astronautalouco

Boa tarde DigRam, Estou testando o pc no ma´ximo, usando corel e photoshop de boa. E parou de travar a tela. Obrigado pela dedicação em ajudar, Tks.

boa tarde DigRam, Ok, fiz conforme orientação, vou aguardar hoje e amanhã, pra ver se ocorre o erro que originou o post! Se tudo tiver ok eu dou um salve aqui. Obrigado pela dedicação e presteza até aqui! Vlw

Bom dia DigRam, não deu pra copiar, por isso tirei print da tela segue em anexo.

Fala DigRam, Meu amigo agora está acontecendo algo similar também com o SICOOB banco que tenho conta. Travou tudo, mas acabou voltando sozinho. Será o mesmo malware?

Olá DigRam boa tarde, segue o log: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-11-2021 Executado por H2 Marketing (22-11-2021 11:34:28) Run:2 Executando a partir de C:\Users\H2 Marketing\Desktop Perfis Carregados: H2 Marketing Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: Virustotal: C:\Users\H2 Marketing\AppData\Roaming\Master_x64.dll.vbs 2021-11-18 11:23 - 2021-11-18 11:23 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Roaming\aa.tmp Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO Task: {05BB98F6-5DAA-431C-94E0-E935ED13B3A3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET) Task: {B46C3407-D1EE-4DC3-AF67-084EF87D492D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET) Task: {E60594CE-945E-411F-9556-95CC68BE373D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.) SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = StartPowershell: DISM /Online /Cleanup-image /Restorehealth EndPowershell: CMD: ipconfig /flushdns EmptyTemp: Reboot: ***************** Processos fechados com sucesso. VirusTotal: C:\Users\H2 Marketing\AppData\Roaming\Master_x64.dll.vbs => (3) Erro C:\Users\H2 Marketing\AppData\Roaming\aa.tmp => movido com sucesso C:\ProgramData\NTUSER.pol => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05BB98F6-5DAA-431C-94E0-E935ED13B3A3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05BB98F6-5DAA-431C-94E0-E935ED13B3A3}" => removido (a) com sucesso. C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B46C3407-D1EE-4DC3-AF67-084EF87D492D}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B46C3407-D1EE-4DC3-AF67-084EF87D492D}" => removido (a) com sucesso. C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E60594CE-945E-411F-9556-95CC68BE373D}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E60594CE-945E-411F-9556-95CC68BE373D}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso ========= Powershell: ========= Ferramenta de Gerenciamento e Manutenção de Imagens de Implantação Versão: 10.0.19041.844 Versão da Imagem: 10.0.19043.1348 [== 3.8% ] [== 4.1% ] [== 4.8% ] [=== 5.7% ] [=== 6.3% ] [==== 7.3% ] [==== 8.3% ] [===== 8.8% ] [===== 9.8% ] [====== 10.8% ] [====== 11.6% ] [====== 12.0% ] [======= 13.0% ] [======== 14.0% ] [======== 14.9% ] [========= 15.9% ] [========= 16.9% ] [========== 17.9% ] [========== 18.9% ] [=========== 19.8% ] [============ 20.8% ] [============ 21.7% ] [============= 22.7% ] [============= 23.7% ] [============== 24.2% ] [============== 24.8% ] [============== 25.3% ] [============== 25.7% ] [=============== 25.9% ] [=============== 26.0% ] [=============== 26.9% ] [================ 27.9% ] [================ 28.9% ] [================= 29.9% ] [================= 30.9% ] [================== 31.6% ] [================== 32.6% ] [=================== 33.5% ] [=================== 33.9% ] [=================== 34.0% ] [=================== 34.4% ] [==================== 35.2% ] [==================== 36.0% ] [===================== 37.0% ] [===================== 37.1% ] [===================== 37.5% ] [===================== 37.9% ] [====================== 38.1% ] [====================== 38.3% ] [====================== 38.5% ] [====================== 38.9% ] [====================== 39.3% ] [====================== 39.5% ] [====================== 39.5% ] [======================= 40.1% ] [======================= 40.5% ] [======================= 41.0% ] [======================== 41.7% ] [======================== 42.4% ] [========================= 43.2% ] [========================= 43.8% ] [========================= 44.2% ] [========================= 44.5% ] [========================== 45.1% ] [========================== 45.8% ] [===========================46.8% ] [===========================47.5% ] [===========================48.5% ] [===========================49.4% ] [===========================50.4% ] [===========================51.4% ] [===========================52.4% ] [===========================53.0% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.2% ] [===========================53.2% ] [===========================53.3% ] [===========================53.3% ] [===========================53.4% ] [===========================53.4% ] [===========================53.4% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================53.9% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.1% ] [===========================54.2% ] [===========================54.3% ] [===========================54.3% ] [===========================54.3% ] [===========================54.3% ] [===========================54.4% ] [===========================54.5% ] [===========================54.6% ] [===========================54.6% ] [===========================54.7% ] [===========================54.7% ] [===========================54.9% ] [===========================54.9% ] [===========================54.9% ] [===========================55.9% ] [===========================56.4% ] [===========================57.1%= ] [===========================58.0%= ] [===========================59.0%== ] [===========================60.0%== ] [===========================60.0%== ] [===========================62.3%==== ] [===========================84.9%================= ] [==========================100.0%==========================] Operação de restauração concluída com êxito. A operação foi concluída com êxito. ========= Fim de Powershell: ========= ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 1572864 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10714704 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 527800 B Edge => 0 B Chrome => 325791747 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B H2 Marketing => 19184957 B RecycleBin => 101048 B EmptyTemp: => 341.3 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 11:38:11 ====

Boa tarde segue log: Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14-11-2021 Executado por H2 Marketing (administrador) em DESKTOP-QBNRO2F (MSI MS-7788) (20-11-2021 14:18:09) Executando a partir de C:\Users\H2 Marketing\Desktop Perfis Carregados: H2 Marketing Plataforma: Microsoft Windows 10 Pro Versão 21H1 19043.1348 (X64) Idioma: Português (Brasil) Navegador padrão: Chrome Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Corel Corporation -> Corel Corporation) D:\CorelDRAW Graphics Suite 2021\Programs64\CorelDRW.exe (Corel Corporation -> Corel Corporation) D:\CorelDRAW Graphics Suite 2021\Programs64\InterprocessController.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Users\H2 Marketing\aspecto\fomentar.exe <2> (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-11-12] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.) HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [cobgDuer] => C:\Users\H2 Marketing\aspecto\fomentar.exe [1908280 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation) HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd) HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [otraaDoe] => C:\Users\H2 Marketing\aspecto\fomentar.exe [1908280 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Print\Monitors\EPSON L3150 Series 64MonitorBE: C:\Windows\system32\E_YLMBUNE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation) HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [Arquivo não assinado] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-16] (Google LLC -> Google LLC) Startup: C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Master_x64.dll.lnk [2020-08-03] ShortcutAndArgument: Master_x64.dll.lnk -> C:\Windows\system32\wscript.exe => /E:vbscript "C:\Users\H2 Marketing\AppData\Roaming\Master_x64.dll.vbs" Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {006D79F3-9CCD-4B6D-B7CD-98EF88AB59C1} - System32\Tasks\CCleanerSkipUAC - H2 Marketing => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd) Task: {05BB98F6-5DAA-431C-94E0-E935ED13B3A3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET) Task: {0C27A52C-EE33-43CE-B918-31AC5FFBF0E9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-12] (Mozilla Corporation -> Mozilla Foundation) Task: {2B7F45E0-F624-4DBE-AC13-EBB7D0B64FBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-11] (Google LLC -> Google LLC) Task: {37EB92C2-213D-4962-85F7-AA776CD34D60} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {42ED781F-01F2-4B0C-ADDD-33D57C829FE7} - System32\Tasks\EPSON L3150 Series Update {B3B3846E-9B27-4436-8DCA-CBC2075A9595} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Task: {4320071E-A48F-46FE-A8D0-C25848B0EADF} - System32\Tasks\CorelUpdateHelperTask-ED2581EDE017D17B2CE79567159444B9 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation) Task: {5BF42F07-2D8E-45EB-B5CE-14C54FC59FE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-11] (Google LLC -> Google LLC) Task: {7A24651A-62DC-474E-BBEF-71C5CED62464} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7BB2EDDA-F174-4CE9-949C-5AB220DC054A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform) Task: {867F8500-5CBC-4AC1-AB8C-D558B556F036} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {91F58D84-D714-4ACF-9E8D-39FD6FEB2665} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation) Task: {9D176A5C-3628-4E59-A986-9BF97C0704CC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {9FA34CFB-2289-4942-8B36-06FA15987D19} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {A06F5939-A211-4A2B-A322-231A8DAAA602} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AE176F57-4514-4915-9FA6-CF7EFE423366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B46C3407-D1EE-4DC3-AF67-084EF87D492D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET) Task: {BCCB26B9-2677-4FE6-9968-E42D872ABBF5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation) Task: {C3AD114B-836B-4E4B-BCB0-3795A19E857A} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd) Task: {CAF85089-F81A-475E-B49E-6D43AC31666E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E60594CE-945E-411F-9556-95CC68BE373D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.) Task: {E9E32137-D4D9-4DEC-ADE3-DC95818C9E78} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {F3387EA9-0E23-4FFB-AA3B-6679D0F02D9D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {F93F6563-94A5-46BC-990E-502AE4FE9FD2} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {FBF9882A-EA00-4CC1-B331-B75D2A5E1A87} - System32\Tasks\Opera scheduled assistant Autoupdate 1595286998 => C:\Users\H2 Marketing\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\H2 