Ir para conteúdo
astronautalouco

[Resolvido] Computador trava e Aparece um arquivo do mercado pago baixando e envia mensagem no celular para senha

Recommended Posts

Olá moderadores,

 

Hoje operando normalmente como sempre faço na internet, devo ter clicado em algo nocivo ou algum site malicioso. Não me recordo de ter feito nada arriscado, mexendo apenas nos sites mais conhecidos de todos. cliquei apenas em alguns videos no Twitter. Segue os logs: https://www.cjoint.com/c/KKrtaReahC2 e https://www.cjoint.com/c/KKrtbAdxK52 .

Bom agradeço desde já pela ajuda! É noix...

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Bom Dia! astronautalouco /!\

 

> Copie estas informações que estão no Spoiler,para o Bloco de Notas. (Mostrar conteúdo oculto)

 

7n1UbBWO_t.jpg

 

> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as ao desktop! ( Área de trabalho ... )
> Mova a ferramenta FRST.exe para o desktop, remova-a da pasta ( D:\Downloads ).
> Ou,caso queira,copie a fixlist para o diretório "D:\Downloads" e mantendo a FRST.exe, em "D:\Downloads".

 

start::
CloseProcesses:
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATENÇÃO
CMD: msiexec.exe /uninstall {5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
C:\Users\H2MARK~1\AppData\Local\Temp\ehdrv.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo
ShortcutWithArgument: C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJFHpdLjKKSt2BWnrTr04eBCtmoWBZcxTAbs_IV5aoKyZMKgr69-MfQ1Nl8sYvJv0Irps2v4IhXRhqs0edT8b8HzV8vZHlp&q={searchTerms}
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJJK2c1SIlY1d9rGi9ZUcmEngFBYZqLjLPWcj739lQT6uGfrmrxYtsS1pEIsqwYPpHNLPQTOnSQLY3lYjWkkkgBoBtaHAC6
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJFHpdLjKKSt2BWnrTr04eBCtmoWBZcxTAbs_IV5aoKyZMKgr69-MfQ1Nl8sYvJv0Irps2v4IhXRhqs0edT8b8HzV8vZHlp&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-321270744-2600619408-4275616409-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-321270744-2600619408-4275616409-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-321270744-2600619408-4275616409-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJFHpdLjKKSt2BWnrTr04eBCtmoWBZcxTAbs_IV5aoKyZMKgr69-MfQ1Nl8sYvJv0Irps2v4IhXRhqs0edT8b8HzV8vZHlp&q={searchTerms}
HKLM-x32\...\Run: [kissq] => C:\Users\H2MARK~1\AppData\Local\Temp\kissq.exe**************** (Nenhum Arquivo) <==== ATENÇÃO
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <==== ATENÇÃO
2021-11-08 18:26 - 2021-11-08 18:26 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Roaming\aa.tmp
Task: {336024EC-38BB-47DF-BB07-2CD0F202F311} - System32\Tasks\Opera scheduled Autoupdate 1595286915 => C:\Users\H2 Marketing\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo)
Task: {3BC9395C-C574-4077-B288-D9F299990DF6} - System32\Tasks\updater2 => C:\Program Files (x86)\WinXT\blog\updater.exe (Nenhum Arquivo) <==== ATENÇÃO
Task: {429E1E89-62FF-4045-B247-FEE409931032} - System32\Tasks\updater => C:\Program Files (x86)\WinXT\blog\updater.exe (Nenhum Arquivo)
Task: {82AB7B86-0EB0-471B-B5EE-DB71C5452D1C} - System32\Tasks\Extension_game => C:\Users\H2 Marketing\AppData\Roaming\Extension_game\python\pythonw.exe "load.pyc" ml2 (Nenhum Arquivo) <==== ATENÇÃO
Task: {832F8E8F-E677-44D4-A6E2-729161D1C8D1} - System32\Tasks\Opera scheduled Autoupdate 1599739623 => C:\Users\H2 Marketing\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo)
Task: {83DBF5FA-A56C-4902-9582-36A16782D1CE} - System32\Tasks\Extension_game2 => C:\Users\H2 Marketing\AppData\Roaming\Extension_game\python\pythonw.exe "load.pyc" app (Nenhum Arquivo) <==== ATENÇÃO
Task: C:\Windows\Tasks\updater.job => C:\Program Files (x86)\WinXT\blog\updater.exe
Task: C:\Windows\Tasks\updater2.job => C:\Program Files (x86)\WinXT\blog\updater.exe <==== ATENÇÃO
S2 TranslateService; C:\ProgramData\TranslateService\TranslateService.exe [X] <==== ATENÇÃO
S2 updater; "C:\Program Files (x86)\WinXT\blog\nssm.exe" [X]
S2 WinLoading; "C:\Program Files (x86)\WinXT\blog\nssm.exe" [X]
FirewallRules: [{CA10A44E-181D-46B5-A449-B4E659463850}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Programs\Opera\68.0.3618.173\opera.exe => Nenhum Arquivo
FirewallRules: [{01CD807D-BF9D-4CFA-8E56-F2AFE97F2D84}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\DRPSu\Alice\cloud.exe => Nenhum Arquivo
FirewallRules: [{82046A1B-318E-486D-9B46-15C5EB5F5C49}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Temp\L3150\Network\EpsonNetSetup\ENEasyApp.exe => Nenhum Arquivo
FirewallRules: [{F553CEEE-276F-4417-A012-27E0DD81121D}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Temp\L3150\Network\EpsonNetSetup\ENEasyApp.exe => Nenhum Arquivo
FirewallRules: [{28D2C4D6-56AA-4B09-BACF-52F3415AA037}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Temp\DriverPack-2020091090450\tools\aria2c.exe => Nenhum Arquivo
FirewallRules: [{F22267C0-B6AD-4200-B666-42C45708175F}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Programs\Opera\64.0.3417.73\opera.exe => Nenhum Arquivo
FirewallRules: [{17FA03A7-36D4-443E-8ED9-FBEC7E1EABC5}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\DRPSu\Alice\cloud.exe => Nenhum Arquivo
FirewallRules: [{960690B0-0703-416A-ACA4-9459DA8ACE65}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Programs\Opera\70.0.3728.178\opera.exe => Nenhum Arquivo
FirewallRules: [{95247CED-BFC4-4021-8E3D-34CDB2A33271}] => (Allow) C:\Level Up\Combat Arms\NMService.exe => Nenhum Arquivo
FirewallRules: [{1703CAE8-0B54-4F91-BDB8-524B92763D64}] => (Allow) C:\Level Up\Combat Arms\NMService.exe => Nenhum Arquivo
FirewallRules: [{D629A089-791B-442D-B406-42F4998A2F11}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{9893265C-E358-4C7F-A079-C5CC637CC620}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{280605DB-88FB-458A-8C29-6A338D797D6C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{B5B42997-CFA3-4BB1-9D07-C24D216B3499}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{00DC442B-F496-4DE8-B584-01DFE4712B78}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{AE7DBD7D-4C6E-4913-BE22-81BB103B0ECD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{39FB1811-38C5-4AE6-9498-01F70139055E}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{63FF5B4D-CB1E-4CAE-B676-6752F13C6127}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{2F2431FD-6461-4774-AFEB-EFAF563BCF5A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Nenhum Arquivo
CMD: sfc /scannow
CreateRestorePoint:
EmptyTemp:
Hosts:
Reboot:
end::

