16 04:42 - 000000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Level Up 2018-03-15 03:25 - 2016-10-29 16:04 - 000000000 ____D C:\download 2018-03-14 13:31 - 2014-11-23 08:11 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes 2018-03-14 13:31 - 2014-11-23 08:11 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-13 04:40 - 2016-07-16 08:47 - 000000000 ___HD C:\Program Files\WindowsApps 2018-03-13 03:59 - 2015-06-26 18:14 - 000000000 ____D C:\Users\User\AppData\Local\TibiaME 2018-03-13 03:51 - 2014-10-04 04:11 - 000000000 ____D C:\Users\Todos os Usuários\Oracle 2018-03-13 03:51 - 2014-10-04 04:11 - 000000000 ____D C:\ProgramData\Oracle 2018-03-13 03:50 - 2014-11-05 14:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-03-13 03:50 - 2014-11-05 14:45 - 000000000 ____D C:\Program Files (x86)\Java 2018-03-13 03:46 - 2014-11-05 14:45 - 000097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2018-03-13 02:30 - 2014-10-08 19:56 - 000000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics 2018-03-13 01:19 - 2015-02-11 14:07 - 000000000 ____D C:\Games 2018-03-13 00:38 - 2016-10-04 03:42 - 000000000 ____D C:\Users\User\AppData\Local\Tibia 2018-03-12 22:00 - 2016-07-16 08:47 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-03-08 13:54 - 2016-10-11 13:29 - 000000000 ____D C:\Users\User\AppData\Roaming\Curse Client 2018-03-07 22:56 - 2017-09-20 18:15 - 000000000 ____D C:\Users\User\AppData\Roaming\EasyAntiCheat 2018-03-07 22:56 - 2017-06-02 12:42 - 000830704 _____ (EasyAntiCheat Oy) C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys 2018-03-06 00:18 - 2017-08-01 22:04 - 000000000 ____D C:\Users\User\AppData\Roaming\TS3Client 2018-03-06 00:18 - 2017-01-23 15:58 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-03-06 00:18 - 2015-07-17 04:13 - 000000000 ____D C:\Users\User\AppData\Roaming\TeamViewer 2018-03-06 00:08 - 2016-10-04 11:50 - 000000000 ____D C:\WINDOWS\Minidump 2018-03-06 00:00 - 2018-03-05 23:59 - 068206640 _____ (Malwarebytes ) C:\Users\User\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.4210.exe ==================== Arquivos na raiz de alguns diretórios ======= 2016-11-07 20:24 - 2016-11-07 20:24 - 000000113 _____ () C:\Users\User\AppData\Roaming\D2Info0 2016-11-07 20:24 - 2016-11-07 20:46 - 000000008 _____ () C:\Users\User\AppData\Roaming\DofusAppId0_1 2016-10-27 19:27 - 2016-10-28 12:09 - 000000097 _____ () C:\Users\User\AppData\Roaming\LauncherSettings_live.cfg 2016-10-28 11:24 - 2016-10-28 11:59 - 000000042 _____ () C:\Users\User\AppData\Roaming\TheHunterSettings_steam_live.cfg 2014-10-19 23:43 - 2014-10-19 23:43 - 000000046 _____ () C:\Users\User\AppData\Roaming\WB.CFG 2016-05-07 22:54 - 2016-05-17 22:59 - 000000600 _____ () C:\Users\User\AppData\Local\PUTTY.RND 2016-09-29 17:54 - 2017-09-21 19:09 - 000007598 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg Alguns arquivos em TEMP: ==================== 2018-03-15 15:39 - 2016-07-16 08:42 - 001883784 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\dllnt_dump.dll 2010-09-01 13:39 - 2010-09-01 13:39 - 000106496 _____ (Microsoft Corporation) C:\Users\User\AppData\Local\Temp\GameuxInstallHelper.dll 2017-09-12 00:45 - 2017-08-21 19:33 - 000873136 _____ (NVIDIA Corporation) C:\Users\User\AppData\Local\Temp\nvSCPAPI64.dll 2018-04-01 21:25 - 2017-08-21 19:33 - 000368760 _____ (NVIDIA Corporation) C:\Users\User\AppData\Local\Temp\nvStInst.exe 2018-04-02 12:17 - 2018-04-02 12:17 - 001186440 ____H (Sysinternals - www.sysinternals.com) C:\Users\User\AppData\Local\Temp\Procmon64.exe 2017-07-05 23:03 - 2018-04-04 16:37 - 000492544 _____ () C:\Users\User\AppData\Local\Temp\s3.exe 2018-03-05 22:37 - 2018-03-05 22:38 - 030131144 _____ (Initex & AAA Internet Publishing ) C:\Users\User\AppData\Local\Temp\tmpE79C.exe ==================== Bamital & volsnap ====================== (Não há correção automática para arquivos que não passaram na verificação.) C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente LastRegBack: 2018-04-04 16:20 ==================== Fim de FRST.txt ============================ Addition.txt Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 14.03.2018 Executado por User (05-04-2018 02:49:42) Executando a partir de C:\Users\User\Desktop Windows 10 Pro Versão 1607 (X64) (2016-10-04 14:10:58) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-80734308-2147152885-176964575-500 - Administrator - Disabled) Convidado (S-1-5-21-80734308-2147152885-176964575-501 - Limited - Disabled) DefaultAccount (S-1-5-21-80734308-2147152885-176964575-503 - Limited - Disabled) User (S-1-5-21-80734308-2147152885-176964575-1001 - Administrator - Enabled) => C:\Users\User ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Kaspersky Free (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Kaspersky Free (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) µTorrent (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\uTorrent) (Version: 3.5.3.44358 - BitTorrent Inc.) 7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated) Atualizações da NVIDIA 31.0.11.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.0.11.0 - NVIDIA Corporation) Hidden Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team) AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - ) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.55.6279 - BlueStack Systems, Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{FBB43A99-0B72-461A-A6D2-2F1B54D36B69}) (Version: 66.0.3359.12 - Google Inc.) Cuphead (HKLM-x32\...\1963513391_is1) (Version: 20170929 - GOG.com) Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) Device Doctor v3.1 (HKLM-x32\...\Device Doctor_is1) (Version: 3.1 - Device Doctor Software Inc.) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Discord (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Discord) (Version: 0.0.300 - Discord Inc.) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 391.35 - NVIDIA Corporation) Hidden Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories) DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation) eMessenger 310 (HKLM-x32\...\{6CE28479-63DF-4EE7-92C4-5FF2069CB358}) (Version: 1.0.0.28 - KYE SYSTEMS CORP.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) ExitLag (HKLM-x32\...\{31E1803D-6745-43B8-895F-AF9A73F4224E}_is1) (Version: 1.5.1 - SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA) f.lux (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Flux) (Version: - ) ffdshow v1.2.4499 [2013-01-04] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4499.0 - ) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Freemake Video Converter versão 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation) Galeria de Fotos (HKLM-x32\...\{9EE1AE8B-4872-41CA-8C9A-C33D899523E0}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GBBD Caixa Economica Federal (HKLM-x32\...\{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1) (Version: 3.11.0.1 - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version: - Arobas Music) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment) Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.1.77 - Riot Games, Inc.) HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.1.6.3 - Hi-Rez Studios) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden League of Legends (HKLM-x32\...\{BCCDE721-9F4D-4396-9592-92DD865D965E}) (Version: 3.0.1 - Riot Games) Hidden League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games) Legendas 3.5 (HKLM-x32\...\{461C0377-D2EC-4FB0-B038-847BC6455432}_is1) (Version: 3.5 - LegendasBrasil.org) LoLReplay2 (HKLM-x32\...\{9D5BAC5A-EDBF-4A34-AC2D-139C84B7E050}_is1) (Version: v2.1.1 - Aequus Gaming Ltd.) Malwarebytes versão 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) MEmu (HKLM-x32\...\MEmu) (Version: 2.8.6.0 - Microvirt) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\OneDriveSetup.exe) (Version: 18.025.0204.0009 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mouse and Keyboard Recorder 3.1.9.2 (HKLM-x32\...\{3408E5D6-4925-4496-AB67-AB8643C3685C}_is1) (Version: - Robot-Soft.com, Inc.) Movie Maker (HKLM-x32\...\{C05F4139-CB6B-4272-A0BF-861FEB667F27}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 58.0.2 (x64 pt-BR) (HKLM\...\Mozilla Firefox 58.0.2 (x64 pt-BR)) (Version: 58.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MU LEGEND GLOBAL (HKLM-x32\...\{MU2GB92C-VH2O-Z2AQ-N26J-M2VJEWJEUE52}_is1) (Version: 1.0.0.0 - Webzen) NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT) Nero 7 Essentials (HKLM-x32\...\{9B4E6CB9-E54D-47F7-A414-E2D5740E1046}) (Version: 7.02.8507 - Nero AG) NVIDIA Driver de áudio HD 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation) NVIDIA Driver de controle do 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA Driver de gráficos 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.35 - NVIDIA Corporation) NVIDIA Driver do 3D Vision 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.35 - NVIDIA Corporation) NVIDIA GeForce Experience 3.12.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.12.0.84 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.1 - OBS Project) Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - ) Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software) Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.112.1.23 - Overwolf Ltd.) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Painel de controle da NVIDIA 391.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 391.35 - NVIDIA Corporation) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation) PowerProducer (HKLM-x32\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: - ) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Recorder (HKLM-x32\...\{73DFE8A3-C2F1-4CF8-8188-6FCB3335F1D0}) (Version: 7.3.20 - KraTronic) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM\...\{90150000-001F-0416-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SuperBINA para Windows (HKLM-x32\...\SuperBINA para Windows) (Version: - ) System Requirements Lab Detection (HKLM-x32\...\{7F1715CF-43CA-4188-B9DF-7D6F24C8B673}) (Version: 2.1.1.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.5 - TeamSpeak Systems GmbH) TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer) Tibia (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\Tibia) (Version: - CipSoft GmbH) TibiaME (HKU\.DEFAULT\...\TibiaME) (Version: - CipSoft GmbH) TibiaME (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\TibiaME) (Version: - CipSoft GmbH) TweakNow DiskAnalyzer (HKLM-x32\...\TweakNow DiskAnalyzer_is1) (Version: 1.3.0 - TweakNow.com) Twitch (HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0416-1000-0000000FF1CE}_Office15.PROPLUSR_{2BA6245D-FBB9-42F6-AFD9-C0DC52763AD5}) (Version: - Microsoft) Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony) Vimicro USB PC Camera(VC0323) (HKLM-x32\...\{36820BCA-FC55-452E-9085-6E6F1F55508D}) (Version: 1.00.0000 - Vimicro) VisuAlg 2.0.0.12 (20/09/06) (HKLM-x32\...\VisuAlg_is1) (Version: 2.0 - Apoio Informática Ltda.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) vReveal 3 (HKLM-x32\...