Marketing\AppData\Local\Programs\Opera\assistant" $(Arg0) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\Windows\Tasks\EPSON L3150 Series Update {B3B3846E-9B27-4436-8DCA-CBC2075A9595}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE:/EXE:{B3B3846E-9B27-4436-8DCA-CBC2075A9595} /F:UpdateWORKGROUP\DESKTOP-QBNRO2F$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{f6422f74-6f41-489e-9892-a263fd1142cd}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)] Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)] Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)] Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)] Edge Profile: C:\Users\H2 Marketing\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-20] FireFox: ======== FF DefaultProfile: fs9ux9j4.default FF ProfilePath: C:\Users\H2 Marketing\AppData\Roaming\Mozilla\Firefox\Profiles\fs9ux9j4.default [2021-11-18] FF ProfilePath: C:\Users\H2 Marketing\AppData\Roaming\Mozilla\Firefox\Profiles\28iy2yxf.default-release [2021-11-20] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-11-12] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-11-12] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default [2021-11-20] CHR Notifications: Default -> hxxps://forum.imasters.com.br CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.google.com.br/" CHR Extension: (Apresentações) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-20] CHR Extension: (Documentos) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-20] CHR Extension: (Google Drive) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23] CHR Extension: (YouTube) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-20] CHR Extension: (Planilhas) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-20] CHR Extension: (Documentos Google off-line) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-20] CHR Extension: (Botão Salvar do Pinterest) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-11-19] CHR Extension: (Escalada Analytics) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\maochdhckepbdcpgmeghadihjkahgahi [2021-11-08] CHR Extension: (Email tracker para Gmail - Mailtrack) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2021-11-18] CHR Extension: (TZWebChartWindow) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmdhbmdklokcmpmcegmbfehjencmbeab [2021-11-08] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01] CHR Extension: (Gmail) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23] CHR HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkfanndldghlkndfhojpfhclgdnglfmf] - hxxps://chrome.google.com/webstore/detail/gkfanndldghlkndfhojpfhclgdnglfmf CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.) S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-11-12] (Adobe Inc. -> Adobe Inc.) S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation) S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd) S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2019-09-19] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-10] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13341480 2021-11-05] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation) S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X] ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-07-21] (Martin Malik - REALiX -> REALiX(tm)) R3 int0800; C:\Windows\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48520 2021-11-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [435424 2021-11-04] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-04] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três meses (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-11-20 14:18 - 2021-11-20 14:18 - 000021620 _____ C:\Users\H2 Marketing\Desktop\FRST.txt 2021-11-20 13:04 - 2021-11-20 13:07 - 000000000 ____D C:\Users\H2 Marketing\Desktop\Imagens Net 2021-11-19 21:38 - 2021-11-19 21:36 - 000002943 _____ C:\Users\Public\Desktop\Corel CAPTURE 2021 (64-Bit).lnk 2021-11-19 21:38 - 2021-11-19 21:36 - 000002942 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT 2021 (64-Bit).lnk 2021-11-19 21:38 - 2021-11-19 21:36 - 000002910 _____ C:\Users\Public\Desktop\CorelDRAW 2021 (64-Bit).lnk 2021-11-19 21:38 - 2021-11-19 21:36 - 000001814 _____ C:\Users\Public\Desktop\Corel Font Manager 2021 (64-Bit).lnk 2021-11-19 21:37 - 2021-11-20 13:11 - 000003350 _____ C:\Windows\system32\Tasks\CorelUpdateHelperTask-ED2581EDE017D17B2CE79567159444B9 2021-11-19 21:37 - 2021-11-19 21:37 - 000000000 ____D C:\Program Files\Common Files\Corel 2021-11-19 21:20 - 2021-11-19 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 2021 (64-Bit) 2021-11-19 20:55 - 2021-11-19 20:55 - 000000031 _____ C:\Users\H2 Marketing\Desktop\Novo Documento de Texto.txt 2021-11-19 19:14 - 2021-11-19 20:14 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\TeamViewer 2021-11-19 19:14 - 2021-11-19 19:14 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk 2021-11-19 19:14 - 2021-11-19 19:14 - 000001100 _____ C:\Users\Public\Desktop\TeamViewer.lnk 2021-11-19 19:03 - 2021-11-19 19:03 - 000000000 ____D C:\Users\H2 Marketing\Desktop\corel 2021-11-19 19:00 - 2021-11-19 19:00 - 000000000 ____D C:\Users\H2 Marketing\Desktop\Nova pasta 2021-11-19 18:51 - 2021-11-19 18:52 - 000000000 ____D C:\Program Files\7-Zip 2021-11-19 18:51 - 2021-11-19 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2021-11-19 18:10 - 2021-11-19 21:37 - 000003350 _____ C:\Windows\system32\Tasks\CorelUpdateHelperTaskCore 2021-11-18 11:58 - 2021-11-18 17:59 - 000000000 ____D C:\AdwCleaner 2021-11-18 11:32 - 2021-11-18 19:40 - 000072342 _____ C:\Users\H2 Marketing\Desktop\FII 16 11 21 (1).xlsx 2021-11-18 11:23 - 2021-11-18 11:23 - 000000000 _____ C:\Users\H2 Marketing\AppData\Roaming\aa.tmp 2021-11-18 11:22 - 2021-11-18 11:22 - 000000008 __RSH C:\ProgramData\ntuser.pol 2021-11-18 11:00 - 2021-11-18 11:00 - 000161822 _____ C:\Users\H2 Marketing\Desktop\cc_20211118_110029.reg 2021-11-18 10:48 - 2021-11-18 11:22 - 000000280 _____ C:\Windows\Tasks\CCleanerClean.job 2021-11-18 10:48 - 2021-11-18 10:59 - 000002976 _____ C:\Windows\system32\Tasks\CCleanerClean 2021-11-18 10:44 - 2021-11-20 13:57 - 000000000 ____D C:\Program Files\CCleaner 2021-11-18 10:44 - 2021-11-20 12:57 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update 2021-11-18 10:44 - 2021-11-18 10:44 - 000002932 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - H2 Marketing 2021-11-18 10:44 - 2021-11-18 10:44 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2021-11-18 10:44 - 2021-11-18 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2021-11-17 21:37 - 2021-11-19 18:28 - 001045507 _____ C:\Users\H2 Marketing\Desktop\Cópia_de_segurança_de_Cópia_de_segurança_de_arte vigilia.cdr 2021-11-17 19:41 - 2021-11-19 21:58 - 001550700 _____ C:\Users\H2 Marketing\Desktop\Cópia_de_segurança_de_arte vigilia.cdr 2021-11-17 19:33 - 2021-11-17 19:41 - 008822353 _____ C:\Users\H2 Marketing\Desktop\arte vigilia.cdr 2021-11-17 19:32 - 2021-11-20 12:54 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\CrashDumps 2021-11-17 18:34 - 2021-11-17 18:34 - 000410323 _____ C:\Users\H2 Marketing\Desktop\CI232984_19082021024154245_adesivo-el-doces.pdf 2021-11-17 18:19 - 2021-11-17 18:19 - 000003886 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn 2021-11-17 18:19 - 2021-11-17 18:19 - 000003444 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime 2021-11-17 15:49 - 2021-11-20 14:18 - 000000000 ____D C:\FRST 2021-11-17 15:48 - 2021-11-17 15:48 - 002311680 _____ (Farbar) C:\Users\H2 Marketing\Desktop\FRST64.exe 2021-11-17 15:05 - 2021-11-17 15:23 - 000001324 _____ C:\Users\H2 Marketing\Desktop\ESET Online Scanner.lnk 2021-11-17 15:04 - 2021-11-17 15:23 - 000001430 _____ C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-11-17 15:04 - 2021-11-17 15:04 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\ESET 2021-11-16 14:26 - 2021-11-20 14:19 - 000000000 ____D C:\Users\H2 Marketing\.gallery 2021-11-16 14:26 - 2021-11-16 14:26 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\cache 2021-11-16 14:24 - 2021-11-16 14:24 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Blackmagic Design 2021-11-16 14:16 - 2021-11-16 14:16 - 000002006 _____ C:\Users\H2 Marketing\Desktop\DaVinci Resolve.lnk 2021-11-16 14:15 - 2021-11-16 14:16 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design 2021-11-16 14:15 - 2021-11-16 14:15 - 000000000 ____D C:\ProgramData\Blackmagic Design 2021-11-16 14:15 - 2021-11-16 14:15 - 000000000 ____D C:\Program Files\Blackmagic Design 2021-11-16 14:14 - 2021-11-16 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design 2021-11-16 14:14 - 2021-11-16 14:14 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design 2021-11-12 10:11 - 2021-11-17 21:38 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-11-11 20:15 - 2021-11-11 20:15 - 000485363 _____ C:\Users\H2 Marketing\Desktop\cuia com hastes.cdr 2021-11-10 13:02 - 2021-11-10 13:02 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe 2021-11-10 13:02 - 2021-11-10 13:02 - 000060928 _____ C:\Windows\system32\runexehelper.exe 2021-11-10 13:02 - 2021-11-10 13:02 - 000011363 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-11-10 13:01 - 2021-11-10 13:01 - 000272384 _____ C:\Windows\system32\TpmTool.exe 2021-11-10 12:54 - 2021-11-10 12:54 - 000000000 ___HD C:\$WinREAgent 2021-11-09 14:25 - 2021-11-13 11:15 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-11-09 10:12 - 2021-11-09 10:12 - 000001207 _____ C:\Users\Public\Desktop\LibreOffice 7.2.lnk 2021-11-09 10:12 - 2021-11-09 10:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.2 2021-11-09 10:11 - 2021-11-09 10:12 - 000000000 ____D C:\Program Files\LibreOffice 2021-11-09 09:46 - 2021-11-09 09:47 - 000000000 ____D C:\Users\H2 Marketing\imersão 2021-11-09 09:42 - 2021-10-29 18:52 - 000124885 _____ C:\Users\H2 Marketing\Desktop\Custos Vasos sem borda fibra sintética.xlsx 2021-11-08 18:35 - 2021-11-08 18:36 - 000000000 ____D C:\Users\H2 Marketing\preconceito 2021-11-08 18:30 - 2021-11-08 18:31 - 000000000 ____D C:\Users\H2 Marketing\axioma 2021-11-08 18:26 - 2021-11-08 18:27 - 000000000 ____D C:\Users\H2 Marketing\ativista 2021-11-08 18:26 - 2021-11-08 18:26 - 000000000 ____D C:\Users\H2 Marketing\desgraçado 2021-11-08 18:25 - 2021-11-20 12:53 - 000000000 ____D C:\Users\H2 Marketing\aspecto 2021-11-05 17:50 - 2021-11-05 17:50 - 000007597 _____ C:\Users\H2 Marketing\AppData\Local\Resmon.ResmonCfg 2021-11-05 16:05 - 2021-11-05 16:05 - 000004044 _____ C:\Users\H2 Marketing\Desktop\Desktop21 - Atalho.lnk 2021-11-05 13:49 - 2021-11-05 14:02 - 000000000 ____D C:\Users\H2 Marketing\Desktop\NF Mercado Livre 2021-11-05 10:44 - 2021-11-05 10:44 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk 2021-11-05 10:44 - 2021-11-05 10:44 - 000000000 ____D C:\Program Files\PCHealthCheck 2021-10-15 11:30 - 2021-10-15 11:30 - 000611960 _____ C:\Windows\SysWOW64\TextShaping.dll 2021-10-15 11:30 - 2021-10-15 11:30 - 000203264 _____ C:\Windows\system32\uwfcfgmgmt.dll 2021-10-15 11:30 - 2021-10-15 11:30 - 000158208 _____ C:\Windows\system32\uwfcsp.dll 2021-10-15 11:30 - 2021-10-15 11:30 - 000040960 _____ C:\Windows\system32\uwfservicingapi.dll 2021-10-15 11:29 - 2021-10-15 11:29 - 000706536 _____ C:\Windows\system32\TextShaping.dll 2021-10-15 11:29 - 2021-10-15 11:29 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll 2021-10-15 11:29 - 2021-10-15 11:29 - 000098304 _____ C:\Windows\system32\Drivers\cimfs.sys 2021-09-29 11:41 - 2021-09-29 11:41 - 000001321 _____ C:\Users\Public\Desktop\ApowerEdit.lnk 2021-09-29 11:41 - 2021-09-29 11:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft 2021-09-29 11:41 - 2021-09-29 11:41 - 000000000 ____D C:\ProgramData\Apowersoft 2021-09-29 11:40 - 2021-09-29 11:40 - 000000000 ____D C:\Program Files (x86)\Apowersoft 2021-09-21 13:55 - 2021-09-21 13:55 - 000001997 _____ C:\Users\H2 Marketing\Desktop\Zoom.lnk 2021-09-15 13:10 - 2021-09-15 13:10 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll 2021-09-15 13:10 - 2021-09-15 13:10 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll 2021-09-15 13:10 - 2021-09-15 13:10 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll 2021-09-15 13:10 - 2021-09-15 13:10 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll 2021-09-15 13:10 - 2021-09-15 13:10 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE 2021-09-15 13:10 - 2021-09-15 13:10 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll 2021-09-15 13:10 - 2021-09-15 13:10 - 000170496 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll 2021-09-15 13:10 - 2021-09-15 13:10 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe 2021-09-14 15:27 - 2021-09-17 14:12 - 000000000 ____D C:\Users\H2 Marketing\Desktop\BV 2021-09-10 19:26 - 2021-09-10 19:26 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2021-09-10 19:25 - 2021-09-10 19:26 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Zoom ==================== Três meses (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-11-20 14:19 - 2020-07-20 12:31 - 000000000 ____D C:\Users\H2 Marketing 2021-11-20 14:16 - 2020-10-20 15:19 - 000000000 ____D C:\Users\H2 Marketing\AppData\LocalLow\Mozilla 2021-11-20 13:36 - 2020-07-20 13:15 - 000000000 ____D C:\Program Files (x86)\Google 2021-11-20 13:08 - 2020-07-21 09:04 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\TeamViewer 2021-11-20 13:08 - 2020-07-21 09:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-11-20 13:01 - 2020-07-23 11:56 - 000004196 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{26A4C902-0DE7-4D0D-B2CC-A96F779B51B3} 2021-11-19 21:59 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-11-19 21:40 - 2020-07-21 09:51 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Corel 2021-11-19 21:37 - 2021-03-04 10:37 - 000000000 ____D C:\Program Files (x86)\Corel 2021-11-19 21:36 - 2020-07-21 09:22 - 000000000 ____D C:\ProgramData\Corel 2021-11-19 21:32 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-11-19 21:32 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness 2021-11-19 21:19 - 2020-07-21 09:29 - 000000000 ____D C:\Program Files\Corel 2021-11-19 20:44 - 2020-07-20 12:27 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-11-19 18:38 - 2019-01-05 19:52 - 000000000 ___RD C:\Users\H2 Marketing\Desktop\Trabalhos (corel) 2021-11-19 18:10 - 2021-03-04 13:59 - 000000000 ____D C:\ProgramData\CorelDRAW Graphics Suite 2020 2021-11-18 17:59 - 2020-07-22 10:53 - 000000000 ____D C:\Program Files\EPSON 2021-11-18 17:59 - 2020-07-22 10:52 - 000000000 ____D C:\ProgramData\EPSON 2021-11-18 14:01 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF 2021-11-18 13:56 - 2020-07-20 13:19 - 000000000 __SHD C:\Users\H2 Marketing\IntelGraphicsProfiles 2021-11-18 11:29 - 2020-07-20 12:35 - 000003392 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-321270744-2600619408-4275616409-1001 2021-11-18 11:29 - 2020-07-20 12:31 - 000002451 _____ C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-11-18 11:27 - 2020-07-20 12:33 - 001741824 _____ C:\Windows\system32\PerfStringBackup.INI 2021-11-18 11:27 - 2019-12-07 11:53 - 000752436 _____ C:\Windows\system32\prfh0416.dat 2021-11-18 11:27 - 2019-12-07 11:53 - 000148550 _____ C:\Windows\system32\prfc0416.dat 2021-11-18 11:22 - 2020-07-20 12:27 - 000008192 ___SH C:\DumpStack.log.tmp 2021-11-18 11:22 - 2020-07-20 12:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-11-18 11:22 - 2019-12-07 06:03 - 000524288 _____ C:\Windows\system32\config\BBI 2021-11-18 11:21 - 2020-07-31 16:13 - 000000000 ____D C:\Users\H2 Marketing\AppData\LocalLow\Temp 2021-11-18 11:16 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2021-11-18 10:49 - 2020-07-31 12:04 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\uTorrent 2021-11-18 10:49 - 2020-07-20 12:26 - 000000000 ____D C:\Windows\Panther 2021-11-18 10:48 - 2020-07-21 09:19 - 000000000 ____D C:\Temp 2021-11-18 10:06 - 2020-07-20 12:32 - 000000000 ____D C:\ProgramData\Packages 2021-11-17 21:38 - 2020-10-20 15:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-11-17 15:56 - 2021-02-05 09:06 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\AD File Deleter 7 2021-11-17 15:56 - 2021-02-05 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AD File Deleter 7 2021-11-17 15:50 - 2020-07-21 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 7 2021-11-17 09:23 - 2020-11-06 18:41 - 000003618 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-11-17 09:23 - 2020-11-06 18:41 - 000003494 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-11-16 14:23 - 2020-07-21 07:49 - 000000000 ____D C:\ProgramData\Package Cache 2021-11-16 10:00 - 2020-07-20 13:16 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-11-14 10:32 - 2021-01-04 13:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-11-14 07:16 - 2020-11-06 18:41 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-11-13 11:15 - 2020-10-20 15:19 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-11-12 10:07 - 2020-10-20 15:19 - 000000000 ____D C:\ProgramData\Mozilla 2021-11-10 19:57 - 2020-07-20 12:27 - 005272640 _____ C:\Windows\system32\FNTCACHE.DAT 2021-11-10 19:56 - 2019-12-07 11:56 - 000000000 ___SD C:\Windows\system32\AppV 2021-11-10 19:56 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellExperiences 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr 2021-11-10 19:56 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\servicing 2021-11-10 13:05 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp 2021-11-10 12:54 - 2020-07-20 13:17 - 000000000 ____D C:\Windows\system32\MRT 2021-11-10 12:52 - 2020-07-20 13:17 - 141529560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-11-09 16:18 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\NDF 2021-11-08 13:25 - 2020-07-20 20:04 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\ElevatedDiagnostics 2021-11-04 18:02 - 2020-07-20 12:27 - 000000000 ____D C:\Windows\system32\Drivers\wd 2021-11-01 10:16 - 2020-07-20 12:32 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\Packages ==================== Arquivos na raiz de alguns diretórios ======== 2021-02-05 09:18 - 2021-02-10 08:30 - 000000004 _____ () C:\ProgramData\lock.dat 2021-02-05 09:19 - 2021-02-10 08:29 - 000000004 _____ () C:\ProgramData\rc.dat 2021-02-05 09:18 - 2021-02-05 09:18 - 000000008 _____ () C:\ProgramData\ts.dat 2020-09-24 16:37 - 2020-09-24 16:37 - 014616720 _____ (Epson America, Inc. ) C:\Users\Public\L3150_Lite_LA.exe 2021-11-18 11:23 - 2021-11-18 11:23 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Roaming\aa.tmp 2020-08-03 08:47 - 2020-08-03 08:47 - 000000182 _____ () C:\Users\H2 Marketing\AppData\Roaming\Master_x64.dll.vbs 2020-07-23 11:20 - 2020-11-30 16:32 - 000000132 _____ () C:\Users\H2 Marketing\AppData\Roaming\Preferências do Formato PNG CC da Adobe 2021-06-30 18:47 - 2021-08-29 18:53 - 000001456 _____ () C:\Users\H2 Marketing\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2021-03-04 08:21 - 2021-03-04 08:21 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Local\oobelibMkey.log 2021-11-05 17:50 - 2021-11-05 17:50 - 000007597 _____ () C:\Users\H2 Marketing\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 14-11-2021 Executado por H2 Marketing (20-11-2021 14:20:14) Executando a partir de C:\Users\H2 Marketing\Desktop Microsoft Windows 10 Pro Versão 21H1 19043.1348 (X64) (2020-07-20 15:30:51) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-321270744-2600619408-4275616409-500 - Administrator - Disabled) Convidado (S-1-5-21-321270744-2600619408-4275616409-501 - Limited - Enabled) DefaultAccount (S-1-5-21-321270744-2600619408-4275616409-503 - Limited - Disabled) H2 Marketing (S-1-5-21-321270744-2600619408-4275616409-1001 - Administrator - Enabled) => C:\Users\H2 Marketing WDAGUtilityAccount (S-1-5-21-321270744-2600619408-4275616409-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) 7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov) AD File Deleter version 7.07 (HKLM-x32\...\AD File Deleter_7_is1) (Version: 7.07 - DYROBP) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated) Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0) (Version: 17.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.) Adobe Dreamweaver 2020 (HKLM-x32\...\DRWV_20_2) (Version: 20.2 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: - Adobe) Adobe Lightroom Classic (HKLM-x32\...\LTRM_9_0) (Version: 9.0 - Adobe Inc.) Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_4) (Version: 14.0.4 - Adobe Systems Incorporated) Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated) AIDA64 Extreme v5.95 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.95 - FinalWire Ltd.) ApowerEdit V1.7.6.12 (HKLM-x32\...\{3089CCCD-BC5F-4309-A3C1-45B5ACA7A5E7}_is1) (Version: 1.7.6.12 - Apowersoft LIMITED) Apowersoft Online Launcher version 1.8.1 (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.1 - APOWERSOFT LIMITED) Assistente Pimaco (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\fd1d3bb00ed77146) (Version: 3.0.0.39 - Bic Amazonia SA) Blackmagic RAW Common Components (HKLM\...\{94C42023-ECF5-46E6-ACB4-2AED536B205D}) (Version: 2.2 - Blackmagic Design) CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform) Corel Graphics - Windows Shell Extension (HKLM\...\_{33DB43C3-E6BE-40AE-AECF-56E9F03E3B4D}) (Version: 23.0.0.362 - Corel Corporation) Corel Graphics - Windows Shell Extension (HKLM\...\{33DB43C3-E6BE-40AE-AECF-56E9F03E3B4D}) (Version: 23.0.362 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{C697E994-12BE-4CF3-B9BF-B3FD1659E717}) (Version: 23.0.362 - Corel Corporation) Hidden Corel Update Manager (HKLM\...\{F30F96B6-EADE-44FF-B202-C8697BC088F8}) (Version: 2.13.594 - Corel corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM (x64) (HKLM\...\{0E0F6EBF-E2BA-4B1A-ADEC-CAF4612B2AC7}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content BR (x64) (HKLM\...\{AE21B6DA-78D3-4772-81EF-9A0163BDB0C6}) (Version: 22.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content DE (x64) (HKLM\...\{9A7ABF9B-1CF1-452F-B6A9-1FD425AD12D9}) (Version: 22.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content EN (x64) (HKLM\...