 

IsRtnte.jpg

 

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde! 
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool". (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

 

< Este script foi elaborado exclusivamente para este computador. Portanto, peço aos visitantes que não o utilize em outras "máquinas". >

 

[]s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá segue:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-11-2021
Executado por H2 Marketing (18-11-2021 11:15:13) Run:1
Executando a partir de C:\Users\H2 Marketing\Desktop
Perfis Carregados: H2 Marketing
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CloseProcesses:
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.7.0 - Microleaves) Hidden <==== ATENÇÃO
CMD: msiexec.exe /uninstall {5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
C:\Users\H2MARK~1\AppData\Local\Temp\ehdrv.sys
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo
ShortcutWithArgument: C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> %SNP%
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJFHpdLjKKSt2BWnrTr04eBCtmoWBZcxTAbs_IV5aoKyZMKgr69-MfQ1Nl8sYvJv0Irps2v4IhXRhqs0edT8b8HzV8vZHlp&q={searchTerms}
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJJK2c1SIlY1d9rGi9ZUcmEngFBYZqLjLPWcj739lQT6uGfrmrxYtsS1pEIsqwYPpHNLPQTOnSQLY3lYjWkkkgBoBtaHAC6
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJFHpdLjKKSt2BWnrTr04eBCtmoWBZcxTAbs_IV5aoKyZMKgr69-MfQ1Nl8sYvJv0Irps2v4IhXRhqs0edT8b8HzV8vZHlp&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-321270744-2600619408-4275616409-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-321270744-2600619408-4275616409-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-321270744-2600619408-4275616409-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuEBSEdMFBI3ratl9Brg6YveHEIRs31WwckJSpooJXJiYxChlKnQwmzQmF0DQVTnLoJFHpdLjKKSt2BWnrTr04eBCtmoWBZcxTAbs_IV5aoKyZMKgr69-MfQ1Nl8sYvJv0Irps2v4IhXRhqs0edT8b8HzV8vZHlp&q={searchTerms}
HKLM-x32\...\Run: [kissq] => C:\Users\H2MARK~1\AppData\Local\Temp\kissq.exe**************** (Nenhum Arquivo) <==== ATENÇÃO
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrição <==== ATENÇÃO
2021-11-08 18:26 - 2021-11-08 18:26 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Roaming\aa.tmp
Task: {336024EC-38BB-47DF-BB07-2CD0F202F311} - System32\Tasks\Opera scheduled Autoupdate 1595286915 => C:\Users\H2 Marketing\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo)
Task: {3BC9395C-C574-4077-B288-D9F299990DF6} - System32\Tasks\updater2 => C:\Program Files (x86)\WinXT\blog\updater.exe (Nenhum Arquivo) <==== ATENÇÃO
Task: {429E1E89-62FF-4045-B247-FEE409931032} - System32\Tasks\updater => C:\Program Files (x86)\WinXT\blog\updater.exe (Nenhum Arquivo)
Task: {82AB7B86-0EB0-471B-B5EE-DB71C5452D1C} - System32\Tasks\Extension_game => C:\Users\H2 Marketing\AppData\Roaming\Extension_game\python\pythonw.exe "load.pyc" ml2 (Nenhum Arquivo) <==== ATENÇÃO
Task: {832F8E8F-E677-44D4-A6E2-729161D1C8D1} - System32\Tasks\Opera scheduled Autoupdate 1599739623 => C:\Users\H2 Marketing\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo)
Task: {83DBF5FA-A56C-4902-9582-36A16782D1CE} - System32\Tasks\Extension_game2 => C:\Users\H2 Marketing\AppData\Roaming\Extension_game\python\pythonw.exe "load.pyc" app (Nenhum Arquivo) <==== ATENÇÃO
Task: C:\Windows\Tasks\updater.job => C:\Program Files (x86)\WinXT\blog\updater.exe
Task: C:\Windows\Tasks\updater2.job => C:\Program Files (x86)\WinXT\blog\updater.exe <==== ATENÇÃO
S2 TranslateService; C:\ProgramData\TranslateService\TranslateService.exe [X] <==== ATENÇÃO
S2 updater; "C:\Program Files (x86)\WinXT\blog\nssm.exe" [X]
S2 WinLoading; "C:\Program Files (x86)\WinXT\blog\nssm.exe" [X]
FirewallRules: [{CA10A44E-181D-46B5-A449-B4E659463850}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Programs\Opera\68.0.3618.173\opera.exe => Nenhum Arquivo
FirewallRules: [{01CD807D-BF9D-4CFA-8E56-F2AFE97F2D84}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\DRPSu\Alice\cloud.exe => Nenhum Arquivo
FirewallRules: [{82046A1B-318E-486D-9B46-15C5EB5F5C49}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Temp\L3150\Network\EpsonNetSetup\ENEasyApp.exe => Nenhum Arquivo
FirewallRules: [{F553CEEE-276F-4417-A012-27E0DD81121D}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Temp\L3150\Network\EpsonNetSetup\ENEasyApp.exe => Nenhum Arquivo
FirewallRules: [{28D2C4D6-56AA-4B09-BACF-52F3415AA037}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Temp\DriverPack-2020091090450\tools\aria2c.exe => Nenhum Arquivo
FirewallRules: [{F22267C0-B6AD-4200-B666-42C45708175F}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Programs\Opera\64.0.3417.73\opera.exe => Nenhum Arquivo
FirewallRules: [{17FA03A7-36D4-443E-8ED9-FBEC7E1EABC5}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\DRPSu\Alice\cloud.exe => Nenhum Arquivo
FirewallRules: [{960690B0-0703-416A-ACA4-9459DA8ACE65}] => (Allow) C:\Users\H2 Marketing\AppData\Local\Programs\Opera\70.0.3728.178\opera.exe => Nenhum Arquivo
FirewallRules: [{95247CED-BFC4-4021-8E3D-34CDB2A33271}] => (Allow) C:\Level Up\Combat Arms\NMService.exe => Nenhum Arquivo
FirewallRules: [{1703CAE8-0B54-4F91-BDB8-524B92763D64}] => (Allow) C:\Level Up\Combat Arms\NMService.exe => Nenhum Arquivo
FirewallRules: [{D629A089-791B-442D-B406-42F4998A2F11}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{9893265C-E358-4C7F-A079-C5CC637CC620}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{280605DB-88FB-458A-8C29-6A338D797D6C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{B5B42997-CFA3-4BB1-9D07-C24D216B3499}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{00DC442B-F496-4DE8-B584-01DFE4712B78}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{AE7DBD7D-4C6E-4913-BE22-81BB103B0ECD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Nenhum Arquivo
FirewallRules: [{39FB1811-38C5-4AE6-9498-01F70139055E}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{63FF5B4D-CB1E-4CAE-B676-6752F13C6127}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{2F2431FD-6461-4774-AFEB-EFAF563BCF5A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Nenhum Arquivo
CMD: sfc /scannow
CreateRestorePoint:
EmptyTemp:
Hosts:
Reboot:

*****************

Processos fechados com sucesso.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\\SystemComponent" => removido (a) com sucesso.