\vReveal 3) (Version: - MotionDSP) Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Warsaw 2.3.0.83 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.3.0.83 - GAS Tecnologia) Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH) wtfast 4.6 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.6.6.1250 - Initex & AAA Internet Publishing) X-Mouse Button Control 2.16.1 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.16.1 - Highresolution Enterprises) XP Codec Pack (HKLM-x32\...\XP Codec Pack) (Version: 2.5.3 - XP Codec Pack team) Xpadder Power Pack 01.01.2015 (HKLM-x32\...\Xpadder Power Pack 01.01.2015) (Version: - ) ==================== Exame Personalizado CLSID (Whitelisted): ========================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-80734308-2147152885-176964575-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B0-F1D4349F0007}\InprocServer32 -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) CustomCLSID: HKU\S-1-5-21-80734308-2147152885-176964575-1001_Classes\CLSID\{0783EB25-59F8-4F02-B6B1-F1D4349F0007}\InprocServer32 -> C:\Users\User\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll (GAS Tecnologia) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers1-x32-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-05-04] (Nero AG) ContextMenuHandlers1-x32-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-03-16] (AO Kaspersky Lab) ContextMenuHandlers1-x32-x32: [Legendas230] -> {08940faf-34c4-4e6e-8bd4-18c128696403} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation) ContextMenuHandlers1-x32-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-16] (Alexander Roshal) ContextMenuHandlers1-x32-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-09-16] (Alexander Roshal) ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-03-16] (AO Kaspersky Lab) ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers4-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-03-16] (AO Kaspersky Lab) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-23] (NVIDIA Corporation) ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) ContextMenuHandlers6-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-03-16] (AO Kaspersky Lab) ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes) ContextMenuHandlers6-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-09-16] (Alexander Roshal) ContextMenuHandlers6-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-09-16] (Alexander Roshal) ==================== Tarefas Agendadas (Whitelisted) ============= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {01ACC2F7-7946-4E23-92F8-5FCE32837BEB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd) Task: {07BC6475-212A-4555-B79B-C807145697D4} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation) Task: {1014CBC2-A652-45B2-A68A-6472FED930F8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-01-10] (NVIDIA Corporation) Task: {15C8FE1A-2C69-44CC-8EAF-AA633D49FABD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation) Task: {2717D1EC-494B-4DF1-9CA8-1A04D9AA25A0} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Sys-User Sys => C:\Program Files\Microsoft Office\Office15\MsoSync.exe Task: {2BD8C28F-8DB1-4F03-8936-CECEE5AD783E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {3CF5D85D-1A47-4E0F-A7AC-A303944EC704} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {4ABA3D4F-79F0-4981-92FF-C5F9A6FF1075} - System32\Tasks\AdobeAAMUpdater-1.0-Sys-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated) Task: {4D61223B-931B-4CC3-A2D8-B69B8888F39F} - \WPD\SqmUpload_S-1-5-21-80734308-2147152885-176964575-1001 -> Nenhum Arquivo <==== ATENÇÃO Task: {531C2D54-B0C5-4C31-9CEA-39D15F1E24AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {5A66DC0E-BEEA-4079-A153-E26F7C240AF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {772F6D21-1A82-4B30-AF4A-375A34A4EEFB} - System32\Tasks\{9F734F1C-C0D7-40FF-93E2-26887791CCAA} => C:\Windows\system32\pcalua.exe -a C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones\SAMSUNG_USB_Driver_for_Mobile_Phones.exe -d C:\Users\User\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones Task: {7AC9A07F-C376-4B8C-B423-8FFAD5C5ACC6} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-01-10] (NVIDIA Corporation) Task: {7DF79074-572E-45DD-A043-86A2C5F5FD22} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_29_0_0_113_pepper.exe [2018-03-17] (Adobe Systems Incorporated) Task: {84174467-3F21-4797-A62C-E55B0984DB2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.) Task: {8447482B-8D6C-44B2-A361-689DEE245FF6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation) Task: {94800729-53A3-491A-98E6-9DB0CF88C8F6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-01-10] (NVIDIA Corporation) Task: {9EF7221D-4DE0-451E-96D0-8F529170C20B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-01-10] (NVIDIA Corporation) Task: {A3AE6A5B-34FD-4BB7-A170-DFA576FEDF76} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd) Task: {C9081567-FB96-4DB6-9E11-6AC4C91570B4} - System32\Tasks\Opera scheduled Autoupdate 1461083591 => C:\Program Files (x86)\Opera\launcher.exe [2016-04-11] (Opera Software) Task: {DED08F9A-D2D6-4CF8-A853-3AC83037BE06} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2018-04-02] (Overwolf LTD) Task: {DFBD456B-8A2F-4CA5-B50B-8260CF672B4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-17] (Adobe Systems Incorporated) Task: {E090836F-AA3E-4F0C-B036-29E48E11842D} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-01-10] (NVIDIA Corporation) Task: {E58C358E-26DA-49D2-9D8C-DB4083EB5EA5} - System32\Tasks\{DC21E4A4-F6E7-4A9C-89C2-B2F384A347FD} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\Rockstar Games\Social Club\uninstallRGSCRedistributable.exe" -d C:\Windows\ImmersiveControlPanel Task: {E9D6D817-6798-417F-9756-A312CE916F08} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-01-10] (NVIDIA Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XP Codec Pack 2.5.3\Useful links\XP Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com ShortcutWithArgument: C:\Users\User\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CipSoft GmbH\TibiaME.lnk -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.tibiame.com/?section=webclient&markup=xhtml "C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\2a04b4b2-3495824a" ==================== Módulos Carregados (Whitelisted) ============== 2016-07-16 08:42 - 2016-07-16 08:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-16 08:42 - 2016-07-16 08:42 - 002681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2015-03-04 13:06 - 2015-03-04 13:06 - 000076888 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe 2016-07-16 08:42 - 2016-07-16 08:42 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-07-16 08:43 - 2016-07-16 08:43 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-07-16 08:43 - 2016-07-16 20:15 - 009761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-16 08:43 - 2016-07-16 20:15 - 001400320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-16 08:43 - 2016-07-16 20:15 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-07-16 08:43 - 2016-07-16 20:15 - 001033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-07-16 08:43 - 2016-07-16 20:15 - 002438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-16 08:43 - 2016-07-16 20:15 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-07-16 08:43 - 2016-07-16 20:15 - 000114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll 2018-03-25 13:49 - 2018-03-20 03:00 - 002683224 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libglesv2.dll 2018-03-25 13:49 - 2018-03-20 03:00 - 000127832 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\swiftshader\libegl.dll 2016-07-16 08:43 - 2016-07-16 20:15 - 000115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll 2016-07-16 08:43 - 2016-07-16 20:15 - 000522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll 2018-03-16 04:59 - 2018-03-16 04:59 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll 2016-01-15 11:16 - 2016-01-16 01:01 - 000128552 _____ () C:\Program Files\Microvirt\MEmu\libgcc_s_dw2-1.dll 2016-01-15 11:16 - 2016-01-16 01:01 - 001040608 _____ () C:\Program Files\Microvirt\MEmu\libstdc++-6.dll 2016-09-10 03:25 - 2016-09-10 08:27 - 000191336 _____ () C:\Program Files\Microvirt\MEmu\libmemu.dll 2016-01-15 11:16 - 2016-01-16 01:01 - 002771568 _____ () C:\Program Files\Microvirt\MEmu\icuin53.dll 2016-01-15 11:16 - 2016-01-16 01:01 - 001736912 _____ () C:\Program Files\Microvirt\MEmu\icuuc53.dll 2016-01-15 11:16 - 2016-01-16 01:01 - 021675192 _____ () C:\Program Files\Microvirt\MEmu\icudt53.dll 2016-08-24 06:56 - 2016-08-23 10:17 - 003443680 _____ () C:\Program Files\Microvirt\MEmu\libopencv_core249.dll 2016-08-24 06:56 - 2016-08-23 10:17 - 003098193 _____ () C:\Program Files\Microvirt\MEmu\libopencv_imgproc249.dll 2016-01-15 11:16 - 2015-05-23 05:34 - 000782350 _____ () C:\Program Files\Microvirt\MEmu\libprotobuf-7.dll 2016-01-15 11:16 - 2016-05-12 05:43 - 000429736 _____ () C:\Program Files\Microvirt\MEmu\libOpenglRender.dll 2016-01-15 11:16 - 2016-04-01 05:06 - 000222200 _____ () C:\Program Files\Microvirt\MEmu\libEGL_translator.DLL 2016-01-15 11:16 - 2016-04-01 05:06 - 000312352 _____ () C:\Program Files\Microvirt\MEmu\libGLES_CM_translator.DLL 2016-02-02 09:17 - 2016-04-01 05:06 - 000299968 _____ () C:\Program Files\Microvirt\MEmu\libGLES_V2_translator.DLL 2016-01-15 11:16 - 2016-01-16 01:00 - 000895320 _____ () C:\Program Files\Microvirt\MEmu\adb.exe ==================== Alternate Data Streams (Whitelisted) ========= (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] AlternateDataStreams: C:\ProgramData\Temp:890CC2F3 [123] AlternateDataStreams: C:\Users\Todos os Usuários\Temp:890CC2F3 [123] ==================== Modo de Segurança (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\799B2A0D.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\799B2A0D.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Associação (Whitelisted) =============== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.) ==================== Internet Explorer confiável/restrito =============== (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br IE trusted site: HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\caixa.gov.br -> imagem.caixa.gov.br ==================== Hosts Conteúdo: =============================== (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2013-08-22 10:25 - 2018-03-18 12:44 - 000000837 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Outras Áreas ============================ (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-80734308-2147152885-176964575-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: ArcService => 3 MSCONFIG\Services: BEService => 3 MSCONFIG\Services: BstHdAndroidSvc => 3 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdPlusAndroidSvc => 3 MSCONFIG\Services: BstHdUpdaterSvc => 3 MSCONFIG\Services: chromoting => 2 MSCONFIG\Services: COMCdbService => 2 MSCONFIG\Services: GfExperienceService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: HiPatchService => 2 MSCONFIG\Services: hshld => 2 MSCONFIG\Services: HssTrayService => 3 MSCONFIG\Services: KSDE2.0.0 => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NBService => 3 MSCONFIG\Services: NMIndexingService => 3 MSCONFIG\Services: NvContainerLocalSystem => 2 MSCONFIG\Services: NvContainerNetworkService => 3 MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2 MSCONFIG\Services: NVIDIA Wireless Controller Service => 2 MSCONFIG\Services: NvNetworkService => 2 MSCONFIG\Services: NvStreamSvc => 2 MSCONFIG\Services: nvsvc => 2 MSCONFIG\Services: NvTelemetryContainer => 2 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: ose64 => 3 MSCONFIG\Services: OverwolfUpdater => 3 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: Service KMSELDI => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: ss_conn_service => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: Stereo Service => 2 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: WTFast.Service => 2 HKLM\...