\{C796DB48-473A-4F12-998D-0D690570D633}) (Version: 22.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content ES (x64) (HKLM\...\{38B83748-7D9B-48DB-94EE-004D49E84BD3}) (Version: 22.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content FR (x64) (HKLM\...\{E2E7B6E9-3A6F-4421-8D1F-24ED7647B00A}) (Version: 22.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content IT (x64) (HKLM\...\{EEC60482-484C-4B29-BB56-0C04F086B372}) (Version: 22.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - IPM Content NL (x64) (HKLM\...\{0A404310-BE95-47B5-BE1C-5C664490EE17}) (Version: 22.0 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 - Writing Tools (x64) (HKLM\...\{F404C086-454C-4485-B5F1-F3C11B8DF452}) (Version: 22.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2020 (64-Bit) (HKLM\...\_{7FA269F4-59E4-4399-A239-E9A134D40BED}) (Version: 22.1.0.517 - Corel Corporation) CorelDRAW Graphics Suite 2021 - IPM (x64) (HKLM\...\{EF56927C-ED92-41B1-8B88-FA225384E2A4}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content BR (x64) (HKLM\...\{3D6825D1-5843-4585-B915-A9F234554C2C}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content CS (x64) (HKLM\...\{CCBA3120-A726-4C64-8986-AF5B6C519FE7}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content CT (x64) (HKLM\...\{EC73C33E-4349-45E7-A08C-8566DF799EC5}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content CZ (x64) (HKLM\...\{289B6A1B-EA8B-4FBE-9CF4-A0FE4E91DD37}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content DE (x64) (HKLM\...\{4F09DBC6-B00A-4E83-886D-94EFAD76A36C}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content EN (x64) (HKLM\...\{DDD18F44-5B1B-44FB-A604-1A4EBDB65FC9}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content ES (x64) (HKLM\...\{176AC6B0-1B9D-4257-94DD-02B006CBC779}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content FR (x64) (HKLM\...\{D6DDBE6D-E2D0-48C1-9DAC-5DB93DA8DA83}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content IT (x64) (HKLM\...\{ED790B20-D67B-465C-B3B9-768547F5E389}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content JP (x64) (HKLM\...\{243F3C09-43FC-447C-98AF-E640955397BB}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content NL (x64) (HKLM\...\{AA0464E0-EBA2-4879-A116-D7FFBC41267E}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content PL (x64) (HKLM\...\{7E5076C4-E945-49BA-AFC6-01577CD06ABA}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content RU (x64) (HKLM\...\{74BEF304-6B74-4196-A4C4-63C6D4BECCB0}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content SV (x64) (HKLM\...\{A397DC31-3A23-4157-8881-A5E4957ABB19}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - IPM Content TR (x64) (HKLM\...\{3B5FBE0B-541B-47FB-89EC-20ECA3E8D97A}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 - Writing Tools (x64) (HKLM\...\{31CD96CF-4A33-4535-A6CC-F419CEAEFD70}) (Version: 23.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite 2021 (64-Bit) (HKLM\...\_{B9EA48EE-695F-4E90-B89D-F7CE4767B49F}) (Version: 23.1.0.389 - Corel Corporation) CPUID CPU-Z 1.91 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.91 - CPUID, Inc.) DaVinci Resolve (HKLM\...\{6E40D3ED-077B-45C4-90FF-222CC65C199C}) (Version: 17.4.10004 - Blackmagic Design) DaVinci Resolve Control Panels (HKLM\...\{7667C543-084F-47F7-BC60-175FC25E9D6F}) (Version: 2.0.1.0 - Blackmagic Design) digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B33A1677}) (Version: 2.1.2.0 - Duka Istvan) digiCamControl (HKLM-x32\...\{2dd048a1-b9fb-4e4f-a8f3-1eceafce538c}) (Version: 2.1.2.0 - ) Hidden Driver Booster 7 (HKLM-x32\...\Driver Booster_is1) (Version: 7.0.1 - IObit) Easy Photo Scan (HKLM-x32\...\{99364024-626C-4BE1-89C8-2F207023497B}) (Version: 1.00.0018 - Seiko Epson Corporation) EPS Viewer (HKLM-x32\...\{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1) (Version: - IdeaMK) Epson Easy Photo Print 2 (HKLM-x32\...\{71038C40-8258-44D2-BBF4-B6312338172C}) (Version: 2.8.3.0 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation) EPSON L3150 Series Printer Uninstall (HKLM\...\EPSON L3150 Series) (Version: - Seiko Epson Corporation) Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{D2D9559D-359A-4C61-B93A-FE01AE2BFB75}) (Version: 4.5.4 - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC) Instalação (HKLM-x32\...\{66134A9C-2221-4BBB-AD13-44EB81A809F1}) (Version: 1.0.0 - Configurando Windows) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5161 - Intel Corporation) LibreOffice 7.2.2.2 (HKLM\...\{51F1B587-D4A5-41C0-A4E8-A64BBD343F23}) (Version: 7.2.2.2 - The Document Foundation) Maxon Cinema 4D R21 (HKLM\...\Maxon Cinema 4D R21) (Version: R21 - Maxon) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation) Microsoft Office Professional Plus 2019 - pt-br (HKLM\...\ProPlus2019Retail - pt-br) (Version: 16.0.14527.20276 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 94.0.1 (x64 pt-BR)) (Version: 94.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla) Nelogica ProfitPro (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Profit) (Version: 5.0.0.229 - Nelogica) Nelogica Rico Trader (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\RicoTrader) (Version: 5.0.0.174 - Nelogica) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Suporte para Aplicativos Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.23.9 - TeamViewer) Verificação de integridade do PC Windows (HKLM\...\{BDA76587-4949-46D7-8427-AE49451F93D4}) (Version: 3.2.2110.14001 - Microsoft Corporation) Windows Installer (HKLM-x32\...\{13499434-9821-4E2D-B7DF-7C0867EB1504}) (Version: 5.0.3 - AdvancedWindowsManager) WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\ZoomUMX) (Version: 5.7.8 (1247) - Zoom Video Communications, Inc.) Packages: ========= Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-21] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-17] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-08] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-12] (Spotify AB) [Startup Task] TouchVPN -> C:\Program Files\WindowsApps\6F71D7A7.TouchVPN_1.1.14.0_x64__nsbqstbb9qxb6 [2020-12-17] (Pango Inc.) ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6} CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{272D2E65-05FB-4500-BD7B-5905D5B0A1B8}\localserver32 -> C:\Users\H2 Marketing\AppData\Roaming\Nelogica\Profit\profitchart.exe (Nelogica Sistemas de Software Ltda. -> Nelogica) CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation) CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{91B96A80-A1E8-DB69-3D91-B838B0AF5BDE}\InprocServer32 -> não caminho do arquivo CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{def0be8c-1027-41d3-bcc6-c6235d93ab09}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Arquivo não assinado] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Arquivo não assinado] ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2021-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Arquivo não assinado] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= 2021-10-28 15:15 - 2021-10-28 15:15 - 001010176 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\BMDDavUI.dll 2021-02-18 23:06 - 2021-02-18 23:06 - 000023040 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cdt.dll 2021-02-18 23:06 - 2021-02-18 23:06 - 000073216 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cgraph.dll 2021-02-12 12:13 - 2021-02-12 12:13 - 000049152 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\codexhdedecoder.dll 2021-10-29 00:57 - 2021-10-29 00:57 - 013026304 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\DolbyAtmosBridge.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 047568896 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fraunhoferdcp.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 007281664 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\FusionPage.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 000826368 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\glew32.dll 2021-10-22 12:58 - 2021-10-22 12:58 - 000395264 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\gpudetect.dll 2021-02-18 23:06 - 2021-02-18 23:06 - 000507392 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\gvc.dll 2021-04-28 23:06 - 2021-04-28 23:06 - 001426944 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\kdu_a81R.dll 2021-10-06 19:01 - 2021-10-06 19:01 - 000292864 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\LIBPQ.dll 2021-02-12 12:13 - 2021-02-12 12:13 - 000897024 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libraw.dll 2021-09-14 15:57 - 2021-09-14 15:57 - 002191872 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\log4cxx.dll 2021-02-18 23:06 - 2021-02-18 23:06 - 000267473 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\ltdl.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 000607744 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\lua5.1.dll 2021-10-02 11:56 - 2021-10-02 11:56 - 001061888 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\MXF.dll 2021-09-14 16:01 - 2021-09-14 16:01 - 002425344 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_calib3d341.dll 2021-09-14 16:01 - 2021-09-14 16:01 - 003255808 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_core341.dll 2021-09-14 16:01 - 2021-09-14 16:01 - 004644864 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_dnn341.dll 2021-09-14 16:01 - 2021-09-14 16:01 - 000928768 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_features2d341.dll 2021-09-14 16:01 - 2021-09-14 16:01 - 000629760 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_flann341.dll 2021-09-14 16:01 - 2021-09-14 16:01 - 003281920 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_imgproc341.dll 2021-09-14 16:01 - 2021-09-14 16:01 - 000443392 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_video341.dll 2021-02-18 23:06 - 2021-02-18 23:06 - 000041472 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Pathplan.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 000128000 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\portaudio.dll 2021-10-02 11:56 - 2021-10-02 11:56 - 000050176 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\QtSingleApplication.dll 2021-10-02 11:55 - 2021-10-02 11:55 - 000194048 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\quazip.dll 2021-10-29 00:57 - 2021-10-29 00:57 - 000186368 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\soxr.dll 2021-10-06 16:01 - 2021-10-06 16:01 - 000086528 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\zlib.dll 2021-02-18 23:06 - 2021-02-18 23:06 - 000100352 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\zlibwapi.dll 2021-11-08 11:55 - 2021-11-08 11:55 - 350039835 _____ () [Arquivo não assinado] C:\Users\H2 Marketing\aspecto\nvImage.dll 2021-02-12 12:13 - 2021-02-12 12:13 - 030066688 _____ (ARRI) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\ARRIRAW_SDK.dll 2021-09-14 16:02 - 2021-09-14 16:02 - 005637120 _____ (Avid Technology, Inc.