========= msiexec.exe /uninstall {5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} =========


========= Fim de CMD: =========

"C:\Users\H2MARK~1\AppData\Local\Temp\ehdrv.sys" => não encontrado (a)
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removido (a) com sucesso.
C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Atalho argumento removido (a) com sucesso.
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => valor restaurado com sucesso
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => removido (a) com sucesso.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removido (a) com sucesso.
"HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removido (a) com sucesso.
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removido (a) com sucesso.
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\kissq" => não encontrado (a)
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ConfirmFileDelete" => removido (a) com sucesso.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => Não pode ser removido, a chave pode estar protegida
C:\Windows\system32\GroupPolicy\Machine => movido com sucesso
C:\Windows\system32\GroupPolicy\GPT.ini => movido com sucesso
C:\ProgramData\NTUSER.pol => movido com sucesso
HKLM\SOFTWARE\Policies\Google => removido (a) com sucesso.
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => removido (a) com sucesso.
C:\Users\H2 Marketing\AppData\Roaming\aa.tmp => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{336024EC-38BB-47DF-BB07-2CD0F202F311}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{336024EC-38BB-47DF-BB07-2CD0F202F311}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1595286915 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1595286915" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BC9395C-C574-4077-B288-D9F299990DF6}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BC9395C-C574-4077-B288-D9F299990DF6}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\updater2 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updater2" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{429E1E89-62FF-4045-B247-FEE409931032}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{429E1E89-62FF-4045-B247-FEE409931032}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\updater => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\updater" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{82AB7B86-0EB0-471B-B5EE-DB71C5452D1C}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82AB7B86-0EB0-471B-B5EE-DB71C5452D1C}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Extension_game => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Extension_game" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{832F8E8F-E677-44D4-A6E2-729161D1C8D1}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{832F8E8F-E677-44D4-A6E2-729161D1C8D1}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1599739623 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1599739623" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83DBF5FA-A56C-4902-9582-36A16782D1CE}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83DBF5FA-A56C-4902-9582-36A16782D1CE}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Extension_game2 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Extension_game2" => removido (a) com sucesso.
C:\Windows\Tasks\updater.job => movido com sucesso
C:\Windows\Tasks\updater2.job => movido com sucesso
TranslateService => o serviço não encontrado (a).
updater => o serviço não encontrado (a).
WinLoading => o serviço não encontrado (a).
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA10A44E-181D-46B5-A449-B4E659463850}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{01CD807D-BF9D-4CFA-8E56-F2AFE97F2D84}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{82046A1B-318E-486D-9B46-15C5EB5F5C49}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F553CEEE-276F-4417-A012-27E0DD81121D}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{28D2C4D6-56AA-4B09-BACF-52F3415AA037}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F22267C0-B6AD-4200-B666-42C45708175F}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17FA03A7-36D4-443E-8ED9-FBEC7E1EABC5}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{960690B0-0703-416A-ACA4-9459DA8ACE65}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95247CED-BFC4-4021-8E3D-34CDB2A33271}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1703CAE8-0B54-4F91-BDB8-524B92763D64}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D629A089-791B-442D-B406-42F4998A2F11}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9893265C-E358-4C7F-A079-C5CC637CC620}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{280605DB-88FB-458A-8C29-6A338D797D6C}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B5B42997-CFA3-4BB1-9D07-C24D216B3499}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00DC442B-F496-4DE8-B584-01DFE4712B78}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE7DBD7D-4C6E-4913-BE22-81BB103B0ECD}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{39FB1811-38C5-4AE6-9498-01F70139055E}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{63FF5B4D-CB1E-4CAE-B676-6752F13C6127}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F2431FD-6461-4774-AFEB-EFAF563BCF5A}" => não encontrado (a)

========= sfc /scannow =========


Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído.

Iniciando fase de verificação de verificação do sistema.
Verificação 0% concluída. Verificação 1% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 99% concluída. Verificação 100% concluída.

A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito.
Para reparos online, os detalhes são incluídos no arquivo de log CBS localizado em
windir\Logs\CBS\CBS.log. Por exemplo, C:\Windows\Logs\CBS\CBS.log. Para reparos
offline, os detalhes são incluídos no arquivo de log fornecido pelo sinalizador /OFFLOGFILE.

========= Fim de CMD: =========

Ponto de Restauração criado com sucesso.
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11755502 B
Java, Flash, Steam htmlcache => 343 B
Windows/system/drivers => 13907579 B
Edge => 45082 B
Chrome => 29443138 B
Firefox => 13318696 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
H2 Marketing => 70302766 B

RecycleBin => 0 B
EmptyTemp: => 132.3 MB de dados temporários Removidos.

================================

Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 18-11-2021 11:22:57)


Resultado dos registros marcados para excluir será exibido após a reinicialização:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removido (a) com sucesso.

==== Fim de Fixlog 11:22:57 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Bom Dia! astronautalouco /!\

 

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

> Ou daqui: < AdwCleaner > << Link!
> Ao acessar,clique em "Download Now".

> Salve-o ao desktop!
> Desabilite seu antivírus!

 

< Executar_Administrador.jpg >

 

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

> Clique "Definições". 

 

XZTQ4T3.jpg

 

> Estando em "Definições",deixe as configurações conforme este banner.

 

bk0BviF.jpg

 

> Ps: Dê início ao scan,clicando em "Verificar Agora". 
> Ao concluir,clique "Limpar e Reparar".
> Na mensagem,clique "Limpar e Reiniciar".
> Ao concluir,clique "Ver Ficheiro de Registos".    
> Copie e poste o relatório! (Mode: Clean)/(AdwCleaner[C00])

 

[]s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue:

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-18-2021
# Duration: 00:00:10
# OS:       Windows 10 Pro
# Scanned:  32010
# Detected: 37


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.Linkury                  C:\ProgramData\Logic Cramble
Adware.Linkury                  C:\ProgramData\Quoteexs
Adware.OnlineIO                 C:\Program Files (x86)\Microleaves
Adware.OnlineIO                 C:\ProgramData\Microleaves
Adware.OnlineIO                 C:\Users\H2 Marketing\AppData\Roaming\Microleaves
PUP.Optional.AdvancedWindowsManager C:\Program Files (x86)\AdvancedWindowsManager
PUP.Optional.AdvancedWindowsManager C:\ProgramData\AdvancedWindowsManager
PUP.Optional.DriverPack         C:\Users\H2 Marketing\AppData\Roaming\DRPSu
PUP.Optional.Legacy             C:\ProgramData\CloudPrinter
PUP.Optional.OnlineIO           C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ Files ] *****

PUP.Optional.OnlineIO           C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.YesSearches        C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy             C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

Adware.Linkury                  HKCU\Software\mtQuoteex
Adware.OnlineIO                 HKLM\Software\Wow6432Node\Microleaves
PUP.Optional.DriverPack         HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su
PUP.Optional.DriverPack         HKCU\Software\drpsu
PUP.Optional.DriverPack         HKLM\Software\Wow6432Node\drpsu
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31AA03FB-1DBA-4D71-81F6-F0DF112767C0} 
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
PUP.Optional.Legacy             HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
PUP.Optional.Linkury            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
PUP.Optional.Linkury            HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
PUP.Optional.Linkury.ACMB1      HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
PUP.Optional.Linkury.ACMB1      HKU\.DEFAULT\Environment|SNP
PUP.Optional.Linkury.ACMB1      HKU\S-1-5-18\Environment|SNP
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.Microleaves        HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves        HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