\StartupApproved\StartupFolder: => "LOLRecorder.lnk" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "LogMeIn GUI" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "WindowsDefender" HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp" HKLM\...\StartupApproved\Run: => "Diebold - Warsaw" HKLM\...\StartupApproved\Run: => "PAC7302_Monitor" HKLM\...\StartupApproved\Run: => "XMouseButtonControl" HKLM\...\StartupApproved\Run32: => "AvastUI.exe" HKLM\...\StartupApproved\Run32: => "LGODDFU" HKLM\...\StartupApproved\Run32: => "LanguageShortcut" HKLM\...\StartupApproved\Run32: => "RemoteControl" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "Arc" HKLM\...\StartupApproved\Run32: => "BlueStacks Agent" HKLM\...\StartupApproved\Run32: => "NvBackend" HKLM\...\StartupApproved\Run32: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run32: => "WindowsDefender" HKLM\...\StartupApproved\Run32: => "rec_en_77" HKLM\...\StartupApproved\Run32: => "mbot_br_014010216" HKLM\...\StartupApproved\Run32: => "RaidCall" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\StartupFolder: => "Animated Wallpaper.lnk" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "ares" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "DAEMON Tools Lite" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "PUSH Wallpaper" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "WTFast Tray" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "MyComGames" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "BlueStacks Agent" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "Overwolf" HKU\S-1-5-21-80734308-2147152885-176964575-1001\...\StartupApproved\Run: => "f.lux" ==================== Regras do Firewall (Whitelisted) =============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{9D4811FD-7C62-48AC-822A-FEA8D45541FC}] => (Allow) %SystemDrive%\Riot Games\League of Legends\lol.launcher.exe FirewallRules: [UDP Query User{E581E91B-66FC-45E1-803F-00DD75FC96C4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{82F20A5D-6FE6-4A3D-908F-FDC1ACA6AB7A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{26BB88BA-F346-432C-AB20-6F9CF5AC34FE}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe FirewallRules: [TCP Query User{C72F26A2-40BB-4858-89C1-85729BDE4C6B}C:\users\user\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\user\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{F0145D9C-568E-4F31-A1B5-3CF2EBCD8C7C}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{6DD7B59C-21AA-4BBC-9F68-6423D70E6DF4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{08DC3788-B704-471D-858C-72AD9108EA9D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{A8187BC8-9C42-4F7C-AA7F-F1851E9E8418}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B0251F9A-2344-4AC3-8BB6-0C9C634C4619}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{03D56705-AAAC-4973-A38A-7D7A6851777F}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{BD34B0C6-876C-41D0-AA3D-676C2FB4E727}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe FirewallRules: [TCP Query User{29FFBF8A-F985-464C-9005-B46FC34E1650}E:\program files (x86)\steam\steam.exe] => (Allow) E:\program files (x86)\steam\steam.exe FirewallRules: [UDP Query User{D3963737-973A-402B-8A7A-068B0D300198}E:\program files (x86)\steam\steam.exe] => (Allow) E:\program files (x86)\steam\steam.exe FirewallRules: [{528C66E4-A752-49A8-B497-D6521A9434FF}] => (Allow) C:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [{5F97EEC9-8116-4D5F-B5E7-582B4F2D7551}] => (Allow) C:\SteamLibrary\steamapps\common\Brawlhalla\Brawlhalla.exe FirewallRules: [TCP Query User{3F6096D0-ED14-44C2-A66F-6C736B81D599}C:\program files (x86)\lolreplay2\lolreplay2.exe] => (Allow) C:\program files (x86)\lolreplay2\lolreplay2.exe FirewallRules: [UDP Query User{250047F9-5BB4-45EF-860B-BAD9CFDCB15E}C:\program files (x86)\lolreplay2\lolreplay2.exe] => (Allow) C:\program files (x86)\lolreplay2\lolreplay2.exe FirewallRules: [TCP Query User{5EC8176B-A234-4BA9-AFBF-9AF900084798}C:\program files (x86)\dolbyaxon\axon.exe] => (Allow) C:\program files (x86)\dolbyaxon\axon.exe FirewallRules: [UDP Query User{02FA2781-E18A-4E8A-8657-4ABA38425494}C:\program files (x86)\dolbyaxon\axon.exe] => (Allow) C:\program files (x86)\dolbyaxon\axon.exe FirewallRules: [TCP Query User{52B440C2-B173-4A00-A8E6-C07D4E2722F2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{622C2C72-1D75-46CD-A54B-620F00104E76}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{5462BD86-31FB-4E02-B017-7E09A74558FC}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe FirewallRules: [UDP Query User{BD4BB93A-21EB-4A47-94E8-E3C43B17A1ED}E:\hearthstone\hearthstone.exe] => (Allow) E:\hearthstone\hearthstone.exe FirewallRules: [{65C09887-0E37-4056-A216-0BB036F1B880}] => (Allow) C:\Program Files (x86)\RaidCall.BR\raidcall.exe FirewallRules: [{DF69BC04-B480-431C-A272-3ED7DC6790DD}] => (Allow) C:\Program Files (x86)\RaidCall.BR\raidcall.exe FirewallRules: [TCP Query User{BD6EE93F-7987-4F04-8E54-061A03EC95BF}E:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) E:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{6EAB9DDF-0100-43D7-9D0D-DC843B6A5681}E:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) E:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [TCP Query User{C4C30B8E-4DC0-43F6-AE99-F9DBF5EF4E1D}C:\program files (x86)\medivia online\medivia_d3d.exe] => (Allow) C:\program files (x86)\medivia online\medivia_d3d.exe FirewallRules: [UDP Query User{C2C12BCD-0AFD-443F-854C-3A248E4BE549}C:\program files (x86)\medivia online\medivia_d3d.exe] => (Allow) C:\program files (x86)\medivia online\medivia_d3d.exe FirewallRules: [TCP Query User{C149A688-1AE2-41D3-952D-AAABA66FB0FD}C:\program files (x86)\medivia online\medivia_ogl.exe] => (Allow) C:\program files (x86)\medivia online\medivia_ogl.exe FirewallRules: [UDP Query User{097B39BF-A9D2-4339-8926-57459A9F7EC9}C:\program files (x86)\medivia online\medivia_ogl.exe] => (Allow) C:\program files (x86)\medivia online\medivia_ogl.exe FirewallRules: [{32715216-7614-4632-B753-FEE8F16FAB65}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{0EDC8C72-7F2B-4FFC-88F7-D7741C6E60C5}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [TCP Query User{B5686133-F221-48F5-9175-B1050123BF05}E:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) E:\program files (x86)\diablo iii\x64\diablo iii64.exe FirewallRules: [UDP Query User{07302E1D-6592-4717-8B42-8E6954967D2D}E:\program files (x86)\diablo iii\x64\diablo iii64.exe] => (Allow) E:\program files (x86)\diablo iii\x64\diablo iii64.exe FirewallRules: [{4DEE09B2-D2A7-4467-B5ED-1FFCC9832A23}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FBA6616B-6018-40AD-B993-CA243F9048DC}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{7F043F5B-0D13-42C5-A975-0594E0FBE648}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{99E7D695-8DBA-4F92-9FB9-E77D9D4B9ED2}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [{8A08789F-947D-4D8E-9582-C94883624C0C}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe FirewallRules: [{C2C0ACA7-545C-4171-AC1E-10BD4FA5A14C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1540A3EA-E73F-4D28-AD0A-92778D728B79}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{75A701E7-14B1-466D-AF01-7AEA8109A700}] => (Allow) C:\Program Files (x86)\WTFast\WTFast.exe FirewallRules: [{D1BDDFEE-AB59-45A3-9735-00DCB14C151C}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{C8B8372A-C793-4B56-8AFB-CC82A3415A66}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{F5FED0A3-AD5E-4500-8374-0E61A9FAD495}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe FirewallRules: [{BFB4381F-87B7-4BF2-9A6A-878F75C7649B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{2B5A0E0F-4365-4E15-B1B7-753F4EDE7D15}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{17BB2B8C-69C8-492A-9761-E8A0B66C951F}] => (Allow) C:\Program Files (x86)\WTFast\wtfast.exe FirewallRules: [{7613C700-A7BE-4580-A240-F03687412FD7}] => (Allow) C:\Program Files (x86)\WTFast\wtfast.exe FirewallRules: [TCP Query User{70D0DD51-7018-43CC-A227-A42E7F02E766}E:\games\killer instinct\killerinstinctx64_r.exe] => (Block) E:\games\killer instinct\killerinstinctx64_r.exe FirewallRules: [UDP Query User{13D4ACF7-BE30-428E-A576-0E6C978D0B09}E:\games\killer instinct\killerinstinctx64_r.exe] => (Block) E:\games\killer instinct\killerinstinctx64_r.exe FirewallRules: [{466A9F2B-0C98-4EB7-8302-00576573FF31}] => (Allow) C:\Program Files (x86)\WTFast\wtfast.exe FirewallRules: [{AB0AF04F-B799-428C-A9A7-E64E1B105EBF}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Battlerite\Battlerite.exe FirewallRules: [{782892BE-F29F-4009-A36B-195E80D8EDB4}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Battlerite\Battlerite.exe FirewallRules: [{F89B24B1-4FD2-4FFE-8D9B-6F611A65C847}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe FirewallRules: [{306655EF-79EB-4CD2-8454-6614F14C3F17}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe FirewallRules: [{8FF371DD-6822-41B8-B8FB-8D2E22D5A9BC}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe FirewallRules: [{E2142DF8-1078-44F9-A83B-F5F47205B32F}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe FirewallRules: [{D344B2C5-BFED-4887-B7BE-D1BB4422AF2B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{B32B8943-1780-4304-84E3-4A8E60547E3E}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{7707AEC1-0DBB-4B7F-AB08-5E28C6955CF9}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{4834D56F-8E38-4535-8643-4AADCA9D68D6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{FD828819-B124-40D6-B8CD-F36CC3B944B1}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{ECBF353B-50EE-4C56-9D01-54E07EF9168B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [{CD3C1BF2-2C8F-4D6B-9F18-E1E7B28B2D21}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{A4359603-CC21-40D6-B2B4-379185A63B2A}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{9980E61E-8B18-4E9F-8AEE-F0FBF862CC14}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe FirewallRules: [{AEEB6F05-7E12-446B-8BD5-3373AD2C3EE6}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe FirewallRules: [{F2964E21-A447-4749-91D6-62FEC72AAD93}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe FirewallRules: [{B5FDF006-5434-4057-BFB3-7DAEA6E3E023}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe FirewallRules: [TCP Query User{E9A497F1-2E71-4F07-A403-E0B4FAB7EA2C}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe FirewallRules: [UDP Query User{472A80BE-5D49-499F-B498-59C1FE51CDEF}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe FirewallRules: [TCP Query User{B68F601E-0C0C-4DF6-91E4-DF9BAE38F392}E:\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe FirewallRules: [UDP Query User{0079EC31-D11D-4BEA-821A-2C3F8C0E9AAC}E:\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe] => (Allow) E:\heroes of the storm\versions\base60522\heroesofthestorm_x64.exe FirewallRules: [{3E8661CF-E384-46DA-B414-7A8B14E093D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{250BF09E-B579-43BC-BC3D-7861AF639B25}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{43A432B1-6E8F-4815-83E9-EF80E9BE99AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7CA84C82-F6CE-4EC8-950F-D7B185F07210}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{77BAB579-E1A5-4C61-8640-BFDE0BE0230A}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{A37C556C-F87F-4230-AB0A-D870B36BFADF}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5CA643C9-AC61-4CEF-822F-65743C63BB0F}] => (Allow) C:\Program Files (x86)\WTFast\wtfast.exe FirewallRules: [TCP Query User{095FC1D8-1156-4A41-9AA3-DC87E666F424}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe FirewallRules: [UDP Query User{D92A7A1D-60F3-4BC8-B100-974CE7B590EE}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.129\deploy\leagueclient.exe FirewallRules: [TCP Query User{D8B498C2-A564-4133-9360-47344D29FF1D}C:\games\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\games\electronic arts\ultima online enhanced\uosa.exe FirewallRules: [UDP Query User{86C745E8-796A-4BBF-B393-37B25C854149}C:\games\electronic arts\ultima online enhanced\uosa.exe] => (Allow) C:\games\electronic arts\ultima online enhanced\uosa.exe FirewallRules: [{EE5D33DE-2DDB-4FE7-85DF-5CC727E248E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{AC643F85-EEB3-4858-8415-81097AF145E9}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe FirewallRules: [UDP Query User{617044F4-FB22-4910-BBDD-5521307319A5}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.137\deploy\leagueclient.exe FirewallRules: [{C11EBD95-8D3A-4F61-8D53-9410F00CA969}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe FirewallRules: [{CE7A8B28-29EC-44B4-A439-4D289EC348EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{633A3155-1071-46F5-BA61-8EA638C1EC8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{008C4A5D-9D85-4AD2-B509-70013E13E8E5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{B0FE66FB-7223-4482-ACA9-34E2E98EED29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{131A51C1-0A0A-48EB-BDC2-9F80A379AFF8}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe FirewallRules: [UDP Query User{5459F870-58FE-43E4-A5C5-BB1CEB4852B4}C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe] => (Allow) C:\riot games\league of legends\rads\projects\league_client\releases\0.0.0.138\deploy\leagueclient.exe ==================== Pontos de Restauração ========================= 16-03-2018 12:18:41 Ponto de Verificação Agendado 21-03-2018 14:34:00 JRT Pre-Junkware Removal 28-03-2018 14:56:48 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============= Name: VirtualBox Host-Only Ethernet Adapter #2 Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erros no Log de eventos: ========================= Erros em Aplicativos: ================== Error: (04/05/2018 02:47:11 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Erro ao atualizar o status para SECURITY_PRODUCT_STATE_OFF (erro %3). Error: (04/05/2018 02:45:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004C003 Argumento de linha de comando: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=49cd895b-53b2-4dc4-a5f7-b18aa019ad37;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (04/05/2018 02:45:22 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: Falha na aquisição da Licença de Usuário Final. hr=0xC004C003 Sku Id=49cd895b-53b2-4dc4-a5f7-b18aa019ad37 Error: (04/05/2018 02:45:22 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: Detalhes da falha na aquisição de licença. hr=0xC004C003 Error: (04/05/2018 02:44:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0x8007139F Argumento de linha de comando: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=49cd895b-53b2-4dc4-a5f7-b18aa019ad37;NotificationInterval=1440;Trigger=NetworkAvailable Error: (04/05/2018 02:44:56 AM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: Falha na aquisição da Licença de Usuário Final. hr=0xC004C003 Sku Id=49cd895b-53b2-4dc4-a5f7-b18aa019ad37 Error: (04/05/2018 02:44:56 AM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: Detalhes da falha na aquisição de licença. hr=0xC004C003 Error: (04/05/2018 01:18:25 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Erros de Sistema: ============= Error: (04/05/2018 02:45:19 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (04/04/2018 04:09:38 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (04/04/2018 11:33:28 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (04/04/2018 04:39:09 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (04/04/2018 04:37:54 AM) (Source: DCOM) (EventID: 10010) (User: SYS) Description: O servidor App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca não se registrou no DCOM dentro do tempo limite necessário. Error: (04/03/2018 06:24:35 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Error: (04/03/2018 06:22:18 PM) (Source: DCOM) (EventID: 10010) (User: SYS) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Error: (04/03/2018 11:41:15 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT) Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} e APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} ao usuário AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes. Windows Defender: =================================== Date: 2017-11-30 23:27:59.731 Description: O exame do Windows Defender foi interrompido antes da conclusão. ID do Exame: {0161DD25-5781-4F30-8AFB-446E3BE93568} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2017-11-30 14:07:27.471 Description: O exame do Windows Defender foi interrompido antes da conclusão. ID do Exame: {DFDB650E-6AB7-4DB1-8BF6-30D6618C1568} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2017-11-29 12:49:32.202 Description: O exame do Windows Defender foi interrompido antes da conclusão. ID do Exame: {48F28DC8-9C4B-41CD-8107-FF50362817E5} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2017-11-29 11:44:52.070 Description: O exame do Windows Defender foi interrompido antes da conclusão. ID do Exame: {634876CF-EC95-481B-B2A6-190F097DAEA0} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2017-11-28 12:25:24.498 Description: O exame do Windows Defender foi interrompido antes da conclusão. ID do Exame: {3F069BCE-0E93-4966-8730-A1491C114195} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2017-11-30 13:32:27.617 Description: O Windows Defender encontrou um erro ao atualizar assinaturas. Versão da Nova Assinatura: Versão da Assinatura Anterior: 1.257.1139.0 Origem da Atualização: Servidor do Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão do Mecanismo Atual: Versão do Mecanismo Anterior: 1.1.14306.0 Código de erro: 0x80070422 Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. Date: 2017-11-29 11:37:35.762 Description: O Windows Defender encontrou um erro ao atualizar assinaturas. Versão da Nova Assinatura: Versão da Assinatura Anterior: 1.257.1037.0 Origem da Atualização: Servidor do Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão do Mecanismo Atual: Versão do Mecanismo Anterior: 1.1.14306.0 Código de erro: 0x80070422 Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. Date: 2017-11-27 11:34:16.334 Description: O Windows Defender encontrou um erro ao atualizar assinaturas. Versão da Nova Assinatura: Versão da Assinatura Anterior: 1.257.959.0 Origem da Atualização: Servidor do Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão do Mecanismo Atual: Versão do Mecanismo Anterior: 1.1.14306.0 Código de erro: 0x80070422 Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. Date: 2017-11-25 11:21:04.026 Description: O Windows Defender encontrou um erro ao atualizar assinaturas. Versão da Nova Assinatura: Versão da Assinatura Anterior: 1.257.930.0 Origem da Atualização: Servidor do Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão do Mecanismo Atual: Versão do Mecanismo Anterior: 1.1.14306.0 Código de erro: 0x80070422 Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. Date: 2017-11-24 10:15:19.514 Description: O Windows Defender encontrou um erro ao atualizar assinaturas. Versão da Nova Assinatura: Versão da Assinatura Anterior: 1.257.835.0 Origem da Atualização: Servidor do Microsoft Update Tipo de Assinatura: Antivírus Tipo de Atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão do Mecanismo Atual: Versão do Mecanismo Anterior: 1.1.14306.0 Código de erro: 0x80070422 Descrição do erro: O serviço não pode ser iniciado porque está desativado ou não tem dispositivos ativados associados. CodeIntegrity: =================================== Date: 2018-04-04 22:42:25.270 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-04 22:31:17.640 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-04 19:41:26.484 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-04 19:24:14.297 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-04 12:03:58.463 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-04 03:58:29.561 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-04 00:57:29.760 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2018-04-02 22:09:45.092 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. ==================== Informações da Memória =========================== Processador: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz Percentagem de memória em uso: 34% RAM física total: 7659.95 MB RAM física disponível: 5021.64 MB Virtual Total: 14571.95 MB Virtual disponível: 11583.91 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:292.19 GB) (Free:97.16 GB) NTFS Drive e: () (Fixed) (Total:638.54 GB) (Free:284.12 GB) NTFS Drive f: (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS Drive g: () (Fixed) (Total:97.56 GB) (Free:84.99 GB) NTFS Drive h: () (Fixed) (Total:200.43 GB) (Free:27.8 GB) NTFS Drive k: () (Removable) (Total:7.31 GB) (Free:4.1 GB) FAT32 \\?\Volume{e96b257a-4b26-11e4-824b-806e6f6e6963}\ (Reservado pelo Sistema) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS \\?\Volume{0db6540b-0000-0000-0000-e02149000000}\ () (Fixed) (Total:0.44 GB) (Free:0.1 GB) NTFS ==================== MBR & Tabela de Partições ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 0DB6540B) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=292.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 50455045) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=200.4 GB) - (Type=0F Extended) ======================================================== Disk: 2 (Protective MBR) (Size: 7.3 GB) (Disk ID: 00000000) Partition: GPT. ==================== Fim de Addition.txt ============================