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\DNxHR.dll 2021-09-14 16:02 - 2021-09-14 16:02 - 001167872 _____ (Avid Technology, Inc.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\DNxUncompressedSDK.dll 2021-10-29 00:57 - 2021-10-29 00:57 - 006949376 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\BMDAudioPlugins.dll 2021-10-29 00:57 - 2021-10-29 00:57 - 026614272 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\FairlightPage.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 003226624 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusioncontrols.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 008660992 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusionoperators.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 003526144 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusionscript.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 033285120 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusionsystem.dll 2021-10-28 21:54 - 2021-10-28 21:54 - 002413056 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\3d.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 002969600 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\alembic.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 001333760 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\dimension.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 007612416 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\fbx.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 000216064 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\fuses.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 000790528 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\opencolorio.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 000354816 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\openfx.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 000192000 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\openvr.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 000401408 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\paint.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 000801280 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\particles.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 002177536 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\text.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 000519168 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\utilities.plugin 2021-10-28 21:54 - 2021-10-28 21:54 - 003672576 _____ (Blackmagic Design.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusiongraphics.dll 2021-06-01 17:45 - 2021-11-20 12:56 - 000068752 _____ (Corel Corporation -> Corel Corporation) [Arquivo não assinado] D:\CorelDRAW Graphics Suite 2021\Programs64\CrlSCI.dll 2021-09-26 23:17 - 2021-09-26 23:17 - 012641280 _____ (FFmpeg Project) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\avcodec-58.dll 2021-09-26 23:17 - 2021-09-26 23:17 - 002253824 _____ (FFmpeg Project) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\avformat-58.dll 2021-09-26 23:17 - 2021-09-26 23:17 - 000644608 _____ (FFmpeg Project) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\avutil-56.dll 2020-07-17 09:02 - 2020-07-17 09:02 - 000144896 _____ (Grass Valley K.K.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libgvcodec.dll 2021-10-02 11:56 - 2021-10-02 11:56 - 000165376 _____ (Intel) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libvpl.dll 2021-04-28 23:06 - 2021-04-28 23:06 - 001726464 _____ (Kakadu Software Pty Ltd, Australia) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\kdu_v81R.dll 2021-09-26 23:17 - 2021-09-26 23:17 - 000058539 _____ (MingW-W64 Project. All rights reserved.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libwinpthread-1.dll 2021-09-14 15:57 - 2021-09-14 15:57 - 089057280 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cublas64_11.dll 2021-09-14 15:57 - 2021-09-14 15:57 - 167523328 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cublasLt64_11.dll 2021-09-14 15:57 - 2021-09-14 15:57 - 000401408 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cudart64_110.dll 2021-09-14 16:00 - 2021-09-14 16:00 - 000222720 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cudnn64_8.dll 2021-09-14 15:57 - 2021-09-14 15:57 - 016161792 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\nvrtc64_110_0.dll 2021-10-02 11:56 - 2021-10-02 11:56 - 000100864 _____ (Open Source Software community LGPL) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\pthreadVC2.dll 2021-02-12 12:13 - 2021-02-12 12:13 - 001328640 _____ (Panasonic Corporation) [Arquivo não assinado] C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Libraries\avcu_enc.dll 2021-10-14 17:01 - 2021-10-14 17:01 - 003417600 _____ (RED Digital Cinema) [Arquivo não assinado] C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Libraries\REDOpenCL-x64.dll 2021-10-14 17:01 - 2021-10-14 17:01 - 003363328 _____ (RED Digital Cinema) [Arquivo não assinado] C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Libraries\REDR3D-x64.dll 2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [Arquivo não assinado] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll 2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [Arquivo não assinado] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll 2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [Arquivo não assinado] C:\Windows\System32\enppmon.dll 2020-07-17 09:02 - 2020-07-17 09:02 - 001191424 _____ (Sony B&P Research Labs) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\mp4decoder_dll.dll 2020-07-17 09:02 - 2020-07-17 09:02 - 002409984 _____ (Sony B&P Research Labs) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\mp4encoder_dll.dll 2021-02-12 12:13 - 2021-02-12 12:13 - 002495488 _____ (Sony Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\SMDK-VC140-x64-4_20_0.dll 2020-09-16 20:01 - 2020-09-16 20:01 - 000316928 _____ (Sony Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\SonyXAVCEncoder.dll 2021-09-14 16:01 - 2021-09-14 16:01 - 000430592 _____ (The curl library, hxxps://curl.haxx.se/) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libcurl.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 000032256 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qgif.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 000031744 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qico.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 000414208 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qjpeg.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 000025600 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qsvg.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 000384000 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qtiff.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 001432576 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\platforms\qwindows.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 000026624 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Concurrent.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 006092800 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Core.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 006834688 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Gui.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 000741888 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Multimedia.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 001342976 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Network.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 000315904 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5OpenGL.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 000309760 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5PrintSupport.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 003506176 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Qml.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 000435712 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5QmlModels.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 004142080 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Quick.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 000072192 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5QuickWidgets.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 000203264 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Sql.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 000326656 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Svg.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 000128000 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5WebChannel.dll 2021-10-28 21:52 - 2021-10-28 21:52 - 102873088 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5WebEngineCore.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 000244736 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5WebEngineWidgets.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 005529600 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Widgets.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 000207872 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Xml.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 002655232 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5XmlPatterns.dll 2021-10-28 21:53 - 2021-10-28 21:53 - 001406976 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\sqldrivers\qsqlite.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-12-07 06:14 - 2021-11-18 11:21 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\ HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "kissq" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\StartupApproved\Run: => "CCXProcess" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{5F058B99-7701-4702-A8AF-F1E880EE4806}] => (Block) C:\windows\system32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{11F8A25C-C5D6-4B17-B78D-E85ECED2B2F1}] => (Block) C:\windows\system32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{7BB46E3C-6A23-44E4-90AA-EF26E80F1F64}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{49334AF6-92E8-464D-B5E2-A578B0F41F79}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{AB897490-4BBF-441A-95AC-7CBBAE154F06}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [{945F39AB-6B58-4C55-B823-300B78319A5E}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [TCP Query User{C4DEBAE6-7842-4A76-A433-794E7EC4152E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [UDP Query User{5F8FB89C-318C-4FF4-AC97-4A2A47CB31DE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) FirewallRules: [TCP Query User{9F985ADD-0B8D-4677-81AA-79F714D64295}C:\program files\adobe\adobe dreamweaver 2020\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2020\node\node.exe (Adobe Inc. -> Node.js) FirewallRules: [UDP Query User{8732A7ED-0269-4A4A-B3CE-CD96B393AF42}C:\program files\adobe\adobe dreamweaver 2020\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2020\node\node.exe (Adobe Inc. -> Node.js) FirewallRules: [{BBADF04F-6A4C-45A9-82F2-7558D0D5980A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{EFCCA196-03A9-4509-AAB9-7E3B9A5654DE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{061D548A-4932-47C6-9210-EDBD8A1A025C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{8FF9D385-6FCA-4F3A-8D25-3DA1310F8A0D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CCD6ED5E-1541-43BC-959A-D2B617A6AF6F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1F12F659-C09A-4030-9337-5F90B39DB5EB}] => (Allow) LPort=1688 FirewallRules: [{BD344112-B61C-46B2-B0A9-DBC30611908D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{5903F66D-9837-4203-9B85-ABED80EC214D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{D7802E74-09A6-4E3D-B157-96D6C2271F5E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{A4831D53-21C8-431D-96F9-6BA0B36648F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{ECE7ACC5-9997-4898-8D9E-57D6FB9482FD}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{CB2DCCF3-04EE-4902-824D-00946CFC892B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Editor Pro\Video Editor Pro.