Adware.StartPage                WebSearch
PUP.Optional.Legacy             WebSearch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION 
Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION 
Preinstalled.EpsonCustomerResearchParticipation   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA} 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

Acabei esquecendo de modificar as config., portanto fiz outro scan, segue o ultimo tb:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    11-18-2021
# Duration: 00:00:08
# OS:       Windows 10 Pro
# Scanned:  32006
# Detected: 37


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

Adware.Linkury                  C:\ProgramData\Logic Cramble
Adware.Linkury                  C:\ProgramData\Quoteexs
Adware.OnlineIO                 C:\Program Files (x86)\Microleaves
Adware.OnlineIO                 C:\ProgramData\Microleaves
Adware.OnlineIO                 C:\Users\H2 Marketing\AppData\Roaming\Microleaves
PUP.Optional.AdvancedWindowsManager C:\Program Files (x86)\AdvancedWindowsManager
PUP.Optional.AdvancedWindowsManager C:\ProgramData\AdvancedWindowsManager
PUP.Optional.DriverPack         C:\Users\H2 Marketing\AppData\Roaming\DRPSu
PUP.Optional.Legacy             C:\ProgramData\CloudPrinter
PUP.Optional.OnlineIO           C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ Files ] *****

PUP.Optional.OnlineIO           C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.YesSearches        C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy             C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

Adware.Linkury                  HKCU\Software\mtQuoteex
Adware.Linkury                  HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe
Adware.Linkury                  HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\Quoteex.exe
Adware.OnlineIO                 HKLM\Software\Wow6432Node\Microleaves
PUP.Optional.DriverPack         HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su
PUP.Optional.DriverPack         HKCU\Software\drpsu
PUP.Optional.DriverPack         HKLM\Software\Wow6432Node\drpsu
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31AA03FB-1DBA-4D71-81F6-F0DF112767C0} 
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
PUP.Optional.Legacy             HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
PUP.Optional.Linkury.ACMB1      HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
PUP.Optional.Linkury.ACMB1      HKU\.DEFAULT\Environment|SNP
PUP.Optional.Linkury.ACMB1      HKU\S-1-5-18\Environment|SNP
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
PUP.Optional.Microleaves        HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
PUP.Optional.Microleaves        HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
PUP.Optional.Microleaves        HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

Adware.StartPage                WebSearch
PUP.Optional.Legacy             WebSearch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION 
Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION 
Preinstalled.EpsonCustomerResearchParticipation   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA} 


AdwCleaner[S00].txt - [4683 octets] - [18/11/2021 12:03:37]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Tarde! astronautalouco /!\

 

> Ao concluir,clique "Limpar e Reparar". <<<

 

Alguns PUPs e Adwares foram detectados pela ferramenta.

Mas,segundo o relatório,você deve ter esquecido de clicar em: "Limpar e Reparar"

 

# -------------------------------
# Mode: Scan
# -------------------------------

 

Tanto que nada foi removido e o log veio de diagnóstico. [S01]

O Mode Scan indica isto,sendo que não houve o fix de suas detecções.

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

 

Recomendo repetir a AdwCleaner e ao concluir,clicar em "Limpar e Reparar".

 

[]s

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Foi mesmo, kkkk. Segue novamente:

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build:    06-29-2021
# Database: 2021-11-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-18-2021
# Duration: 00:00:10
# OS:       Windows 10 Pro
# Cleaned:  37
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\AdvancedWindowsManager
Deleted       C:\Program Files (x86)\Microleaves
Deleted       C:\ProgramData\AdvancedWindowsManager
Deleted       C:\ProgramData\CloudPrinter
Deleted       C:\ProgramData\Logic Cramble
Deleted       C:\ProgramData\Microleaves
Deleted       C:\ProgramData\Quoteexs
Deleted       C:\Users\H2 Marketing\AppData\Roaming\DRPSu
Deleted       C:\Users\H2 Marketing\AppData\Roaming\Microleaves
Deleted       C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}

***** [ Files ] *****

Deleted       C:\Windows\Installer\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted       C:\Windows\SysWOW64\findit.xml

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\drp.su
Deleted       HKCU\Software\drpsu
Deleted       HKCU\Software\mtQuoteex
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31AA03FB-1DBA-4D71-81F6-F0DF112767C0} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted       HKLM\Software\Classes\Installer\Features\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\436F6625D7B77354DBCD89DDC6CFAB1A
Deleted       HKLM\Software\Wow6432Node\Microleaves
Deleted       HKLM\Software\Wow6432Node\\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}
Deleted       HKLM\Software\Wow6432Node\drpsu
Deleted       HKLM\System\CurrentControlSet\Services\EventLog\Application\Application Hosting
Deleted       HKU\.DEFAULT\Environment|SNP
Deleted       HKU\.DEFAULT\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}
Deleted       HKU\S-1-5-18\Environment|SNP
Deleted       HKU\S-1-5-18\Software\Caphyon\Advanced Updater\{F039D4A9-14D3-4425-A4FA-F2F9D5B0E014}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       WebSearch
Deleted       WebSearch

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\Program Files\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION
Deleted       Preinstalled.EpsonCustomerResearchParticipation   Folder   C:\ProgramData\EPSON\EPSONCUSTOMERRESEARCHPARTICIPATION
Deleted       Preinstalled.EpsonCustomerResearchParticipation   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B26449A6-6007-4460-B4FE-C4776115BCEA}


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings

*************************

AdwCleaner[S00].txt - [4683 octets] - [18/11/2021 12:03:37]
AdwCleaner[S01].txt - [4744 octets] - [18/11/2021 12:07:50]
AdwCleaner[S02].txt - [4805 octets] - [18/11/2021 17:57:22]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Noite! astronautalouco /!\

 

Poste novos relatórios da FRST. (FRST.txt + Addition.txt)

Delete os antigos,para que não sejam postados por engano.

 

[]s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde segue log:

 