  7. @Elias Pereira Segue o Log 04:42:06.0550 7760 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 04:42:07.0715 7760 ============================================================ 04:42:07.0715 7760 Current date / time: 2018/04/04 04:42:07.0715 04:42:07.0715 7760 SystemInfo: 04:42:07.0715 7760 04:42:07.0731 7760 OS Version: 6.2.9200 ServicePack: 0.0 04:42:07.0731 7760 Product type: Workstation 04:42:07.0731 7760 ComputerName: SYS 04:42:07.0731 7760 UserName: User 04:42:07.0731 7760 Windows directory: C:\WINDOWS 04:42:07.0731 7760 System windows directory: C:\WINDOWS 04:42:07.0731 7760 Running under WOW64 04:42:07.0731 7760 Processor architecture: Intel x64 04:42:07.0731 7760 Number of processors: 4 04:42:07.0731 7760 Page size: 0x1000 04:42:07.0731 7760 Boot type: Normal boot 04:42:07.0731 7760 ============================================================ 04:42:07.0872 7760 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 04:42:07.0872 7760 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x50C0B, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040 04:42:08.0788 7760 ============================================================ 04:42:08.0788 7760 \Device\Harddisk0\DR0: 04:42:08.0803 7760 MBR partitions: 04:42:08.0803 7760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000 04:42:08.0803 7760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x2485F800 04:42:08.0803 7760 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x4FD15800 04:42:08.0803 7760 \Device\Harddisk1\DR1: 04:42:08.0803 7760 MBR partitions: 04:42:08.0803 7760 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 04:42:08.0803 7760 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31C800 04:42:08.0803 7760 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5 04:42:08.0803 7760 ============================================================ 04:42:08.0859 7760 C: <-> \Device\Harddisk0\DR0\Partition2 04:42:08.0960 7760 E: <-> \Device\Harddisk0\DR0\Partition3 04:42:08.0960 7760 F: <-> \Device\Harddisk1\DR1\Partition1 04:42:08.0960 7760 G: <-> \Device\Harddisk1\DR1\Partition2 04:42:08.0960 7760 H: <-> \Device\Harddisk1\DR1\Partition3 04:42:08.0960 7760 ============================================================ 04:42:08.0960 7760 Initialize success 04:42:08.0960 7760 ============================================================ 04:42:23.0436 8508 ============================================================ 04:42:23.0436 8508 Scan started 04:42:23.0436 8508 Mode: Manual; SigCheck; TDLFS; 04:42:23.0436 8508 ============================================================ 04:42:24.0544 8508 ================ Scan system memory ======================== 04:42:24.0544 8508 System memory - ok 04:42:24.0544 8508 ================ Scan services ============================= 04:42:24.0997 8508 1394ohci - ok 04:42:25.0012 8508 3ware - ok 04:42:25.0075 8508 [ BEE1682DA217A4AD46C36896769AA580 ] 799B2A0D C:\WINDOWS\system32\drivers\799B2A0D.sys 04:42:25.0122 8508 799B2A0D - ok 04:42:25.0137 8508 ACPI - ok 04:42:25.0137 8508 AcpiDev - ok 04:42:25.0137 8508 acpiex - ok 04:42:25.0137 8508 acpipagr - ok 04:42:25.0169 8508 AcpiPmi - ok 04:42:25.0200 8508 acpitime - ok 04:42:25.0376 8508 [ CA805DA983594B01F3554464B2E5158F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 04:42:25.0376 8508 AdobeARMservice - ok 04:42:25.0782 8508 [ 2486BBFDAE393D3F212A7AD521F75B7F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 04:42:25.0844 8508 AdobeFlashPlayerUpdateSvc - ok 04:42:25.0844 8508 ADP80XX - ok 04:42:25.0860 8508 AFD - ok 04:42:25.0860 8508 ahcache - ok 04:42:25.0876 8508 AJRouter - ok 04:42:25.0907 8508 ALG - ok 04:42:25.0907 8508 AmdK8 - ok 04:42:25.0922 8508 AmdPPM - ok 04:42:25.0922 8508 amdsata - ok 04:42:25.0922 8508 amdsbs - ok 04:42:25.0922 8508 amdxata - ok 04:42:25.0954 8508 [ EFD1765905491B742C531FF6C38E9EC7 ] andnetadb C:\WINDOWS\System32\Drivers\lgandnetadb.sys 04:42:26.0079 8508 andnetadb - ok 04:42:26.0079 8508 AppID - ok 04:42:26.0094 8508 AppIDSvc - ok 04:42:26.0094 8508 Appinfo - ok 04:42:26.0126 8508 applockerfltr - ok 04:42:26.0150 8508 AppMgmt - ok 04:42:26.0188 8508 AppReadiness - ok 04:42:26.0203 8508 AppVClient - ok 04:42:26.0203 8508 AppvStrm - ok 04:42:26.0219 8508 AppvVemgr - ok 04:42:26.0222 8508 AppvVfs - ok 04:42:26.0222 8508 AppXSvc - ok 04:42:26.0222 8508 arcsas - ok 04:42:26.0222 8508 AsyncMac - ok 04:42:26.0222 8508 atapi - ok 04:42:26.0222 8508 AudioEndpointBuilder - ok 04:42:26.0238 8508 Audiosrv - ok 04:42:26.0481 8508 [ 24B91DEBF94F19292C32DB76190036C9 ] AVP18.0.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe 04:42:26.0497 8508 AVP18.0.0 - ok 04:42:26.0512 8508 AxInstSV - ok 04:42:26.0528 8508 b06bdrv - ok 04:42:26.0528 8508 BasicDisplay - ok 04:42:26.0528 8508 BasicRender - ok 04:42:26.0544 8508 bcmfn - ok 04:42:26.0544 8508 bcmfn2 - ok 04:42:26.0575 8508 BDESVC - ok 04:42:26.0575 8508 Beep - ok 04:42:26.0794 8508 [ B2E699AD20FBA9F8E1CA9DB8E641F940 ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe 04:42:27.0044 8508 BEService - ok 04:42:27.0059 8508 BFE - ok 04:42:27.0091 8508 BITS - ok 04:42:27.0106 8508 bowser - ok 04:42:27.0106 8508 BrokerInfrastructure - ok 04:42:27.0106 8508 Browser - ok 04:42:27.0216 8508 [ A66BA18451A735BF6F8E4C0B82B98ABE ] BstHdAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Service.exe 04:42:27.0278 8508 BstHdAndroidSvc - ok 04:42:27.0326 8508 [ D7DA6DE19CF4A24F17DDEC16A2971CEC ] BstHdDrv C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys 04:42:27.0346 8508 BstHdDrv - ok 04:42:27.0377 8508 [ 65E8444FAD22676870471596BF6EA001 ] BstHdLogRotatorSvc C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe 04:42:27.0408 8508 BstHdLogRotatorSvc - ok 04:42:27.0439 8508 [ ACCD2A16E25F2B6AE8F359A79CCF76D6 ] BstHdPlusAndroidSvc C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe 04:42:27.0486 8508 BstHdPlusAndroidSvc - ok 04:42:27.0533 8508 [ 95820BAC50416203BAB1AA3B1D5C6ED5 ] BstkDrv C:\Program Files (x86)\Bluestacks\BstkDrv.sys 04:42:27.0611 8508 BstkDrv - ok 04:42:27.0611 8508 BthAvrcpTg - ok 04:42:27.0627 8508 BthHFEnum - ok 04:42:27.0627 8508 bthhfhid - ok 04:42:27.0642 8508 BthHFSrv - ok 04:42:27.0642 8508 BTHMODEM - ok 04:42:27.0642 8508 bthserv - ok 04:42:27.0674 8508 buttonconverter - ok 04:42:27.0689 8508 CapImg - ok 04:42:27.0689 8508 cdfs - ok 04:42:27.0705 8508 CDPSvc - ok 04:42:27.0721 8508 CDPUserSvc - ok 04:42:27.0721 8508 cdrom - ok 04:42:27.0721 8508 CertPropSvc - ok 04:42:27.0830 8508 [ F889EEDCD5FF5BDD3A70A26763AA6C08 ] chromoting C:\Program Files (x86)\Google\Chrome Remote Desktop\66.0.3359.12\remoting_host.exe 04:42:27.0846 8508 chromoting - ok 04:42:27.0846 8508 cht4iscsi - ok 04:42:27.0846 8508 cht4vbd - ok 04:42:27.0861 8508 circlass - ok 04:42:27.0861 8508 CLFS - ok 04:42:27.0861 8508 ClipSVC - ok 04:42:27.0877 8508 clreg - ok 04:42:27.0877 8508 CmBatt - ok 04:42:27.0908 8508 [ F03BD81B9F81EE845D790B55417CD0AA ] cm_km C:\WINDOWS\system32\DRIVERS\cm_km.sys 04:42:27.0924 8508 cm_km - ok 04:42:27.0939 8508 CNG - ok 04:42:27.0939 8508 cnghwassist - ok 04:42:28.0111 8508 [ 59C65CE281E0288609A59C40B8A01E59 ] COMCdbService C:\Program Files (x86)\Legendas-3.1\srvcdb.exe 04:42:28.0361 8508 COMCdbService - ok 04:42:28.0584 8508 CompositeBus - ok 04:42:28.0584 8508 COMSysApp - ok 04:42:28.0584 8508 condrv - ok 04:42:28.0631 8508 CoreMessagingRegistrar - ok 04:42:28.0677 8508 CryptSvc - ok 04:42:28.0693 8508 CSC - ok 04:42:28.0709 8508 CscService - ok 04:42:28.0709 8508 dam - ok 04:42:28.0756 8508 DcomLaunch - ok 04:42:28.0771 8508 DcpSvc - ok 04:42:28.0818 8508 defragsvc - ok 04:42:28.0834 8508 DeviceAssociationService - ok 04:42:28.0849 8508 DeviceInstall - ok 04:42:28.0865 8508 DevQueryBroker - ok 04:42:28.0881 8508 Dfsc - ok 04:42:28.0912 8508 [ 30710AEFCE721CEEE0F35EB6A01C263C ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys 04:42:28.0927 8508 dg_ssudbus - ok 04:42:28.0943 8508 Dhcp - ok 04:42:29.0006 8508 diagnosticshub.standardcollector.service - ok 04:42:29.0021 8508 DiagTrack - ok 04:42:29.0052 8508 disk - ok 04:42:29.0084 8508 DmEnrollmentSvc - ok 04:42:29.0099 8508 dmvsc - ok 04:42:29.0146 8508 dmwappushservice - ok 04:42:29.0162 8508 Dnscache - ok 04:42:29.0177 8508 dot3svc - ok 04:42:29.0193 8508 DPS - ok 04:42:29.0209 8508 drmkaud - ok 04:42:29.0224 8508 DsmSvc - ok 04:42:29.0240 8508 DsSvc - ok 04:42:29.0256 8508 [ 33F90B202E9DD9B7D489EB59310FDC34 ] dtsoftbus01 C:\WINDOWS\System32\drivers\dtsoftbus01.sys 04:42:29.0271 8508 dtsoftbus01 - ok 04:42:29.0287 8508 DXGKrnl - ok 04:42:29.0287 8508 EapHost - ok 04:42:29.0287 8508 EasyAntiCheat - ok 04:42:29.0375 8508 [ 6E2297B84CA1B8FE28DA732E345165DA ] EasyAntiCheatSys C:\WINDOWS\system32\drivers\EasyAntiCheat.sys 04:42:29.0446 8508 EasyAntiCheatSys - ok 04:42:29.0462 8508 ebdrv - ok 04:42:29.0478 8508 EFS - ok 04:42:29.0493 8508 EhStorClass - ok 04:42:29.0509 8508 EhStorTcgDrv - ok 04:42:29.0509 8508 embeddedmode - ok 04:42:29.0556 8508 EntAppSvc - ok 04:42:29.0571 8508 ErrDev - ok 04:42:29.0603 8508 [ 717C872515922B245A40E0A2F2ED33CE ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys 04:42:29.0634 8508 ESProtectionDriver - ok 04:42:29.0665 8508 EventSystem - ok 04:42:29.0665 8508 exfat - ok 04:42:29.0665 8508 fastfat - ok 04:42:29.0696 8508 Fax - ok 04:42:29.0712 8508 fdc - ok 04:42:29.0728 8508 fdPHost - ok 04:42:29.0743 8508 FDResPub - ok 04:42:29.0759 8508 fhsvc - ok 04:42:29.0774 8508 FileCrypt - ok 04:42:29.0790 8508 FileInfo - ok 04:42:29.0806 8508 Filetrace - ok 04:42:29.0806 8508 flpydisk - ok 04:42:29.0806 8508 FltMgr - ok 04:42:29.0821 8508 FontCache - ok 04:42:29.0962 8508 FontCache3.0.0.0 - ok 04:42:29.0978 8508 FrameServer - ok 04:42:29.0993 8508 FsDepends - ok 04:42:29.0993 8508 Fs_Rec - ok 04:42:30.0009 8508 fvevol - ok 04:42:30.0009 8508 gencounter - ok 04:42:30.0024 8508 genericusbfn - ok 04:42:30.0040 8508 GPIOClx0101 - ok 04:42:30.0056 8508 gpsvc - ok 04:42:30.0056 8508 GpuEnergyDrv - ok 04:42:30.0181 8508 [ 750446ED76A5D13E902174DDDDA1A62B ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 04:42:30.0181 8508 gupdate - ok 04:42:30.0181 8508 [ 750446ED76A5D13E902174DDDDA1A62B ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 04:42:30.0196 8508 gupdatem - ok 04:42:30.0243 8508 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 04:42:30.0335 8508 gusvc - ok 04:42:30.0383 8508 [ 37DEC4DF2C85C2EF05A94E57EB4365D6 ] Hamachi C:\WINDOWS\system32\DRIVERS\Hamdrv.sys 04:42:30.0400 8508 Hamachi - ok 04:42:30.0400 8508 HdAudAddService - ok 04:42:30.0431 8508 HDAudBus - ok 04:42:30.0431 8508 HidBatt - ok 04:42:30.0431 8508 HidBth - ok 04:42:30.0447 8508 hidi2c - ok 04:42:30.0463 8508 hidinterrupt - ok 04:42:30.0463 8508 HidIr - ok 04:42:30.0463 8508 hidserv - ok 04:42:30.0478 8508 HidUsb - ok 04:42:30.0541 8508 [ EA4FA7E8E1183C3F2F8778E234C7D413 ] HiPatchService E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe 04:42:30.0619 8508 HiPatchService ( UnsignedFile.Multi.Generic ) - warning 04:42:30.0619 8508 HiPatchService - detected UnsignedFile.Multi.Generic (1) 04:42:30.0634 8508 HomeGroupListener - ok 04:42:30.0650 8508 HomeGroupProvider - ok 04:42:30.0697 8508 HpSAMD - ok 04:42:30.0697 8508 HTTP - ok 04:42:30.0728 8508 HvHost - ok 04:42:30.0744 8508 hvservice - ok 04:42:30.0744 8508 hwpolicy - ok 04:42:30.0744 8508 hyperkbd - ok 04:42:30.0775 8508 i8042prt - ok 04:42:30.0791 8508 iagpio - ok 04:42:30.0791 8508 iai2c - ok 04:42:30.0791 8508 iaLPSS2i_GPIO2 - ok 04:42:30.0806 8508 iaLPSS2i_I2C - ok 04:42:30.0806 8508 iaLPSSi_GPIO - ok 04:42:30.0806 8508 iaLPSSi_I2C - ok 04:42:30.0838 8508 iaStorAV - ok 04:42:30.0885 8508 iaStorV - ok 04:42:30.0885 8508 ibbus - ok 04:42:30.0978 8508 icssvc - ok 04:42:30.0994 8508 IKEEXT - ok 04:42:30.0994 8508 IndirectKmd - ok 04:42:30.0994 