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{24EA7353-81C6-4A1B-93E8-F142CF0F62F1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Editor Pro\Video Editor Pro.exe (Apowersoft Ltd -> Apowersoft) FirewallRules: [{CD02637D-6329-492D-B57B-46B6D7EB9F72}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{86CE2665-8B67-491F-BCFF-BF95A18CB966}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8939D4FA-CB4F-490C-884E-C8BF8EF03F2C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3F235D51-983C-42D8-AE72-B0FFCFA97DA6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7997028C-3FA8-4752-BF23-130A386253B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D8F4BD63-BA22-46B3-8009-72BB4DB3F7AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3A5EA41C-0712-429C-B1E4-A74D73CF733E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{39A1AC8F-3231-487D-908A-CD6C59092DDE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{167F520C-DDBA-4648-BEC5-D5F1073581B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C86C33A4-6B6E-4F6B-9D3B-80E52E71CFFB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{42A53E57-7BD5-4AB7-95AE-4A9472A73109}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A253A0A3-9F43-49E0-86B9-4B2CDCACE20F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4EBB5C39-7683-4AEE-8904-863AC4F8BC88}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{34E24916-2820-4CEB-997F-6ECD09ACDBA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{50B6D051-AD60-4C50-B251-7FDA06CCD494}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{FC173FEC-28F7-4D07-95CE-6E4BC697BDDD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{1BBBE60B-CD1B-440F-89E0-CEE2283C76D9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{8814D17D-5726-47E9-8556-0A94A77395A6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{56475DF1-4D57-4A50-959F-251D47ECE2F7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{625E0944-DA8E-4C34-B470-6E1614DE181E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> ) FirewallRules: [{60D5574D-DB33-4DE5-985E-A322DE629899}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) FirewallRules: [{A24AA179-3508-49EE-9A75-346CC61E9AEC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{6A0A8BCE-2E74-4B19-9EFC-D772334118DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{DD29C24F-E724-42E6-93FF-6880FDC4C800}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{30B233C2-56BB-495B-A0CE-9F4900B0C902}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{C71D6A1B-883A-4E80-AE61-B516A14D6092}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{08CA138F-E4F7-4C56-8CAA-28A623B02AD5}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{F79F2250-AF5F-4C89-9C9F-D8F6DF451D5F}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{82EA92CC-CFE3-4619-8095-9B2CC0AE9E36}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{3A02DD68-8604-439E-823B-C177487CC177}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Pontos de Restauração ========================= ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (11/20/2021 12:56:27 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: ) Description: Event-ID 12007 Error: (11/20/2021 12:56:27 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: ) Description: Event-ID 0 Error: (11/19/2021 09:22:44 PM) (Source: MsiInstaller) (EventID: 11605) (User: DESKTOP-QBNRO2F) Description: Product: CorelDRAW Graphics Suite 2021 - Docs (x64) -- Disk full: Out of disk space -- Volume: c:; required space: 4.380 KB; available space: 0 KB. If rollback is disabled, enough space is available. Click Cancel to quit, Retry to check available disk space again, or Ignore to continue without rollback. Error: (11/19/2021 09:22:31 PM) (Source: MsiInstaller) (EventID: 11601) (User: DESKTOP-QBNRO2F) Description: Product: CorelDRAW Graphics Suite 2021 - Docs (x64) -- Disk full: Out of disk space -- Volume: 'c:'; required space: 637.292 KB; available space: 0 KB. Free some disk space and retry. Error: (11/19/2021 09:17:36 PM) (Source: MsiInstaller) (EventID: 11601) (User: DESKTOP-QBNRO2F) Description: Product: CorelDRAW Graphics Suite 2021 - Docs (x64) -- Disk full: Out of disk space -- Volume: 'c:'; required space: 637.292 KB; available space: 209.476 KB. Free some disk space and retry. Error: (11/19/2021 09:17:35 PM) (Source: MsiInstaller) (EventID: 11601) (User: DESKTOP-QBNRO2F) Description: Product: CorelDRAW Graphics Suite 2021 - Docs (x64) -- Disk full: Out of disk space -- Volume: 'c:'; required space: 637.292 KB; available space: 214.168 KB. Free some disk space and retry. Error: (11/19/2021 08:21:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: CorelDRW.exe, versão: 22.1.0.517, carimbo de data/hora: 0x5ed88e0e Nome do módulo com falha: USER32.dll, versão: 10.0.19041.1202, carimbo de data/hora: 0x032ff40c Código de exceção: 0xc0000005 Deslocamento da falha: 0x00000000000039e4 ID do processo com falha: 0x23a4 Hora de início do aplicativo com falha: 0x01d7dd9c202160de Caminho do aplicativo com falha: C:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDRW.exe Caminho do módulo com falha: C:\Windows\System32\USER32.dll ID do Relatório: da946ccc-3f67-41c5-a529-a2ca2656eab0 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (11/19/2021 08:21:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Aplicativo: CorelDRW.exe Versão do Framework: v4.0.30319 Descrição: O processo foi terminado devido a uma exceção sem tratamento. Informações da Exceção: código da exceção c0000005, endereço da exceção 00007FFE8EAC39E4 Erros de Sistema: ============= Error: (11/20/2021 12:53:57 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QBNRO2F) Description: Não é possível iniciar o servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. O erro: "2147942767" Aconteceu ao iniciar este comando: C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} Error: (11/19/2021 10:02:50 PM) (Source: volsnap) (EventID: 25) (User: ) Description: As cópias de sombra do volume C: foram excluídas porque o armazenamento de cópia de sombra não pôde ser expandido. Reduza a carga de E/S do sistema ou escolha um volume de armazenamento de cópia de sombra do qual não esteja sendo feita uma cópia de sombra. Error: (11/19/2021 10:47:15 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QBNRO2F) Description: Não é possível iniciar o servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. O erro: "2147942767" Aconteceu ao iniciar este comando: C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Adobe Acrobat Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Presentation Foundation Font Cache 3.0.0.0 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Serviço Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Adobe Genuine Monitor Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço EpsonCustomerResearchParticipation foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Windows Defender: ================ Date: 2021-11-19 20:50:29 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0 Nome: PUA:Win32/Presenoker Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: file:_D:\CorelDRAW.Graphics.Suite2021.23.1.0.389\xfcdgs2021\xfcdgs2021.exe; file:_D:\CorelDRAW.Graphics.Suite2021.23.1.0.389\xfcdgs2021\xfvsu21.exe; file:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar; webfile:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar|https://mega.nz/|pid:3080,ProcessStart:132818383015494191 Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Downloads e anexos Usuário: DESKTOP-QBNRO2F\H2 Marketing Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.353.1258.0, AS: 1.353.1258.0, NIS: 1.353.1258.0 Versão do Mecanismo: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-19 20:50:29 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0 Nome: PUA:Win32/Presenoker Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: file:_D:\CorelDRAW.Graphics.Suite2021.23.1.0.389\xfcdgs2021\xfvsu21.exe; file:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar; webfile:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar|https://mega.nz/|pid:3080,ProcessStart:132818383015494191 Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Downloads e anexos Usuário: DESKTOP-QBNRO2F\H2 Marketing Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.353.1258.0, AS: 1.353.1258.0, NIS: 1.353.1258.0 Versão do Mecanismo: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-19 20:50:04 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0 Nome: PUA:Win32/Presenoker Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: file:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar; webfile:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar|https://mega.nz/|pid:3080,ProcessStart:132818383015494191 Origem da Detecção: Internet Tipo da Detecção: FastPath Fonte da Detecção: Downloads e anexos Usuário: DESKTOP-QBNRO2F\H2 Marketing Nome do Processo: C:\Program Files\WinRAR\WinRAR.exe Versão da Inteligência de Segurança: AV: 1.353.1258.0, AS: 1.353.1258.0, NIS: 1.353.1258.0 Versão do Mecanismo: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-19 20:32:09 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0 Nome: PUA:Win32/Presenoker Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: file:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar; webfile:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar|https://mega.nz/|pid:3080,ProcessStart:132818383015494191 Origem da Detecção: Internet Tipo da Detecção: FastPath Fonte da Detecção: Downloads e anexos Usuário: DESKTOP-QBNRO2F\H2 Marketing Nome do Processo: Unknown Versão da Inteligência de Segurança: AV: 1.353.1258.0, AS: 1.353.1258.0, NIS: 1.353.1258.0 Versão do Mecanismo: AM: 1.1.18700.4, NIS: 1.1.18700.4 Date: 2021-11-19 19:23:48 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {F7833426-98BA-49A5-83B1-267AC09CEFE4} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA  ==================== Informações da Memória =========================== BIOS: American Megatrends Inc. V18.3 03/14/2013 placa-mãe: MSI H61M-E22/W8 (MS-7788) Processador: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz Percentagem de memória em uso: 74% RAM física total: 8077.4 MB RAM física disponível: 2060.45 MB Virtual Total: 9357.4 MB Virtual disponível: 1901.74 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.14 GB) (Free:12.53 GB) NTFS Drive d: (Backup) (Fixed) (Total:931.51 GB) (Free:433.84 GB) NTFS Drive e: (CGS2021_PGRM) (CDROM) (Total:1.5 GB) (Free:0 GB) CDFS \\?\Volume{721dd1d2-5d13-4307-9ddd-9728d358a588}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS \\?\Volume{b129e0fd-d3b4-42da-8aa3-6144f94303c5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 20A36536) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt =======================