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14-11-2021
Executado por H2 Marketing (administrador) em DESKTOP-QBNRO2F (MSI MS-7788) (20-11-2021 14:18:09)
Executando a partir de C:\Users\H2 Marketing\Desktop
Perfis Carregados: H2 Marketing
Plataforma: Microsoft Windows 10 Pro Versão 21H1 19043.1348 (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe
(Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
(Corel Corporation -> Corel Corporation) D:\CorelDRAW Graphics Suite 2021\Programs64\CorelDRW.exe
(Corel Corporation -> Corel Corporation) D:\CorelDRAW Graphics Suite 2021\Programs64\InterprocessController.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Users\H2 Marketing\aspecto\fomentar.exe <2>
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [EPPCCMON] => C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE [442936 2020-10-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-11-12] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [cobgDuer] => C:\Users\H2 Marketing\aspecto\fomentar.exe [1908280 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [35342976 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Run: [otraaDoe] => C:\Users\H2 Marketing\aspecto\fomentar.exe [1908280 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Print\Monitors\EPSON L3150 Series 64MonitorBE: C:\Windows\system32\E_YLMBUNE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\Windows\system32\enppmon.dll [500736 2016-09-14] (SEIKO EPSON CORPORATION) [Arquivo não assinado]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-16] (Google LLC -> Google LLC)
Startup: C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Master_x64.dll.lnk [2020-08-03]
ShortcutAndArgument: Master_x64.dll.lnk -> C:\Windows\system32\wscript.exe =>  /E:vbscript "C:\Users\H2 Marketing\AppData\Roaming\Master_x64.dll.vbs"
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {006D79F3-9CCD-4B6D-B7CD-98EF88AB59C1} - System32\Tasks\CCleanerSkipUAC - H2 Marketing => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {05BB98F6-5DAA-431C-94E0-E935ED13B3A3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET)
Task: {0C27A52C-EE33-43CE-B918-31AC5FFBF0E9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-12] (Mozilla Corporation -> Mozilla Foundation)
Task: {2B7F45E0-F624-4DBE-AC13-EBB7D0B64FBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-11] (Google LLC -> Google LLC)
Task: {37EB92C2-213D-4962-85F7-AA776CD34D60} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {42ED781F-01F2-4B0C-ADDD-33D57C829FE7} - System32\Tasks\EPSON L3150 Series Update {B3B3846E-9B27-4436-8DCA-CBC2075A9595} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {4320071E-A48F-46FE-A8D0-C25848B0EADF} - System32\Tasks\CorelUpdateHelperTask-ED2581EDE017D17B2CE79567159444B9 => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {5BF42F07-2D8E-45EB-B5CE-14C54FC59FE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-11] (Google LLC -> Google LLC)
Task: {7A24651A-62DC-474E-BBEF-71C5CED62464} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7BB2EDDA-F174-4CE9-949C-5AB220DC054A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-11-12] (Piriform Software Ltd -> Piriform)
Task: {867F8500-5CBC-4AC1-AB8C-D558B556F036} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {91F58D84-D714-4ACF-9E8D-39FD6FEB2665} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [3774160 2021-01-21] (Corel Corporation -> Corel Corporation)
Task: {9D176A5C-3628-4E59-A986-9BF97C0704CC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FA34CFB-2289-4942-8B36-06FA15987D19} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108888 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A06F5939-A211-4A2B-A322-231A8DAAA602} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AE176F57-4514-4915-9FA6-CF7EFE423366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B46C3407-D1EE-4DC3-AF67-084EF87D492D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET)
Task: {BCCB26B9-2677-4FE6-9968-E42D872ABBF5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3AD114B-836B-4E4B-BCB0-3795A19E857A} - System32\Tasks\CCleanerClean => C:\Program Files\CCleaner\CCleaner.exe [29417088 2021-11-12] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {CAF85089-F81A-475E-B49E-6D43AC31666E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E60594CE-945E-411F-9556-95CC68BE373D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {E9E32137-D4D9-4DEC-ADE3-DC95818C9E78} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3387EA9-0E23-4FFB-AA3B-6679D0F02D9D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6242232 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {F93F6563-94A5-46BC-990E-502AE4FE9FD2} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {FBF9882A-EA00-4CC1-B331-B75D2A5E1A87} - System32\Tasks\Opera scheduled assistant Autoupdate 1595286998 => C:\Users\H2 Marketing\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\H2 Marketing\AppData\Local\Programs\Opera\assistant" $(Arg0)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\CCleanerClean.job => C:\Program Files\CCleaner\CCleaner.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\EPSON L3150 Series Update {B3B3846E-9B27-4436-8DCA-CBC2075A9595}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE:/EXE:{B3B3846E-9B27-4436-8DCA-CBC2075A9595} /F:UpdateWORKGROUP\DESKTOP-QBNRO2F$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f6422f74-6f41-489e-9892-a263fd1142cd}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)]
Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)]
Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)]
Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)]
Edge Profile: C:\Users\H2 Marketing\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-20]

FireFox:
========
FF DefaultProfile: fs9ux9j4.default
FF ProfilePath: C:\Users\H2 Marketing\AppData\Roaming\Mozilla\Firefox\Profiles\fs9ux9j4.default [2021-11-18]
FF ProfilePath: C:\Users\H2 Marketing\AppData\Roaming\Mozilla\Firefox\Profiles\28iy2yxf.default-release [2021-11-20]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-11-12] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-11-12] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default [2021-11-20]
CHR Notifications: Default -> hxxps://forum.imasters.com.br
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com.br/"
CHR Extension: (Apresentações) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-20]
CHR Extension: (Documentos) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-20]
CHR Extension: (Google Drive) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-23]
CHR Extension: (YouTube) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-20]
CHR Extension: (Planilhas) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-20]
CHR Extension: (Documentos Google off-line) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-20]
CHR Extension: (Botão Salvar do Pinterest) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2021-11-19]
CHR Extension: (Escalada Analytics) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\maochdhckepbdcpgmeghadihjkahgahi [2021-11-08]
CHR Extension: (Email tracker para Gmail - Mailtrack) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2021-11-18]
CHR Extension: (TZWebChartWindow) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmdhbmdklokcmpmcegmbfehjencmbeab [2021-11-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Extension: (Gmail) - C:\Users\H2 Marketing\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR HKU\S-1-5-21-321270744-2600619408-4275616409-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gkfanndldghlkndfhojpfhclgdnglfmf] - hxxps://chrome.google.com/webstore/detail/gkfanndldghlkndfhojpfhclgdnglfmf
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-11-12] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3833088 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3603200 2021-09-07] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2019-02-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [145224 2019-09-19] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13341480 2021-11-05] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X]