8508 intelide - ok 04:42:31.0010 8508 intelpep - ok 04:42:31.0010 8508 intelppm - ok 04:42:31.0010 8508 iorate - ok 04:42:31.0010 8508 IpFilterDriver - ok 04:42:31.0025 8508 iphlpsvc - ok 04:42:31.0025 8508 IPMIDRV - ok 04:42:31.0025 8508 IPNAT - ok 04:42:31.0025 8508 irda - ok 04:42:31.0041 8508 IRENUM - ok 04:42:31.0041 8508 irmon - ok 04:42:31.0056 8508 isapnp - ok 04:42:31.0103 8508 iScsiPrt - ok 04:42:31.0103 8508 kbdclass - ok 04:42:31.0119 8508 kbdhid - ok 04:42:31.0135 8508 kdnic - ok 04:42:31.0135 8508 KeyIso - ok 04:42:31.0166 8508 [ 025177EB96DDB40DBA3CD003AD54D90B ] kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys 04:42:31.0197 8508 kl1 - ok 04:42:31.0244 8508 [ AD67F0BFD14CA21269A274C3A4BEF497 ] klbackupdisk C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys 04:42:31.0260 8508 klbackupdisk - ok 04:42:31.0275 8508 [ D69BC00276AA42AB957B4420DD66436A ] klbackupflt C:\WINDOWS\system32\DRIVERS\klbackupflt.sys 04:42:31.0291 8508 klbackupflt - ok 04:42:31.0322 8508 [ 7DAA9047F50BF5A3F8C147719FC520AF ] kldisk C:\WINDOWS\system32\DRIVERS\kldisk.sys 04:42:31.0322 8508 kldisk - ok 04:42:31.0339 8508 [ 7AD0CCE09BEBE47E578BDD567AAB4051 ] klelam C:\WINDOWS\system32\DRIVERS\klelam.sys 04:42:31.0355 8508 klelam - ok 04:42:31.0388 8508 [ 44AAFFCBD506C15ED27BD2FA85BED2FE ] klflt C:\WINDOWS\system32\DRIVERS\klflt.sys 04:42:31.0403 8508 klflt - ok 04:42:31.0435 8508 [ 2EBE042FF7CC4774D653D762CC02B395 ] KLHK C:\WINDOWS\System32\drivers\klhk.sys 04:42:31.0466 8508 KLHK - ok 04:42:31.0482 8508 [ F49563A42667D8C4DB59502D69CEABF0 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys 04:42:31.0528 8508 KLIF - ok 04:42:31.0560 8508 [ FE25B1DF1D5546EB45721C1022A3B048 ] KLIM6 C:\WINDOWS\system32\DRIVERS\klim6.sys 04:42:31.0560 8508 KLIM6 - ok 04:42:31.0591 8508 [ BCD71B7987E6A5DCECCDABE4B5C5675C ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys 04:42:31.0591 8508 klkbdflt - ok 04:42:31.0622 8508 [ C8DCC1339A3E5548B09F439F28F4DF1D ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys 04:42:31.0622 8508 klmouflt - ok 04:42:31.0638 8508 [ C334FBE82E1ADE139FFCD43517378A4B ] klpd C:\WINDOWS\system32\DRIVERS\klpd.sys 04:42:31.0654 8508 klpd - ok 04:42:31.0669 8508 [ ED9BCB990982C7D9AD7E98C1406B1D6D ] klpnpflt C:\WINDOWS\system32\DRIVERS\klpnpflt.sys 04:42:31.0685 8508 klpnpflt - ok 04:42:31.0700 8508 [ 828B042A95F055648DA190DF6C7AB1B6 ] kltap C:\WINDOWS\System32\drivers\kltap.sys 04:42:31.0716 8508 kltap - ok 04:42:31.0747 8508 [ 5DF80B8ED56F8865D0AD904F3199F08D ] klupd_klif_arkmon C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys 04:42:31.0747 8508 klupd_klif_arkmon - ok 04:42:31.0810 8508 [ 34D207C9300529BE5E29267922483778 ] klupd_klif_kimul C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys 04:42:31.0810 8508 klupd_klif_kimul - ok 04:42:31.0841 8508 [ 0EA41015CD1B41AFCCC896A916E8617A ] klupd_klif_klark C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys 04:42:31.0872 8508 klupd_klif_klark - ok 04:42:31.0888 8508 [ DA3C0A419D56B332FADF15546EF5FC04 ] klupd_klif_klbg C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys 04:42:31.0888 8508 klupd_klif_klbg - ok 04:42:31.0919 8508 [ F31EC261ECC09DB51EE6EDC03A415140 ] klupd_klif_mark C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys 04:42:31.0919 8508 klupd_klif_mark - ok 04:42:32.0076 8508 [ 33C55B05B758AAD633F6C882063D79E9 ] klvssbridge64_18.0.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe 04:42:32.0154 8508 klvssbridge64_18.0.0 - ok 04:42:32.0154 8508 [ 6577A7495694DF82DFC80BB146AA296D ] klwfp C:\WINDOWS\system32\DRIVERS\klwfp.sys 04:42:32.0216 8508 klwfp - ok 04:42:32.0247 8508 [ 53FA5196D5C10C52F064F6DD1B99689F ] Klwtp C:\WINDOWS\system32\DRIVERS\klwtp.sys 04:42:32.0247 8508 Klwtp - ok 04:42:32.0263 8508 [ C2E155A456E0E18953A41546C8769E63 ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys 04:42:32.0310 8508 kneps - ok 04:42:32.0455 8508 [ 4DCE20849E789DC24A867E7D7B15CE5B ] KSDE2.0.0 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe 04:42:32.0517 8508 KSDE2.0.0 - ok 04:42:32.0548 8508 KSecDD - ok 04:42:32.0564 8508 KSecPkg - ok 04:42:32.0564 8508 ksthunk - ok 04:42:32.0595 8508 KtmRm - ok 04:42:32.0595 8508 LanmanServer - ok 04:42:32.0611 8508 LanmanWorkstation - ok 04:42:32.0626 8508 [ A208CED7ED63D3FD685786D61A6992CB ] legendasdrv C:\WINDOWS\system32\drivers\legendasdrv.sys 04:42:32.0642 8508 legendasdrv - ok 04:42:32.0658 8508 lfsvc - ok 04:42:32.0673 8508 LicenseManager - ok 04:42:32.0673 8508 lltdio - ok 04:42:32.0689 8508 lltdsvc - ok 04:42:32.0705 8508 lmhosts - ok 04:42:32.0736 8508 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\WINDOWS\system32\DRIVERS\lmimirr.sys 04:42:32.0736 8508 lmimirr - ok 04:42:32.0751 8508 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys 04:42:32.0767 8508 LMIRfsDriver - ok 04:42:32.0783 8508 LSI_SAS - ok 04:42:32.0798 8508 LSI_SAS2i - ok 04:42:32.0798 8508 LSI_SAS3i - ok 04:42:32.0798 8508 LSI_SSS - ok 04:42:32.0814 8508 LSM - ok 04:42:32.0845 8508 luafv - ok 04:42:32.0861 8508 MapsBroker - ok 04:42:32.0892 8508 [ 0FB88EE543AEA761734B244609417E61 ] MBAMChameleon C:\WINDOWS\System32\Drivers\MbamChameleon.sys 04:42:32.0908 8508 MBAMChameleon - ok 04:42:32.0955 8508 [ 9B77E5124A6D7F89EB9A1B7616EA1553 ] MBAMFarflt C:\WINDOWS\system32\DRIVERS\farflt.sys 04:42:33.0033 8508 MBAMFarflt - ok 04:42:33.0048 8508 [ 7A7F39E150E13BD8D26554E0DD652AE9 ] MBAMProtection C:\WINDOWS\system32\DRIVERS\mbam.sys 04:42:33.0064 8508 MBAMProtection - ok 04:42:33.0236 8508 [ A44B6F7B5F5BF9A73BF84D78876671EE ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe 04:42:33.0583 8508 MBAMService - ok 04:42:33.0630 8508 [ 4FA981BBE3DF0D3D91213793303F9C37 ] MBAMSwissArmy C:\WINDOWS\System32\Drivers\mbamswissarmy.sys 04:42:33.0692 8508 MBAMSwissArmy - ok 04:42:33.0708 8508 [ DC884BB3A92A737E247C1D56C86711EB ] MBAMWebProtection C:\WINDOWS\system32\DRIVERS\mwac.sys 04:42:33.0755 8508 MBAMWebProtection - ok 04:42:33.0770 8508 megasas - ok 04:42:33.0770 8508 megasr - ok 04:42:33.0802 8508 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys 04:42:33.0833 8508 MEIx64 - ok 04:42:33.0880 8508 [ 573F228F046D12EBF33EF85C87DDE074 ] memudrv C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys 04:42:33.0895 8508 memudrv - ok 04:42:33.0911 8508 MessagingService - ok 04:42:33.0927 8508 mlx4_bus - ok 04:42:33.0958 8508 MMCSS - ok 04:42:33.0958 8508 Modem - ok 04:42:33.0958 8508 monitor - ok 04:42:33.0958 8508 mouclass - ok 04:42:33.0974 8508 mouhid - ok 04:42:33.0974 8508 mountmgr - ok 04:42:34.0005 8508 [ 5FD8FEB002DCA919BA18F51C267BFFEB ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 04:42:34.0036 8508 MozillaMaintenance - ok 04:42:34.0052 8508 mpsdrv - ok 04:42:34.0067 8508 MpsSvc - ok 04:42:34.0067 8508 MRxDAV - ok 04:42:34.0067 8508 mrxsmb - ok 04:42:34.0067 8508 mrxsmb10 - ok 04:42:34.0067 8508 mrxsmb20 - ok 04:42:34.0083 8508 MsBridge - ok 04:42:34.0083 8508 MSDTC - ok 04:42:34.0099 8508 Msfs - ok 04:42:34.0114 8508 msgpiowin32 - ok 04:42:34.0130 8508 mshidkmdf - ok 04:42:34.0130 8508 mshidumdf - ok 04:42:34.0145 8508 msisadrv - ok 04:42:34.0145 8508 MSiSCSI - ok 04:42:34.0161 8508 msiserver - ok 04:42:34.0161 8508 MSKSSRV - ok 04:42:34.0161 8508 MsLldp - ok 04:42:34.0161 8508 MSPCLOCK - ok 04:42:34.0161 8508 MSPQM - ok 04:42:34.0177 8508 MsRPC - ok 04:42:34.0192 8508 MsSecFlt - ok 04:42:34.0192 8508 mssmbios - ok 04:42:34.0192 8508 MSTEE - ok 04:42:34.0208 8508 MTConfig - ok 04:42:34.0208 8508 Mup - ok 04:42:34.0208 8508 mvumis - ok 04:42:34.0208 8508 NativeWifiP - ok 04:42:34.0286 8508 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe 04:42:34.0412 8508 NBService - ok 04:42:34.0428 8508 NcaSvc - ok 04:42:34.0443 8508 NcbService - ok 04:42:34.0443 8508 NcdAutoSetup - ok 04:42:34.0443 8508 ndfltr - ok 04:42:34.0459 8508 NDIS - ok 04:42:34.0459 8508 NdisCap - ok 04:42:34.0459 8508 NdisImPlatform - ok 04:42:34.0459 8508 NdisTapi - ok 04:42:34.0459 8508 Ndisuio - ok 04:42:34.0506 8508 NdisVirtualBus - ok 04:42:34.0522 8508 NdisWan - ok 04:42:34.0522 8508 ndiswanlegacy - ok 04:42:34.0522 8508 ndproxy - ok 04:42:34.0537 8508 Ndu - ok 04:42:34.0537 8508 NetAdapterCx - ok 04:42:34.0553 8508 NetBIOS - ok 04:42:34.0553 8508 NetBT - ok 04:42:34.0553 8508 Netlogon - ok 04:42:34.0553 8508 Netman - ok 04:42:34.0553 8508 netprofm - ok 04:42:34.0600 8508 NetSetupSvc - ok 04:42:34.0943 8508 NetTcpPortSharing - ok 04:42:34.0975 8508 NgcCtnrSvc - ok 04:42:34.0975 8508 NgcSvc - ok 04:42:34.0975 8508 NlaSvc - ok 04:42:35.0100 8508 [ E584D6668E6A3923FF32E026A5ED2A03 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe 04:42:35.0147 8508 NMIndexingService - ok 04:42:35.0147 8508 Npfs - ok 04:42:35.0147 8508 npggsvc - ok 04:42:35.0162 8508 npsvctrig - ok 04:42:35.0178 8508 nsi - ok 04:42:35.0178 8508 nsiproxy - ok 04:42:35.0178 8508 NTFS - ok 04:42:35.0194 8508 Null - ok 04:42:35.0225 8508 [ BF58D8D2DA50AF7A8E55567B7C73661A ] NVHDA C:\WINDOWS\system32\drivers\nvhda64v.sys 04:42:35.0256 8508 NVHDA - ok 04:42:36.0103 8508 [ B7CDB3C5EEB48C892D94759D99B19D09 ] nvlddmkm C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_c1a085cc86772d3f\nvlddmkm.sys 04:42:36.0623 8508 nvlddmkm - ok 04:42:36.0639 8508 nvraid - ok 04:42:36.0654 8508 nvstor - ok 04:42:36.0733 8508 [ 33486D139DB345A3D3245C4B57FDADC7 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 04:42:36.0764 8508 NvStreamKms - ok 04:42:36.0905 8508 [ 64473C7916BAF33FE73F1A44C559E672 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe 04:42:36.0951 8508 NvTelemetryContainer - ok 04:42:36.0983 8508 [ 036A8C30C662397A2D882D9AFF99089F ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys 04:42:36.0983 8508 nvvad_WaveExtensible - ok 04:42:36.0998 8508 [ 6F34CDC03E80AB53383527072833A731 ] nvvhci C:\WINDOWS\System32\drivers\nvvhci.sys 04:42:37.0014 8508 nvvhci - ok 04:42:37.0030 8508 OneSyncSvc - ok 04:42:37.0147 8508 [ 6573D86AF82EE9D10C466D0CF23BB72D ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe 04:42:37.0267 8508 Origin Client Service - ok 04:42:37.0391 8508 [ 031E8E20DFA1E379727ACE4C8B580FF1 ] Origin Web Helper Service C:\Program Files (x86)\Origin\OriginWebHelperService.exe 04:42:37.0553 8508 Origin Web Helper Service - ok 04:42:37.0600 8508 [ B9C125314A025127FE562C116D614AA3 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 04:42:37.0631 8508 ose64 - ok 04:42:37.0756 8508 [ 46EDE171D5A8CC1A4ACFCF7A5B81C1C1 ] OverwolfUpdater C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe 04:42:37.0818 8508 OverwolfUpdater - ok 04:42:37.0850 8508 p2pimsvc - ok 04:42:37.0881 8508 p2psvc - ok 04:42:37.0912 8508 [ 0950875BC5F7348B263B2A3FC56CBA34 ] PAC7302 C:\WINDOWS\system32\DRIVERS\PAC7302.SYS 04:42:38.0037 8508 PAC7302 - ok 04:42:38.0084 8508 Parport - ok 04:42:38.0100 8508 partmgr - ok 04:42:38.0131 8508 PcaSvc - ok 04:42:38.0147 8508 pci - ok 04:42:38.0162 8508 pciide - ok 04:42:38.0178 8508 pcmcia - ok 04:42:38.0193 8508 pcw - ok 04:42:38.0193 8508 pdc - ok 04:42:38.0225 8508 PEAUTH - ok 04:42:38.0256 8508 PeerDistSvc - ok 04:42:38.0256 8508 percsas2i - ok 04:42:38.0256 8508 percsas3i - ok 04:42:38.0713 8508 PerfHost - ok 04:42:38.0775 8508 PhoneSvc - ok 04:42:38.0791 8508 PimIndexMaintenanceSvc - ok 04:42:38.0807 8508 pla - ok 04:42:38.0822 8508 PlugPlay - ok 04:42:38.0838 8508 PnkBstrA - ok 04:42:38.0853 