Foi mesmo, kkkk. Segue novamente: # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-11-18.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 11-18-2021 # Duration: 00:00:10 # OS: Windows 10 Pro # Cleaned: 37 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files (x86)\AdvancedWindowsManager Deleted C:\Program Files (x86)\Microleaves Deleted C:\ProgramData\AdvancedWindowsManager Deleted C:\ProgramData\CloudPrinter Deleted C:\ProgramData\Logic Cramble Deleted C:\ProgramData\Microleaves Deleted C:\ProgramData\Quoteexs Deleted C:\Users\H2 Marketing\AppData\Roaming\DRPSu Deleted C:\Users\H2 Marketing\AppData\Roaming\Microleaves Deleted C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} ***** [ Files ] ***** Deleted C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted C:\Windows\SysWOW64\findit.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER ***** [ Registry ] ***** Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su Deleted HKCU\Software\drpsu Deleted HKCU\Software\mtQuoteex Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31AA03FB-1DBA-4D71-81F6-F0DF112767C0} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler Deleted HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A Deleted HKLM\Software\Wow6432Node\Microleaves Deleted HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} Deleted HKLM\Software\Wow6432Node\drpsu Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting Deleted HKU\.DEFAULT\Environment|SNP Deleted HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} Deleted HKU\S-1-5-18\Environment|SNP Deleted HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted WebSearch Deleted WebSearch ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.EpsonCustomerResearchParticipation Folder C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Deleted Preinstalled.EpsonCustomerResearchParticipation Folder C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Deleted Preinstalled.EpsonCustomerResearchParticipation Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA} ************************* [+] Delete IFEO [+] Delete Prefetch [+] Delete Tracing Keys [+] Reset Chromium Policies [+] Reset IE Policies [+] Reset Proxy Settings ************************* AdwCleaner[S00].txt - [4683 octets] - [18/11/2021 12:03:37] AdwCleaner[S01].txt - [4744 octets] - [18/11/2021 12:07:50] AdwCleaner[S02].txt - [4805 octets] - [18/11/2021 17:57:22] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Segue: # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-10-26.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 11-18-2021 # Duration: 00:00:10 # OS: Windows 10 Pro # Scanned: 32010 # Detected: 37 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Adware.Linkury C:\ProgramData\Logic Cramble Adware.Linkury C:\ProgramData\Quoteexs Adware.OnlineIO C:\Program Files (x86)\Microleaves Adware.OnlineIO C:\ProgramData\Microleaves Adware.OnlineIO C:\Users\H2 Marketing\AppData\Roaming\Microleaves PUP.Optional.AdvancedWindowsManager C:\Program Files (x86)\AdvancedWindowsManager PUP.Optional.AdvancedWindowsManager C:\ProgramData\AdvancedWindowsManager PUP.Optional.DriverPack C:\Users\H2 Marketing\AppData\Roaming\DRPSu PUP.Optional.Legacy C:\ProgramData\CloudPrinter PUP.Optional.OnlineIO C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} ***** [ Files ] ***** PUP.Optional.OnlineIO C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} PUP.Optional.YesSearches C:\Windows\SysWOW64\findit.xml ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER ***** [ Registry ] ***** Adware.Linkury HKCU\Software\mtQuoteex Adware.OnlineIO HKLM\Software\Wow6432Node\Microleaves PUP.Optional.DriverPack HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su PUP.Optional.DriverPack HKCU\Software\drpsu PUP.Optional.DriverPack HKLM\Software\Wow6432Node\drpsu PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31AA03FB-1DBA-4D71-81F6-F0DF112767C0} PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting PUP.Optional.Linkury HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe PUP.Optional.Linkury HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe PUP.Optional.Linkury.ACMB1 HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe PUP.Optional.Linkury.ACMB1 HKU\.DEFAULT\Environment|SNP PUP.Optional.Linkury.ACMB1 HKU\S-1-5-18\Environment|SNP PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} PUP.Optional.Microleaves HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} PUP.Optional.Microleaves HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** Adware.StartPage WebSearch PUP.Optional.Legacy WebSearch ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.EpsonCustomerResearchParticipation Folder C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Preinstalled.EpsonCustomerResearchParticipation Folder C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Preinstalled.EpsonCustomerResearchParticipation Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA} ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## Acabei esquecendo de modificar as config., portanto fiz outro scan, segue o ultimo tb: # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-10-26.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 11-18-2021 # Duration: 00:00:08 # OS: Windows 10 Pro # Scanned: 32006 # Detected: 37 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Adware.Linkury C:\ProgramData\Logic Cramble Adware.Linkury C:\ProgramData\Quoteexs Adware.OnlineIO C:\Program Files (x86)\Microleaves Adware.OnlineIO C:\ProgramData\Microleaves Adware.OnlineIO C:\Users\H2 Marketing\AppData\Roaming\Microleaves PUP.Optional.AdvancedWindowsManager C:\Program Files (x86)\AdvancedWindowsManager PUP.Optional.AdvancedWindowsManager C:\ProgramData\AdvancedWindowsManager PUP.Optional.DriverPack C:\Users\H2 Marketing\AppData\Roaming\DRPSu PUP.Optional.Legacy C:\ProgramData\CloudPrinter PUP.Optional.OnlineIO C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} ***** [ Files ] ***** PUP.Optional.OnlineIO C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} PUP.Optional.YesSearches C:\Windows\SysWOW64\findit.xml ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER ***** [ Registry ] ***** Adware.Linkury HKCU\Software\mtQuoteex Adware.Linkury HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe Adware.Linkury HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe Adware.OnlineIO HKLM\Software\Wow6432Node\Microleaves PUP.Optional.DriverPack HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su PUP.Optional.DriverPack HKCU\Software\drpsu PUP.Optional.DriverPack HKLM\Software\Wow6432Node\drpsu PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31AA03FB-1DBA-4D71-81F6-F0DF112767C0} PUP.Optional.Legacy HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler PUP.Optional.Legacy HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting PUP.Optional.Linkury.ACMB1 HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe PUP.Optional.Linkury.ACMB1 HKU\.DEFAULT\Environment|SNP PUP.Optional.Linkury.ACMB1 HKU\S-1-5-18\Environment|SNP PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A PUP.Optional.Microleaves HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} PUP.Optional.Microleaves HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} PUP.Optional.Microleaves HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** Adware.StartPage WebSearch PUP.Optional.Legacy WebSearch ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.EpsonCustomerResearchParticipation Folder C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Preinstalled.EpsonCustomerResearchParticipation Folder C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION Preinstalled.EpsonCustomerResearchParticipation Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA} AdwCleaner[S00].txt - [4683 octets] - [18/11/2021 12:03:37] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Olá segue: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-11-2021 Executado por H2 Marketing (18-11-2021 11:15:13) Run:1 Executando a partir de C:\Users\H2 Marketing\Desktop Perfis Carregados: H2 Marketing Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATENÇÃO CMD: msiexec.exe /uninstall {5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} C:\Users\H2MARK~1\AppData\Local\Temp\ehdrv.sys ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo ShortcutWithArgument: C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP% HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJFHpdLjKKSt2BWnrTr04eBCtmoWBZcxTAbs_IV5aoKyZMKgr69-MfQ1Nl8sYvJv0Irps2v4IhXRhqs0edT8b8HzV8vZHlp&q={searchTerms} HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJJK2c1SIlY1d9rGi9ZUcmEngFBYZqLjLPWcj739lQT6uGfrmrxYtsS1pEIsqwYPpHNLPQTOnSQLY3lYjWkkkgBoBtaHAC6 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJFHpdLjKKSt2BWnrTr04eBCtmoWBZcxTAbs_IV5aoKyZMKgr69-MfQ1Nl8sYvJv0Irps2v4IhXRhqs0edT8b8HzV8vZHlp&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC SearchScopes: HKU\S-1-5-21-321270744-2600619408-4275616409-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-321270744-2600619408-4275616409-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 SearchScopes: HKU\S-1-5-21-321270744-2600619408-4275616409-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJFHpdLjKKSt2BWnrTr04eBCtmoWBZcxTAbs_IV5aoKyZMKgr69-MfQ1Nl8sYvJv0Irps2v4IhXRhqs0edT8b8HzV8vZHlp&q={searchTerms} HKLM-x32\...\Run: [kissq] => C:\Users\H2MARK~1\AppData\Local\Temp\kissq.exe**************** (Nenhum Arquivo) <==== ATENÇÃO HKLM\...