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-07-21] (Martin Malik - REALiX -> REALiX(tm))
R3 int0800; C:\Windows\System32\drivers\flashud.sys [62984 2019-08-21] (Intel Corporation -> Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48520 2021-11-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [435424 2021-11-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Três meses (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-11-20 14:18 - 2021-11-20 14:18 - 000021620 _____ C:\Users\H2 Marketing\Desktop\FRST.txt
2021-11-20 13:04 - 2021-11-20 13:07 - 000000000 ____D C:\Users\H2 Marketing\Desktop\Imagens Net
2021-11-19 21:38 - 2021-11-19 21:36 - 000002943 _____ C:\Users\Public\Desktop\Corel CAPTURE 2021 (64-Bit).lnk
2021-11-19 21:38 - 2021-11-19 21:36 - 000002942 _____ C:\Users\Public\Desktop\Corel PHOTO-PAINT 2021 (64-Bit).lnk
2021-11-19 21:38 - 2021-11-19 21:36 - 000002910 _____ C:\Users\Public\Desktop\CorelDRAW 2021 (64-Bit).lnk
2021-11-19 21:38 - 2021-11-19 21:36 - 000001814 _____ C:\Users\Public\Desktop\Corel Font Manager 2021 (64-Bit).lnk
2021-11-19 21:37 - 2021-11-20 13:11 - 000003350 _____ C:\Windows\system32\Tasks\CorelUpdateHelperTask-ED2581EDE017D17B2CE79567159444B9
2021-11-19 21:37 - 2021-11-19 21:37 - 000000000 ____D C:\Program Files\Common Files\Corel
2021-11-19 21:20 - 2021-11-19 21:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite 2021 (64-Bit)
2021-11-19 20:55 - 2021-11-19 20:55 - 000000031 _____ C:\Users\H2 Marketing\Desktop\Novo Documento de Texto.txt
2021-11-19 19:14 - 2021-11-19 20:14 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\TeamViewer
2021-11-19 19:14 - 2021-11-19 19:14 - 000001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2021-11-19 19:14 - 2021-11-19 19:14 - 000001100 _____ C:\Users\Public\Desktop\TeamViewer.lnk
2021-11-19 19:03 - 2021-11-19 19:03 - 000000000 ____D C:\Users\H2 Marketing\Desktop\corel
2021-11-19 19:00 - 2021-11-19 19:00 - 000000000 ____D C:\Users\H2 Marketing\Desktop\Nova pasta
2021-11-19 18:51 - 2021-11-19 18:52 - 000000000 ____D C:\Program Files\7-Zip
2021-11-19 18:51 - 2021-11-19 18:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2021-11-19 18:10 - 2021-11-19 21:37 - 000003350 _____ C:\Windows\system32\Tasks\CorelUpdateHelperTaskCore
2021-11-18 11:58 - 2021-11-18 17:59 - 000000000 ____D C:\AdwCleaner
2021-11-18 11:32 - 2021-11-18 19:40 - 000072342 _____ C:\Users\H2 Marketing\Desktop\FII 16 11 21 (1).xlsx
2021-11-18 11:23 - 2021-11-18 11:23 - 000000000 _____ C:\Users\H2 Marketing\AppData\Roaming\aa.tmp
2021-11-18 11:22 - 2021-11-18 11:22 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-11-18 11:00 - 2021-11-18 11:00 - 000161822 _____ C:\Users\H2 Marketing\Desktop\cc_20211118_110029.reg
2021-11-18 10:48 - 2021-11-18 11:22 - 000000280 _____ C:\Windows\Tasks\CCleanerClean.job
2021-11-18 10:48 - 2021-11-18 10:59 - 000002976 _____ C:\Windows\system32\Tasks\CCleanerClean
2021-11-18 10:44 - 2021-11-20 13:57 - 000000000 ____D C:\Program Files\CCleaner
2021-11-18 10:44 - 2021-11-20 12:57 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-11-18 10:44 - 2021-11-18 10:44 - 000002932 _____ C:\Windows\system32\Tasks\CCleanerSkipUAC - H2 Marketing
2021-11-18 10:44 - 2021-11-18 10:44 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2021-11-18 10:44 - 2021-11-18 10:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-11-17 21:37 - 2021-11-19 18:28 - 001045507 _____ C:\Users\H2 Marketing\Desktop\Cópia_de_segurança_de_Cópia_de_segurança_de_arte vigilia.cdr
2021-11-17 19:41 - 2021-11-19 21:58 - 001550700 _____ C:\Users\H2 Marketing\Desktop\Cópia_de_segurança_de_arte vigilia.cdr
2021-11-17 19:33 - 2021-11-17 19:41 - 008822353 _____ C:\Users\H2 Marketing\Desktop\arte vigilia.cdr
2021-11-17 19:32 - 2021-11-20 12:54 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\CrashDumps
2021-11-17 18:34 - 2021-11-17 18:34 - 000410323 _____ C:\Users\H2 Marketing\Desktop\CI232984_19082021024154245_adesivo-el-doces.pdf
2021-11-17 18:19 - 2021-11-17 18:19 - 000003886 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2021-11-17 18:19 - 2021-11-17 18:19 - 000003444 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2021-11-17 15:49 - 2021-11-20 14:18 - 000000000 ____D C:\FRST
2021-11-17 15:48 - 2021-11-17 15:48 - 002311680 _____ (Farbar) C:\Users\H2 Marketing\Desktop\FRST64.exe
2021-11-17 15:05 - 2021-11-17 15:23 - 000001324 _____ C:\Users\H2 Marketing\Desktop\ESET Online Scanner.lnk
2021-11-17 15:04 - 2021-11-17 15:23 - 000001430 _____ C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-11-17 15:04 - 2021-11-17 15:04 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\ESET
2021-11-16 14:26 - 2021-11-20 14:19 - 000000000 ____D C:\Users\H2 Marketing\.gallery
2021-11-16 14:26 - 2021-11-16 14:26 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\cache
2021-11-16 14:24 - 2021-11-16 14:24 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Blackmagic Design
2021-11-16 14:16 - 2021-11-16 14:16 - 000002006 _____ C:\Users\H2 Marketing\Desktop\DaVinci Resolve.lnk
2021-11-16 14:15 - 2021-11-16 14:16 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-11-16 14:15 - 2021-11-16 14:15 - 000000000 ____D C:\ProgramData\Blackmagic Design
2021-11-16 14:15 - 2021-11-16 14:15 - 000000000 ____D C:\Program Files\Blackmagic Design
2021-11-16 14:14 - 2021-11-16 14:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2021-11-16 14:14 - 2021-11-16 14:14 - 000000000 ____D C:\Program Files (x86)\Blackmagic Design
2021-11-12 10:11 - 2021-11-17 21:38 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-11 20:15 - 2021-11-11 20:15 - 000485363 _____ C:\Users\H2 Marketing\Desktop\cuia com hastes.cdr
2021-11-10 13:02 - 2021-11-10 13:02 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-11-10 13:02 - 2021-11-10 13:02 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-11-10 13:02 - 2021-11-10 13:02 - 000011363 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-11-10 13:01 - 2021-11-10 13:01 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-11-10 12:54 - 2021-11-10 12:54 - 000000000 ___HD C:\$WinREAgent
2021-11-09 14:25 - 2021-11-13 11:15 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-11-09 10:12 - 2021-11-09 10:12 - 000001207 _____ C:\Users\Public\Desktop\LibreOffice 7.2.lnk
2021-11-09 10:12 - 2021-11-09 10:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.2
2021-11-09 10:11 - 2021-11-09 10:12 - 000000000 ____D C:\Program Files\LibreOffice
2021-11-09 09:46 - 2021-11-09 09:47 - 000000000 ____D C:\Users\H2 Marketing\imersão
2021-11-09 09:42 - 2021-10-29 18:52 - 000124885 _____ C:\Users\H2 Marketing\Desktop\Custos Vasos sem borda fibra sintética.xlsx
2021-11-08 18:35 - 2021-11-08 18:36 - 000000000 ____D C:\Users\H2 Marketing\preconceito
2021-11-08 18:30 - 2021-11-08 18:31 - 000000000 ____D C:\Users\H2 Marketing\axioma
2021-11-08 18:26 - 2021-11-08 18:27 - 000000000 ____D C:\Users\H2 Marketing\ativista
2021-11-08 18:26 - 2021-11-08 18:26 - 000000000 ____D C:\Users\H2 Marketing\desgraçado
2021-11-08 18:25 - 2021-11-20 12:53 - 000000000 ____D C:\Users\H2 Marketing\aspecto
2021-11-05 17:50 - 2021-11-05 17:50 - 000007597 _____ C:\Users\H2 Marketing\AppData\Local\Resmon.ResmonCfg
2021-11-05 16:05 - 2021-11-05 16:05 - 000004044 _____ C:\Users\H2 Marketing\Desktop\Desktop21 - Atalho.lnk
2021-11-05 13:49 - 2021-11-05 14:02 - 000000000 ____D C:\Users\H2 Marketing\Desktop\NF Mercado Livre
2021-11-05 10:44 - 2021-11-05 10:44 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-05 10:44 - 2021-11-05 10:44 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-10-15 11:30 - 2021-10-15 11:30 - 000611960 _____ C:\Windows\SysWOW64\TextShaping.dll
2021-10-15 11:30 - 2021-10-15 11:30 - 000203264 _____ C:\Windows\system32\uwfcfgmgmt.dll
2021-10-15 11:30 - 2021-10-15 11:30 - 000158208 _____ C:\Windows\system32\uwfcsp.dll
2021-10-15 11:30 - 2021-10-15 11:30 - 000040960 _____ C:\Windows\system32\uwfservicingapi.dll
2021-10-15 11:29 - 2021-10-15 11:29 - 000706536 _____ C:\Windows\system32\TextShaping.dll
2021-10-15 11:29 - 2021-10-15 11:29 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2021-10-15 11:29 - 2021-10-15 11:29 - 000098304 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-09-29 11:41 - 2021-09-29 11:41 - 000001321 _____ C:\Users\Public\Desktop\ApowerEdit.lnk
2021-09-29 11:41 - 2021-09-29 11:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2021-09-29 11:41 - 2021-09-29 11:41 - 000000000 ____D C:\ProgramData\Apowersoft
2021-09-29 11:40 - 2021-09-29 11:40 - 000000000 ____D C:\Program Files (x86)\Apowersoft
2021-09-21 13:55 - 2021-09-21 13:55 - 000001997 _____ C:\Users\H2 Marketing\Desktop\Zoom.lnk
2021-09-15 13:10 - 2021-09-15 13:10 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll
2021-09-15 13:10 - 2021-09-15 13:10 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-09-15 13:10 - 2021-09-15 13:10 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll
2021-09-15 13:10 - 2021-09-15 13:10 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-09-15 13:10 - 2021-09-15 13:10 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE
2021-09-15 13:10 - 2021-09-15 13:10 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2021-09-15 13:10 - 2021-09-15 13:10 - 000170496 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll
2021-09-15 13:10 - 2021-09-15 13:10 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-09-14 15:27 - 2021-09-17 14:12 - 000000000 ____D C:\Users\H2 Marketing\Desktop\BV
2021-09-10 19:26 - 2021-09-10 19:26 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-09-10 19:25 - 2021-09-10 19:26 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Zoom