8508 PNRPAutoReg - ok 04:42:38.0853 8508 PNRPsvc - ok 04:42:38.0885 8508 PolicyAgent - ok 04:42:38.0885 8508 Power - ok 04:42:38.0900 8508 PptpMiniport - ok 04:42:39.0072 8508 [ 7196D3C2E2E3129814C8DAB91F9A7D1E ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll 04:42:39.0354 8508 PrintNotify - ok 04:42:39.0372 8508 Processor - ok 04:42:39.0411 8508 ProfSvc - ok 04:42:39.0420 8508 Psched - ok 04:42:39.0420 8508 QWAVE - ok 04:42:39.0420 8508 QWAVEdrv - ok 04:42:39.0420 8508 RasAcd - ok 04:42:39.0451 8508 RasAgileVpn - ok 04:42:39.0451 8508 RasAuto - ok 04:42:39.0467 8508 Rasl2tp - ok 04:42:39.0482 8508 RasMan - ok 04:42:39.0482 8508 RasPppoe - ok 04:42:39.0498 8508 RasSstp - ok 04:42:39.0498 8508 rdbss - ok 04:42:39.0514 8508 rdpbus - ok 04:42:39.0514 8508 RDPDR - ok 04:42:39.0529 8508 RdpVideoMiniport - ok 04:42:39.0529 8508 rdyboost - ok 04:42:39.0529 8508 ReFSv1 - ok 04:42:39.0545 8508 RemoteAccess - ok 04:42:39.0560 8508 RemoteRegistry - ok 04:42:39.0576 8508 RetailDemo - ok 04:42:39.0732 8508 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe 04:42:39.0826 8508 RichVideo ( UnsignedFile.Multi.Generic ) - warning 04:42:39.0826 8508 RichVideo - detected UnsignedFile.Multi.Generic (1) 04:42:39.0826 8508 RmSvc - ok 04:42:39.0826 8508 RpcEptMapper - ok 04:42:39.0842 8508 RpcLocator - ok 04:42:39.0857 8508 RpcSs - ok 04:42:39.0857 8508 rspndr - ok 04:42:39.0873 8508 rt640x64 - ok 04:42:39.0904 8508 s3cap - ok 04:42:39.0920 8508 SamSs - ok 04:42:39.0920 8508 sbp2port - ok 04:42:39.0920 8508 SCardSvr - ok 04:42:39.0951 8508 ScDeviceEnum - ok 04:42:39.0982 8508 scfilter - ok 04:42:39.0998 8508 Schedule - ok 04:42:39.0998 8508 scmbus - ok 04:42:40.0014 8508 scmdisk0101 - ok 04:42:40.0045 8508 SCPolicySvc - ok 04:42:40.0045 8508 sdbus - ok 04:42:40.0045 8508 SDRSVC - ok 04:42:40.0045 8508 sdstor - ok 04:42:40.0045 8508 seclogon - ok 04:42:40.0061 8508 SENS - ok 04:42:40.0061 8508 Sense - ok 04:42:40.0076 8508 SensorDataService - ok 04:42:40.0107 8508 SensorService - ok 04:42:40.0123 8508 SensrSvc - ok 04:42:40.0123 8508 SerCx - ok 04:42:40.0123 8508 SerCx2 - ok 04:42:40.0123 8508 Serenum - ok 04:42:40.0141 8508 Serial - ok 04:42:40.0144 8508 sermouse - ok 04:42:40.0155 8508 SessionEnv - ok 04:42:40.0158 8508 sfloppy - ok 04:42:40.0173 8508 SharedAccess - ok 04:42:40.0205 8508 ShellHWDetection - ok 04:42:40.0236 8508 shpamsvc - ok 04:42:40.0236 8508 SiSRaid2 - ok 04:42:40.0252 8508 SiSRaid4 - ok 04:42:40.0366 8508 [ B72B80E6FF423C5011E745CB76DA9A08 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 04:42:40.0471 8508 SkypeUpdate - ok 04:42:40.0503 8508 smphost - ok 04:42:40.0518 8508 SmsRouter - ok 04:42:40.0518 8508 SNMPTRAP - ok 04:42:40.0518 8508 spaceport - ok 04:42:40.0534 8508 SpbCx - ok 04:42:40.0549 8508 Spooler - ok 04:42:40.0549 8508 sppsvc - ok 04:42:40.0565 8508 srv - ok 04:42:40.0565 8508 srv2 - ok 04:42:40.0581 8508 srvnet - ok 04:42:40.0596 8508 SSDPSRV - ok 04:42:40.0628 8508 SstpSvc - ok 04:42:40.0674 8508 [ 91310683D7B6B292B746D60734B59322 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys 04:42:40.0721 8508 ssudmdm - ok 04:42:40.0768 8508 [ F7093A27C4AF6D9EEA0ACAC1C4FF6828 ] ssudserd C:\WINDOWS\system32\DRIVERS\ssudserd.sys 04:42:40.0800 8508 ssudserd - ok 04:42:41.0018 8508 [ 9DA3B55B17B54789AFB8C657D4ACE4D7 ] ss_conn_service C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe 04:42:41.0159 8508 ss_conn_service - ok 04:42:41.0175 8508 StateRepository - ok 04:42:41.0315 8508 [ F71CA689063E1A15A44268A6B42E3164 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 04:42:41.0490 8508 Steam Client Service - ok 04:42:41.0506 8508 stexstor - ok 04:42:41.0521 8508 stisvc - ok 04:42:41.0521 8508 storahci - ok 04:42:41.0521 8508 storflt - ok 04:42:41.0521 8508 stornvme - ok 04:42:41.0521 8508 storqosflt - ok 04:42:41.0537 8508 StorSvc - ok 04:42:41.0537 8508 storufs - ok 04:42:41.0537 8508 storvsc - ok 04:42:41.0553 8508 svsvc - ok 04:42:41.0553 8508 swenum - ok 04:42:41.0568 8508 swprv - ok 04:42:41.0646 8508 SWUpdateService - ok 04:42:41.0678 8508 Synth3dVsc - ok 04:42:41.0693 8508 SysMain - ok 04:42:41.0709 8508 SystemEventsBroker - ok 04:42:41.0725 8508 TabletInputService - ok 04:42:41.0771 8508 [ 3C32FF010F869BC184DF71290477384E ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys 04:42:41.0803 8508 tap0901 - ok 04:42:41.0834 8508 [ E790E904BB06081F5A3DAFE87F20D06B ] taphss6 C:\WINDOWS\system32\DRIVERS\taphss6.sys 04:42:41.0850 8508 taphss6 - ok 04:42:41.0850 8508 TapiSrv - ok 04:42:41.0881 8508 [ 3C32FF010F869BC184DF71290477384E ] tapwp01 C:\WINDOWS\system32\DRIVERS\tapwp01.sys 04:42:41.0912 8508 tapwp01 - ok 04:42:41.0912 8508 Tcpip - ok 04:42:41.0912 8508 Tcpip6 - ok 04:42:41.0928 8508 tcpipreg - ok 04:42:41.0928 8508 tdx - ok 04:42:42.0506 8508 [ F6881DC71A5D8DCA1E3DF4302E31AA25 ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe 04:42:43.0350 8508 TeamViewer - ok 04:42:43.0383 8508 terminpt - ok 04:42:43.0431 8508 TermService - ok 04:42:43.0478 8508 Themes - ok 04:42:43.0556 8508 TieringEngineService - ok 04:42:43.0603 8508 tiledatamodelsvc - ok 04:42:43.0634 8508 TimeBrokerSvc - ok 04:42:43.0650 8508 TPM - ok 04:42:43.0666 8508 TrkWks - ok 04:42:43.0713 8508 TrustedInstaller - ok 04:42:43.0728 8508 tsusbflt - ok 04:42:43.0728 8508 TsUsbGD - ok 04:42:43.0744 8508 tsusbhub - ok 04:42:43.0775 8508 tzautoupdate - ok 04:42:43.0775 8508 UASPStor - ok 04:42:43.0775 8508 UcmCx0101 - ok 04:42:43.0791 8508 UcmTcpciCx0101 - ok 04:42:43.0806 8508 UcmUcsi - ok 04:42:43.0822 8508 Ucx01000 - ok 04:42:43.0822 8508 UdeCx - ok 04:42:43.0822 8508 udfs - ok 04:42:43.0838 8508 UEFI - ok 04:42:43.0838 8508 UevAgentDriver - ok 04:42:43.0853 8508 UevAgentService - ok 04:42:43.0853 8508 Ufx01000 - ok 04:42:43.0853 8508 UfxChipidea - ok 04:42:43.0869 8508 ufxsynopsys - ok 04:42:43.0884 8508 UI0Detect - ok 04:42:43.0900 8508 umbus - ok 04:42:43.0900 8508 UmPass - ok 04:42:43.0916 8508 UmRdpService - ok 04:42:43.0916 8508 UnistoreSvc - ok 04:42:43.0916 8508 upnphost - ok 04:42:43.0931 8508 UrsChipidea - ok 04:42:43.0931 8508 UrsCx01000 - ok 04:42:43.0931 8508 UrsSynopsys - ok 04:42:43.0947 8508 usbaudio - ok 04:42:43.0947 8508 usbccgp - ok 04:42:43.0963 8508 usbcir - ok 04:42:43.0978 8508 usbehci - ok 04:42:43.0978 8508 usbhub - ok 04:42:43.0978 8508 USBHUB3 - ok 04:42:43.0994 8508 usbohci - ok 04:42:44.0009 8508 usbprint - ok 04:42:44.0025 8508 usbser - ok 04:42:44.0025 8508 USBSTOR - ok 04:42:44.0025 8508 usbuhci - ok 04:42:44.0025 8508 USBXHCI - ok 04:42:44.0041 8508 UserDataSvc - ok 04:42:44.0056 8508 UserManager - ok 04:42:44.0072 8508 UsoSvc - ok 04:42:44.0088 8508 VaultSvc - ok 04:42:44.0150 8508 [ 839927AE745E5FEEFF2FEDB1C360808A ] VBoxDrv C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 04:42:44.0181 8508 VBoxDrv - ok 04:42:44.0228 8508 [ AF7181C136C761FFF1D4BDEAC89ADFDB ] VBoxNetAdp C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys 04:42:44.0244 8508 VBoxNetAdp - ok 04:42:44.0275 8508 [ FFBED9472385DD8F18191EE8AAC08AEB ] VBoxNetLwf C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys 04:42:44.0291 8508 VBoxNetLwf - ok 04:42:44.0322 8508 [ 069B27AD07538B20C584668F0D4D644A ] VBoxUSB C:\WINDOWS\System32\Drivers\VBoxUSB.sys 04:42:44.0383 8508 VBoxUSB - ok 04:42:44.0424 8508 [ F6D0F57B75479C1DA04A54AB6CCD07C8 ] VBoxUSBMon C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 04:42:44.0447 8508 VBoxUSBMon - ok 04:42:44.0447 8508 vdrvroot - ok 04:42:44.0447 8508 vds - ok 04:42:44.0478 8508 VerifierExt - ok 04:42:44.0509 8508 vhdmp - ok 04:42:44.0509 8508 vhf - ok 04:42:44.0541 8508 vmbus - ok 04:42:44.0541 8508 VMBusHID - ok 04:42:44.0572 8508 [ 503BA53C6F246570FBC69D454410C6B2 ] vmcam325av C:\WINDOWS\System32\Drivers\Vm323av64.sys 04:42:44.0666 8508 vmcam325av - ok 04:42:44.0666 8508 vmgid - ok 04:42:44.0681 8508 vmicguestinterface - ok 04:42:44.0681 8508 vmicheartbeat - ok 04:42:44.0681 8508 vmickvpexchange - ok 04:42:44.0681 8508 vmicrdv - ok 04:42:44.0697 8508 vmicshutdown - ok 04:42:44.0697 8508 vmictimesync - ok 04:42:44.0697 8508 vmicvmsession - ok 04:42:44.0697 8508 vmicvss - ok 04:42:44.0712 8508 volmgr - ok 04:42:44.0728 8508 volmgrx - ok 04:42:44.0728 8508 volsnap - ok 04:42:44.0744 8508 volume - ok 04:42:44.0744 8508 vpci - ok 04:42:44.0744 8508 vsmraid - ok 04:42:44.0744 8508 VSS - ok 04:42:44.0759 8508 VSTXRAID - ok 04:42:44.0775 8508 [ F3C1754C74167C1CAE6F7B5E946C117E ] vvftav323 C:\WINDOWS\system32\drivers\vvftav323.sys 04:42:44.0822 8508 vvftav323 - ok 04:42:44.0822 8508 vwifibus - ok 04:42:44.0837 8508 vwififlt - ok 04:42:44.0837 8508 W32Time - ok 04:42:44.0853 8508 WacomPen - ok 04:42:44.0869 8508 WalletService - ok 04:42:44.0869 8508 wanarp - ok 04:42:44.0884 8508 wanarpv6 - ok 04:42:45.0009 8508 [ DC34F51CED7CC444F27E2B8D837CD0FF ] Warsaw Technology C:\Program Files\Diebold\Warsaw\core.exe 04:42:45.0041 8508 Warsaw Technology - ok 04:42:45.0041 8508 wbengine - ok 04:42:45.0072 8508 WbioSrvc - ok 04:42:45.0072 8508 wcifs - ok 04:42:45.0087 8508 Wcmsvc - ok 04:42:45.0119 8508 wcncsvc - ok 04:42:45.0119 8508 wcnfs - ok 04:42:45.0134 8508 WdBoot - ok 04:42:45.0134 8508 Wdf01000 - ok 04:42:45.0134 8508 WdFilter - ok 04:42:45.0166 8508 WdiServiceHost - ok 04:42:45.0166 8508 WdiSystemHost - ok 04:42:45.0166 8508 wdiwifi - ok 04:42:45.0181 8508 WdNisDrv - ok 04:42:45.0197 8508 WdNisSvc - ok 04:42:45.0212 8508 WebClient - ok 04:42:45.0228 8508 Wecsvc - ok 04:42:45.0259 8508 WEPHOSTSVC - ok 04:42:45.0275 8508 wercplsupport - ok 04:42:45.0291 8508 WerSvc - ok 04:42:45.0291 8508 WFPLWFS - ok 04:42:45.0291 8508 WiaRpc - ok 04:42:45.0306 8508 WIMMount - ok 04:42:45.0306 8508 WinDefend - ok 04:42:45.0322 8508 WindowsTrustedRT - ok 04:42:45.0322 8508 WindowsTrustedRTProxy - ok 04:42:45.0337 8508 WinHttpAutoProxySvc - ok 04:42:45.0353 8508 WinMad - ok 04:42:45.0479 8508 Winmgmt - ok 04:42:45.0494 8508 WinRM - ok 04:42:45.0525 8508 WINUSB - ok 04:42:45.0525 8508 WinVerbs - ok 04:42:45.0541 8508 wisvc - ok 04:42:45.0572 8508 WlanSvc - ok 04:42:45.0588 8508 wlidsvc - ok 04:42:45.0604 8508 WmiAcpi - ok 04:42:45.0604 8508 wmiApSrv - ok 04:42:45.0619 8508 WMPNetworkSvc - ok 04:42:45.0650 8508 [ EDADABA8665AB5C51BF59C4E2566BA7E ] Wof C:\WINDOWS\system32\drivers\Wof.sys 04:42:45.0666 8508 Wof - ok 04:42:45.0713 8508 workfolderssvc - ok 04:42:45.0744 8508 WPDBusEnum - ok 04:42:45.0760 8508 WpdUpFltr - ok 04:42:45.0775 8508 WpnService - ok 04:42:45.0775 8508 WpnUserService - ok 04:42:45.0775 8508 ws2ifsl - ok 04:42:45.0775 8508 wscsvc - ok 04:42:45.0807 8508 [ 02553BF9B625B0C2FC2715B42BBD1C74 ] wsddfac C:\WINDOWS\system32\drivers\wsddfac.sys 04:42:45.0822 8508 wsddfac - ok 04:42:45.0869 8508 [ 589E3BE121267D476E744471F5AABFFA ] wsddntf C:\WINDOWS\system32\DRIVERS\wsddntf.sys 04:42:45.0885 8508 wsddntf - ok 04:42:45.0932 8508 [ 7382D22F0B3B1DE91B30B0798547A637 ] wsddpp C:\WINDOWS\system32\drivers\wsddpp.sys 04:42:45.0932 8508 wsddpp - ok 04:42:45.0947 8508 [ FE176D71EB5E7D650EA6CD74E1893553 ] wsddprm C:\WINDOWS\system32\drivers\wsddprm.sys 04:42:45.0963 8508 wsddprm - ok 04:42:45.0963 8508 WSearch - ok 04:42:46.0057 8508 [ 4F6D2228C95CEAB8D4C0213CB4003589 ] WTFast.Service C:\Program Files (x86)\WTFast\service\WTFast.Service.exe 04:42:46.0150 8508 WTFast.Service ( UnsignedFile.Multi.Generic ) - warning 04:42:46.0150 8508 WTFast.Service - detected