\Policies\Explorer: [ConfirmFileDelete] 0 HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO GroupPolicy: Restrição - Chrome <==== ATENÇÃO Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <==== ATENÇÃO 2021-11-08 18:26 - 2021-11-08 18:26 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Roaming\aa.tmp Task: {336024EC-38BB-47DF-BB07-2CD0F202F311} - System32\Tasks\Opera scheduled Autoupdate 1595286915 => C:\Users\H2 Marketing\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo) Task: {3BC9395C-C574-4077-B288-D9F299990DF6} - System32\Tasks\updater2 => C:\Program Files (x86)\WinXT\blog\updater.exe (Nenhum Arquivo) <==== ATENÇÃO Task: {429E1E89-62FF-4045-B247-FEE409931032} - System32\Tasks\updater => C:\Program Files (x86)\WinXT\blog\updater.exe (Nenhum Arquivo) Task: {82AB7B86-0EB0-471B-B5EE-DB71C5452D1C} - System32\Tasks\Extension_game => C:\Users\H2 Marketing\AppData\Roaming\Extension_game\python\pythonw.exe "load.pyc" ml2 (Nenhum Arquivo) <==== ATENÇÃO Task: {832F8E8F-E677-44D4-A6E2-729161D1C8D1} - System32\Tasks\Opera scheduled Autoupdate 1599739623 => C:\Users\H2 Marketing\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo) Task: {83DBF5FA-A56C-4902-9582-36A16782D1CE} - System32\Tasks\Extension_game2 => C:\Users\H2 Marketing\AppData\Roaming\Extension_game\python\pythonw.exe "load.pyc" app (Nenhum Arquivo) <==== ATENÇÃO Task: C:\Windows\Tasks\updater.job => C:\Program Files (x86)\WinXT\blog\updater.exe Task: C:\Windows\Tasks\updater2.job => C:\Program Files (x86)\WinXT\blog\updater.exe <==== ATENÇÃO S2 TranslateService; C:\ProgramData\TranslateService\TranslateService.exe [X] <==== ATENÇÃO S2 updater; "C:\Program Files (x86)\WinXT\blog\nssm.exe" [X] S2 WinLoading; "C:\Program Files (x86)\WinXT\blog\nssm.exe" [X] FirewallRules: [{CA10A44E-181D-46B5-A449-B4E659463850}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Programs\Opera\68.0.3618.173\opera.exe => Nenhum Arquivo FirewallRules: [{01CD807D-BF9D-4CFA-8E56-F2AFE97F2D84}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\DRPSu\Alice\cloud.exe => Nenhum Arquivo FirewallRules: [{82046A1B-318E-486D-9B46-15C5EB5F5C49}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Temp\L3150\Network\EpsonNetSetup\ENEasyApp.exe => Nenhum Arquivo FirewallRules: [{F553CEEE-276F-4417-A012-27E0DD81121D}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Temp\L3150\Network\EpsonNetSetup\ENEasyApp.exe => Nenhum Arquivo FirewallRules: [{28D2C4D6-56AA-4B09-BACF-52F3415AA037}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Temp\DriverPack-2020091090450\tools\aria2c.exe => Nenhum Arquivo FirewallRules: [{F22267C0-B6AD-4200-B666-42C45708175F}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Programs\Opera\64.0.3417.73\opera.exe => Nenhum Arquivo FirewallRules: [{17FA03A7-36D4-443E-8ED9-FBEC7E1EABC5}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\DRPSu\Alice\cloud.exe => Nenhum Arquivo FirewallRules: [{960690B0-0703-416A-ACA4-9459DA8ACE65}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Programs\Opera\70.0.3728.178\opera.exe => Nenhum Arquivo FirewallRules: [{95247CED-BFC4-4021-8E3D-34CDB2A33271}] => (Allow) C:\Level Up\Combat Arms\NMService.exe => Nenhum Arquivo FirewallRules: [{1703CAE8-0B54-4F91-BDB8-524B92763D64}] => (Allow) C:\Level Up\Combat Arms\NMService.exe => Nenhum Arquivo FirewallRules: [{D629A089-791B-442D-B406-42F4998A2F11}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo FirewallRules: [{9893265C-E358-4C7F-A079-C5CC637CC620}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo FirewallRules: [{280605DB-88FB-458A-8C29-6A338D797D6C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo FirewallRules: [{B5B42997-CFA3-4BB1-9D07-C24D216B3499}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo FirewallRules: [{00DC442B-F496-4DE8-B584-01DFE4712B78}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo FirewallRules: [{AE7DBD7D-4C6E-4913-BE22-81BB103B0ECD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo FirewallRules: [{39FB1811-38C5-4AE6-9498-01F70139055E}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo FirewallRules: [{63FF5B4D-CB1E-4CAE-B676-6752F13C6127}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo FirewallRules: [{2F2431FD-6461-4774-AFEB-EFAF563BCF5A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Nenhum Arquivo CMD: sfc /scannow CreateRestorePoint: EmptyTemp: Hosts: Reboot: ***************** Processos fechados com sucesso. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\\SystemComponent" => removido (a) com sucesso. ========= msiexec.exe /uninstall {5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} ========= ========= Fim de CMD: ========= "C:\Users\H2MARK~1\AppData\Local\Temp\ehdrv.sys" => não encontrado (a) HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removido (a) com sucesso. C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Atalho argumento removido (a) com sucesso. HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => valor restaurado com sucesso HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => valor restaurado com sucesso HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removido (a) com sucesso. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => removido (a) com sucesso. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removido (a) com sucesso. "HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removido (a) com sucesso. HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removido (a) com sucesso. HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => removido (a) com sucesso. "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\kissq" => não encontrado (a) "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ConfirmFileDelete" => removido (a) com sucesso. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => Não pode ser removido, a chave pode estar protegida C:\Windows\system32\GroupPolicy\Machine => movido com sucesso C:\Windows\system32\GroupPolicy\GPT.ini => movido com sucesso C:\ProgramData\NTUSER.pol => movido com sucesso HKLM\SOFTWARE\Policies\Google => removido (a) com sucesso. HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removido (a) com sucesso. C:\Users\H2 Marketing\AppData\Roaming\aa.tmp => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{336024EC-38BB-47DF-BB07-2CD0F202F311}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{336024EC-38BB-47DF-BB07-2CD0F202F311}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1595286915 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1595286915" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BC9395C-C574-4077-B288-D9F299990DF6}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BC9395C-C574-4077-B288-D9F299990DF6}" => removido (a) com sucesso. C:\Windows\System32\Tasks\updater2 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updater2" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{429E1E89-62FF-4045-B247-FEE409931032}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{429E1E89-62FF-4045-B247-FEE409931032}" => removido (a) com sucesso. C:\Windows\System32\Tasks\updater => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updater" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{82AB7B86-0EB0-471B-B5EE-DB71C5452D1C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82AB7B86-0EB0-471B-B5EE-DB71C5452D1C}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Extension_game => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Extension_game" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{832F8E8F-E677-44D4-A6E2-729161D1C8D1}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{832F8E8F-E677-44D4-A6E2-729161D1C8D1}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1599739623 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1599739623" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83DBF5FA-A56C-4902-9582-36A16782D1CE}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83DBF5FA-A56C-4902-9582-36A16782D1CE}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Extension_game2 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Extension_game2" => removido (a) com sucesso. C:\Windows\Tasks\updater.job => movido com sucesso C:\Windows\Tasks\updater2.job => movido com sucesso TranslateService => o serviço não encontrado (a). updater => o serviço não encontrado (a). WinLoading => o serviço não encontrado (a). "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA10A44E-181D-46B5-A449-B4E659463850}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01CD807D-BF9D-4CFA-8E56-F2AFE97F2D84}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82046A1B-318E-486D-9B46-15C5EB5F5C49}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F553CEEE-276F-4417-A012-27E0DD81121D}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28D2C4D6-56AA-4B09-BACF-52F3415AA037}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F22267C0-B6AD-4200-B666-42C45708175F}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17FA03A7-36D4-443E-8ED9-FBEC7E1EABC5}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{960690B0-0703-416A-ACA4-9459DA8ACE65}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95247CED-BFC4-4021-8E3D-34CDB2A33271}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1703CAE8-0B54-4F91-BDB8-524B92763D64}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D629A089-791B-442D-B406-42F4998A2F11}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9893265C-E358-4C7F-A079-C5CC637CC620}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{280605DB-88FB-458A-8C29-6A338D797D6C}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5B42997-CFA3-4BB1-9D07-C24D216B3499}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00DC442B-F496-4DE8-B584-01DFE4712B78}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE7DBD7D-4C6E-4913-BE22-81BB103B0ECD}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39FB1811-38C5-4AE6-9498-01F70139055E}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63FF5B4D-CB1E-4CAE-B676-6752F13C6127}" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F2431FD-6461-4774-AFEB-EFAF563BCF5A}" => não encontrado (a) ========= sfc /scannow ========= Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído. Iniciando fase de verificação de verificação do sistema. Verificação 0% concluída. Verificação 1% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 99% concluída. Verificação 100% concluída. A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito. Para reparos online, os detalhes são incluídos no arquivo de log CBS localizado em windir\Logs\CBS\CBS.log. Por exemplo, C:\Windows\Logs\CBS\CBS.log. Para reparos offline, os detalhes são incluídos no arquivo de log fornecido pelo sinalizador /OFFLOGFILE. ========= Fim de CMD: ========= Ponto de Restauração criado com sucesso. C:\Windows\System32\Drivers\etc\hosts => movido com sucesso Hosts restaurado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11755502 B Java, Flash, Steam htmlcache => 343 B Windows/system/drivers => 13907579 B Edge => 45082 B Chrome => 29443138 B Firefox => 13318696 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B H2 Marketing => 70302766 B RecycleBin => 0 B EmptyTemp: => 132.3 MB de dados temporários Removidos. ================================ Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 18-11-2021 11:22:57) Resultado dos registros marcados para excluir será exibido após a reinicialização: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removido (a) com sucesso. ==== Fim de Fixlog 11:22:57 ====

Olá moderadores, Hoje operando normalmente como sempre faço na internet, devo ter clicado em algo nocivo ou algum site malicioso. Não me recordo de ter feito nada arriscado, mexendo apenas nos sites mais conhecidos de todos. cliquei apenas em alguns videos no Twitter. Segue os logs: https://www.cjoint.com/c/KKrtaReahC2 e https://www.cjoint.com/c/KKrtbAdxK52 . Bom agradeço desde já pela ajuda! É noix...