==================== Três meses (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-11-20 14:19 - 2020-07-20 12:31 - 000000000 ____D C:\Users\H2 Marketing
2021-11-20 14:16 - 2020-10-20 15:19 - 000000000 ____D C:\Users\H2 Marketing\AppData\LocalLow\Mozilla
2021-11-20 13:36 - 2020-07-20 13:15 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-20 13:08 - 2020-07-21 09:04 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\TeamViewer
2021-11-20 13:08 - 2020-07-21 09:04 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-11-20 13:01 - 2020-07-23 11:56 - 000004196 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{26A4C902-0DE7-4D0D-B2CC-A96F779B51B3}
2021-11-19 21:59 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-19 21:40 - 2020-07-21 09:51 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\Corel
2021-11-19 21:37 - 2021-03-04 10:37 - 000000000 ____D C:\Program Files (x86)\Corel
2021-11-19 21:36 - 2020-07-21 09:22 - 000000000 ____D C:\ProgramData\Corel
2021-11-19 21:32 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-19 21:32 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness
2021-11-19 21:19 - 2020-07-21 09:29 - 000000000 ____D C:\Program Files\Corel
2021-11-19 20:44 - 2020-07-20 12:27 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-11-19 18:38 - 2019-01-05 19:52 - 000000000 ___RD C:\Users\H2 Marketing\Desktop\Trabalhos (corel)
2021-11-19 18:10 - 2021-03-04 13:59 - 000000000 ____D C:\ProgramData\CorelDRAW Graphics Suite 2020
2021-11-18 17:59 - 2020-07-22 10:53 - 000000000 ____D C:\Program Files\EPSON
2021-11-18 17:59 - 2020-07-22 10:52 - 000000000 ____D C:\ProgramData\EPSON
2021-11-18 14:01 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF
2021-11-18 13:56 - 2020-07-20 13:19 - 000000000 __SHD C:\Users\H2 Marketing\IntelGraphicsProfiles
2021-11-18 11:29 - 2020-07-20 12:35 - 000003392 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-321270744-2600619408-4275616409-1001
2021-11-18 11:29 - 2020-07-20 12:31 - 000002451 _____ C:\Users\H2 Marketing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-18 11:27 - 2020-07-20 12:33 - 001741824 _____ C:\Windows\system32\PerfStringBackup.INI
2021-11-18 11:27 - 2019-12-07 11:53 - 000752436 _____ C:\Windows\system32\prfh0416.dat
2021-11-18 11:27 - 2019-12-07 11:53 - 000148550 _____ C:\Windows\system32\prfc0416.dat
2021-11-18 11:22 - 2020-07-20 12:27 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-18 11:22 - 2020-07-20 12:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-11-18 11:22 - 2019-12-07 06:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-11-18 11:21 - 2020-07-31 16:13 - 000000000 ____D C:\Users\H2 Marketing\AppData\LocalLow\Temp
2021-11-18 11:16 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2021-11-18 10:49 - 2020-07-31 12:04 - 000000000 ____D C:\Users\H2 Marketing\AppData\Roaming\uTorrent
2021-11-18 10:49 - 2020-07-20 12:26 - 000000000 ____D C:\Windows\Panther
2021-11-18 10:48 - 2020-07-21 09:19 - 000000000 ____D C:\Temp
2021-11-18 10:06 - 2020-07-20 12:32 - 000000000 ____D C:\ProgramData\Packages
2021-11-17 21:38 - 2020-10-20 15:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-17 15:56 - 2021-02-05 09:06 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\AD File Deleter 7
2021-11-17 15:56 - 2021-02-05 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AD File Deleter 7
2021-11-17 15:50 - 2020-07-21 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 7
2021-11-17 09:23 - 2020-11-06 18:41 - 000003618 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-17 09:23 - 2020-11-06 18:41 - 000003494 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-16 14:23 - 2020-07-21 07:49 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-16 10:00 - 2020-07-20 13:16 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-14 10:32 - 2021-01-04 13:39 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-11-14 07:16 - 2020-11-06 18:41 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-13 11:15 - 2020-10-20 15:19 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-12 10:07 - 2020-10-20 15:19 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-10 19:57 - 2020-07-20 12:27 - 005272640 _____ C:\Windows\system32\FNTCACHE.DAT
2021-11-10 19:56 - 2019-12-07 11:56 - 000000000 ___SD C:\Windows\system32\AppV
2021-11-10 19:56 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-11-10 19:56 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr
2021-11-10 19:56 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\servicing
2021-11-10 13:05 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp
2021-11-10 12:54 - 2020-07-20 13:17 - 000000000 ____D C:\Windows\system32\MRT
2021-11-10 12:52 - 2020-07-20 13:17 - 141529560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-11-09 16:18 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\NDF
2021-11-08 13:25 - 2020-07-20 20:04 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\ElevatedDiagnostics
2021-11-04 18:02 - 2020-07-20 12:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-11-01 10:16 - 2020-07-20 12:32 - 000000000 ____D C:\Users\H2 Marketing\AppData\Local\Packages