UnsignedFile.Multi.Generic (1) 04:42:46.0166 8508 [ E0FF31286CC742BDD49DDC8EC2C2DDD2 ] WtfEngineDrv C:\WINDOWS\system32WtfEngineDrv.sys 04:42:46.0182 8508 WtfEngineDrv - ok 04:42:46.0182 8508 wuauserv - ok 04:42:46.0182 8508 WudfPf - ok 04:42:46.0182 8508 WUDFRd - ok 04:42:46.0182 8508 wudfsvc - ok 04:42:46.0197 8508 WUDFWpdFs - ok 04:42:46.0197 8508 WUDFWpdMtp - ok 04:42:46.0213 8508 WwanSvc - ok 04:42:46.0213 8508 XblAuthManager - ok 04:42:46.0229 8508 XblGameSave - ok 04:42:46.0229 8508 xboxgip - ok 04:42:46.0260 8508 XboxNetApiSvc - ok 04:42:46.0307 8508 [ 36DCBA7D4A1D5DE63066D17CA623D5FB ] xhunter1 C:\WINDOWS\xhunter1.sys 04:42:46.0354 8508 xhunter1 - ok 04:42:46.0354 8508 xinputhid - ok 04:42:46.0354 8508 ================ Scan global =============================== 04:42:46.0479 8508 [Global] - ok 04:42:46.0479 8508 ================ Scan MBR ================================== 04:42:46.0479 8508 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 04:42:46.0932 8508 \Device\Harddisk0\DR0 - ok 04:42:46.0932 8508 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 04:42:47.0026 8508 \Device\Harddisk1\DR1 - ok 04:42:47.0026 8508 ================ Scan VBR ================================== 04:42:47.0042 8508 [ 9BCAC50C63A9771B084DC4EBBBACAEF7 ] \Device\Harddisk0\DR0\Partition1 04:42:47.0042 8508 \Device\Harddisk0\DR0\Partition1 - ok 04:42:47.0057 8508 [ E2591B299B3B4BD6DAA1CA51FB760796 ] \Device\Harddisk0\DR0\Partition2 04:42:47.0073 8508 \Device\Harddisk0\DR0\Partition2 - ok 04:42:47.0089 8508 [ DC6060FB01DDBDDA032F3EA42CA006B8 ] \Device\Harddisk0\DR0\Partition3 04:42:47.0104 8508 \Device\Harddisk0\DR0\Partition3 - ok 04:42:47.0104 8508 [ 2E3010F38B4F3EE8E35DDD7FA0247D01 ] \Device\Harddisk1\DR1\Partition1 04:42:47.0104 8508 \Device\Harddisk1\DR1\Partition1 - ok 04:42:47.0104 8508 [ FFF1CC22C2D01FAE0E35E3427AD63BA0 ] \Device\Harddisk1\DR1\Partition2 04:42:47.0104 8508 \Device\Harddisk1\DR1\Partition2 - ok 04:42:47.0104 8508 [ A3981E5C30FCB48C52C8CF61783837AB ] \Device\Harddisk1\DR1\Partition3 04:42:47.0104 8508 \Device\Harddisk1\DR1\Partition3 - ok 04:42:47.0104 8508 ============================================================ 04:42:47.0104 8508 Scan finished 04:42:47.0104 8508 ============================================================ 04:42:47.0104 8500 Detected object count: 3 04:42:47.0104 8500 Actual detected object count: 3 04:44:59.0423 8500 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user 04:44:59.0423 8500 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 04:44:59.0423 8500 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user 04:44:59.0423 8500 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 04:44:59.0424 8500 WTFast.Service ( UnsignedFile.Multi.Generic ) - skipped by user 04:44:59.0424 8500 WTFast.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
  8. @Elias Pereira Me perdoe a demora, as vezes esses processos demoram pra aparecer e eu não tenho usado muito o computador... As vezes tentei deixar de madrugada ligado pra ver o que dava mas dava varios erros de memoria e o pc ficava travado, acho que tantos processos eram executados que dava falta de memoria ultimamente tem dado esse aviso dizendo que precisa de mais memoria no pc segue o log https://mega.nz/#!LeRTnT7J!WP8JldEsWSX-_4rvx11VUhRrE0bR28htZ1luNsavF-4
  9. @Elias Pereira segue o link com o Bootlog https://mega.nz/#!vf4UyBTA!nhwEcRrFHpn0d9mT-Tzgec_6P1t3FskVZyHbepwZ1go
  10. @Elias Pereira cara, o arquivo ta abrindo pelo notepad de uma maneira bem estranha por exemplo, o começo ta assim ________________ PML_ S Y S C : \ W I N D O W S 5 ¨ 8¼ 8ù Èâû T^þ ÿÿþÿÿ 98 @¿Þ ¨ ¢þ £¬@<þÁÓ Ô€Ã ¦¬@<þÁÓ •· @ ­@<þÁÓ 9 ~² øÿÿ°f² øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ ã± øÿÿ )€ C:\WINDOWS\System32\Drivers\PROCMON24.SYS G­@<þÁÓ 2 ~² øÿÿ°f² øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ ÉÜøÿÿ ‚ € C:\WINDOWS\system32\ntoskrnl.exe m­@<þÁÓ + ~² øÿÿ°f² øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ ÐÁÜøÿÿ P € C:\WINDOWS\system32\hal.dll Š­@<þÁÓ , ~² øÿÿ°f² øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ ³Ûøÿÿ ° € C:\WINDOWS\system32\kd.dll ¤­@<þÁÓ = ~² øÿÿ°f² øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ ©± øÿÿ à -€ C:\WINDOWS\system32\mcupdate_GenuineIntel.dll ½­@<þÁÓ 9 ~² øÿÿ°f² øÿÿ½;BÝøÿÿ%8BÝøÿÿ›5BÝøÿÿËpBÝøÿÿérCÝøÿÿP•Ýøÿÿ½äÒÜøÿÿVÞÜøÿÿ ²± øÿÿ )€ C:\WINDOWS\System32\drivers\werkernel.sys ___________________________________________ de qualquer maneira, quando eu tentava postar o conteudo do notepad para o https://pastebin.com/ o pc travava demais e dava erro na pagina do pastebin me perdoe a demora, essa semana tive que viajar, um parente faleceu aguardo orientações
  11. @Elias Pereira Bom, não consegui abrir esse Bootlog.pml pra ter acesso as informações pra copiar e colar não consegui abrir em txt nem em xml e quando abria no programa não achei nada que tivesse como copiar por favor me ensina a ter acesso a essas informações pra poder postar aqui O LOG ja está prontinho
  12. @Elias Pereira É Elias, o problema persiste, como você pode ver na foto que mandei o sistema carrega mais de 200 "console window host" e fica consumindo muito a cpu e memoria travando bastante o computador além disso o windows defender não inicia quando clico em "iniciar agora", segue também a foto no anexo Aguardo por mais ajuda! Aprecio sua atenção e espero não estar atrapalhando muito...
  13. @Elias Pereira Ok elias, vamos deixar o tópico aberto mais uns dias só pra ver se algo de errado acontece Até quinta feira eu deixo o tópico como resolvido se ficar tudo bem obrigado por tudo
  14. segue o log.... ____________ RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 10 (10.0.14393) 64 bits version Iniciou : Modo normal Usuário : User [Administrador] Started from : C:\Users\User\Desktop\RogueKiller_portable64.exe Modo : Deletar -- Data : 03/16/2018 13:17:04 (Duration : 00:55:43) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 3 ¤¤¤ [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Simplitec -> Deletado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{952EAFBA-24B6-494C-9247-00B208378B7F}C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe|Name=aria2c.exe|Desc=aria2c.exe|Defer=User| [x] -> Deletado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{6F684ED7-73DC-4238-AD82-919AF483B8F8}C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe|Name=aria2c.exe|Desc=aria2c.exe|Defer=User| [x] -> Deletado ¤¤¤ Tarefas : 2 ¤¤¤ [PUP.HackTool] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Deletado [Suspicious.Path] \Rerun Warsaw's CoreFixer -- C:\WINDOWS\TEMP\is-GI8H0.tmp\corefixer.exe (/norerun) -> Deletado ¤¤¤ Arquivos : 1 ¤¤¤ [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Deletado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 2 ¤¤¤ [PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> Deletado [PUM.HomePage][Firefox:Config] hefto18c.default : user_pref("browser.startup.homepage", "http://www.tibiame.com/"); -> Substituído (about:home) ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: ST1000VM002-1CT162 ATA Device +++++ --- User --- [MBR] 1213d39560527f70853bcde0190ba56f [BSP] 3a41ca502cbaf46708a8b8e557b34ece : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 299199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 613478400 | Size: 450 MB 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD3200AAJS-00L7A0 ATA Device +++++ --- User --- [MBR] 7c27fbf455beebaca7691e29b70544f2 [BSP] 81a71d88b42395353a2eab5e7c31e5a6 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99897 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 205236 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: Multi Flash Reader USB Device +++++ Error reading User MBR! ([15] O dispositivo não está pronto. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
  15. Segue o log do RogueKiller ____________________________ RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) por Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Site : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Sistema Operacional : Windows 10 (10.0.14393) 64 bits version Iniciou : Modo normal Usuário : User [Administrador] Started from : C:\Users\User\Desktop\RogueKiller_portable64.exe Modo : Escanear -- Data : 03/15/2018 15:39:29 (Duration : 00:51:01) ¤¤¤ Processos : 0 ¤¤¤ ¤¤¤ Registro : 4 ¤¤¤ [PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Simplitec -> Encontrado [Adw.Searcher] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdfhgdf (system32\DRIVERS\sdfhgdf.sys) -> Encontrado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{952EAFBA-24B6-494C-9247-00B208378B7F}C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe|Name=aria2c.exe|Desc=aria2c.exe|Defer=User| [x] -> Encontrado [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{6F684ED7-73DC-4238-AD82-919AF483B8F8}C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|App=C:\users\user\appdata\local\apps\2.0\wodql3n3.4mz\b4ektkkl.91c\leve..tion_09d3a27e9e5c8da9_0000.0009_bbe50c97751f7cdc\tools\aria2-1.16.3-win-32bit-build1\aria2c.exe|Name=aria2c.exe|Desc=aria2c.exe|Defer=User| [x] -> Encontrado ¤¤¤ Tarefas : 2 ¤¤¤ [PUP.HackTool] \AutoPico Daily Restart -- "C:\Program Files\KMSpico\AutoPico.exe" (/silent) -> Encontrado [Suspicious.Path] \Rerun Warsaw's CoreFixer -- C:\WINDOWS\TEMP\is-GI8H0.tmp\corefixer.exe (/norerun) -> Encontrado ¤¤¤ Arquivos : 27 ¤¤¤ [PUP.Gen1][Pasta] C:\ProgramData\simplitec -> Encontrado [Hidden.ADS][Stream] C:\Windows\System32:A0235F30_Cef.gbp -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.8_42576\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.0_44294\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.1_44332\utorrentie.exe -> Encontrado [PUP.uTorrentAds][Arquivo] C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.3_44358\utorrentie.exe -> Encontrado [PUP.Gen1][Pasta] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec -> Encontrado [PUP.Gen1][Pasta] C:\ProgramData\simplitec -> Encontrado ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Arquivos de hosts : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤ ¤¤¤ Navegadores : 2 ¤¤¤ [PUP.Gen0][Chrome:Addon] Default : Video Downloader professional [elicpjhcidhpjomhibiffojpinpmmpil] -> Encontrado [PUM.HomePage][Firefox:Config] hefto18c.default : user_pref("browser.startup.homepage", "http://www.tibiame.com/"); -> Encontrado ¤¤¤ Verificação da MBR : ¤¤¤ +++++ PhysicalDrive0: ST1000VM002-1CT162 ATA Device +++++ --- User --- [MBR] 1213d39560527f70853bcde0190ba56f [BSP] 3a41ca502cbaf46708a8b8e557b34ece : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 299199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 613478400 | Size: 450 MB 3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WDC WD3200AAJS-00L7A0 ATA Device +++++ --- User --- [MBR] 7c27fbf455beebaca7691e29b70544f2 [BSP] 81a71d88b42395353a2eab5e7c31e5a6 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 99897 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 205236 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: Multi Flash Reader USB Device +++++ Error reading User MBR! ([15] O dispositivo não está pronto. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] Não há suporte para o pedido. )

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×