==================== Arquivos na raiz de alguns diretórios ========

2021-02-05 09:18 - 2021-02-10 08:30 - 000000004 _____ () C:\ProgramData\lock.dat
2021-02-05 09:19 - 2021-02-10 08:29 - 000000004 _____ () C:\ProgramData\rc.dat
2021-02-05 09:18 - 2021-02-05 09:18 - 000000008 _____ () C:\ProgramData\ts.dat
2020-09-24 16:37 - 2020-09-24 16:37 - 014616720 _____ (Epson America, Inc.                                         ) C:\Users\Public\L3150_Lite_LA.exe
2021-11-18 11:23 - 2021-11-18 11:23 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Roaming\aa.tmp
2020-08-03 08:47 - 2020-08-03 08:47 - 000000182 _____ () C:\Users\H2 Marketing\AppData\Roaming\Master_x64.dll.vbs
2020-07-23 11:20 - 2020-11-30 16:32 - 000000132 _____ () C:\Users\H2 Marketing\AppData\Roaming\Preferências do Formato PNG CC da Adobe
2021-06-30 18:47 - 2021-08-29 18:53 - 000001456 _____ () C:\Users\H2 Marketing\AppData\Local\Adobe Salvar para Web 13.0 Prefs
2021-03-04 08:21 - 2021-03-04 08:21 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Local\oobelibMkey.log
2021-11-05 17:50 - 2021-11-05 17:50 - 000007597 _____ () C:\Users\H2 Marketing\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

 

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 14-11-2021
Executado por H2 Marketing (20-11-2021 14:20:14)
Executando a partir de C:\Users\H2 Marketing\Desktop
Microsoft Windows 10 Pro Versão 21H1 19043.1348 (X64) (2020-07-20 15:30:51)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================


(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-321270744-2600619408-4275616409-500 - Administrator - Disabled)
Convidado (S-1-5-21-321270744-2600619408-4275616409-501 - Limited - Enabled)
DefaultAccount (S-1-5-21-321270744-2600619408-4275616409-503 - Limited - Disabled)
H2 Marketing (S-1-5-21-321270744-2600619408-4275616409-1001 - Administrator - Enabled) => C:\Users\H2 Marketing
WDAGUtilityAccount (S-1-5-21-321270744-2600619408-4275616409-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
AD File Deleter version 7.07 (HKLM-x32\...\AD File Deleter_7_is1) (Version: 7.07 - DYROBP)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.3.1.470 - Adobe Inc.)
Adobe Dreamweaver 2020 (HKLM-x32\...\DRWV_20_2) (Version: 20.2 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version:  - Adobe)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_9_0) (Version: 9.0 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_4) (Version: 14.0.4 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
AIDA64 Extreme v5.95 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.95 - FinalWire Ltd.)
ApowerEdit V1.7.6.12 (HKLM-x32\...\{3089CCCD-BC5F-4309-A3C1-45B5ACA7A5E7}_is1) (Version: 1.7.6.12 - Apowersoft LIMITED)
Apowersoft Online Launcher version 1.8.1 (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.8.1 - APOWERSOFT LIMITED)
Assistente Pimaco (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\fd1d3bb00ed77146) (Version: 3.0.0.39 - Bic Amazonia SA)
Blackmagic RAW Common Components (HKLM\...\{94C42023-ECF5-46E6-ACB4-2AED536B205D}) (Version: 2.2 - Blackmagic Design)
CCleaner (HKLM\...\CCleaner) (Version: 5.87 - Piriform)
Corel Graphics - Windows Shell Extension (HKLM\...\_{33DB43C3-E6BE-40AE-AECF-56E9F03E3B4D}) (Version: 23.0.0.362 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{33DB43C3-E6BE-40AE-AECF-56E9F03E3B4D}) (Version: 23.0.362 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{C697E994-12BE-4CF3-B9BF-B3FD1659E717}) (Version: 23.0.362 - Corel Corporation) Hidden
Corel Update Manager (HKLM\...\{F30F96B6-EADE-44FF-B202-C8697BC088F8}) (Version: 2.13.594 - Corel corporation) Hidden
CorelDRAW Graphics Suite 2020 - IPM (x64) (HKLM\...\{0E0F6EBF-E2BA-4B1A-ADEC-CAF4612B2AC7}) (Version: 22.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2020 - IPM Content BR (x64) (HKLM\...\{AE21B6DA-78D3-4772-81EF-9A0163BDB0C6}) (Version: 22.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2020 - IPM Content DE (x64) (HKLM\...\{9A7ABF9B-1CF1-452F-B6A9-1FD425AD12D9}) (Version: 22.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2020 - IPM Content EN (x64) (HKLM\...\{C796DB48-473A-4F12-998D-0D690570D633}) (Version: 22.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2020 - IPM Content ES (x64) (HKLM\...\{38B83748-7D9B-48DB-94EE-004D49E84BD3}) (Version: 22.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2020 - IPM Content FR (x64) (HKLM\...\{E2E7B6E9-3A6F-4421-8D1F-24ED7647B00A}) (Version: 22.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2020 - IPM Content IT (x64) (HKLM\...\{EEC60482-484C-4B29-BB56-0C04F086B372}) (Version: 22.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2020 - IPM Content NL (x64) (HKLM\...\{0A404310-BE95-47B5-BE1C-5C664490EE17}) (Version: 22.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2020 - Writing Tools (x64) (HKLM\...\{F404C086-454C-4485-B5F1-F3C11B8DF452}) (Version: 22.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite 2020 (64-Bit) (HKLM\...\_{7FA269F4-59E4-4399-A239-E9A134D40BED}) (Version: 22.1.0.517 - Corel Corporation)
CorelDRAW Graphics Suite 2021 - IPM (x64) (HKLM\...\{EF56927C-ED92-41B1-8B88-FA225384E2A4}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content BR (x64) (HKLM\...\{3D6825D1-5843-4585-B915-A9F234554C2C}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content CS (x64) (HKLM\...\{CCBA3120-A726-4C64-8986-AF5B6C519FE7}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content CT (x64) (HKLM\...\{EC73C33E-4349-45E7-A08C-8566DF799EC5}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content CZ (x64) (HKLM\...\{289B6A1B-EA8B-4FBE-9CF4-A0FE4E91DD37}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content DE (x64) (HKLM\...\{4F09DBC6-B00A-4E83-886D-94EFAD76A36C}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content EN (x64) (HKLM\...\{DDD18F44-5B1B-44FB-A604-1A4EBDB65FC9}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content ES (x64) (HKLM\...\{176AC6B0-1B9D-4257-94DD-02B006CBC779}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content FR (x64) (HKLM\...\{D6DDBE6D-E2D0-48C1-9DAC-5DB93DA8DA83}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content IT (x64) (HKLM\...\{ED790B20-D67B-465C-B3B9-768547F5E389}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content JP (x64) (HKLM\...\{243F3C09-43FC-447C-98AF-E640955397BB}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content NL (x64) (HKLM\...\{AA0464E0-EBA2-4879-A116-D7FFBC41267E}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content PL (x64) (HKLM\...\{7E5076C4-E945-49BA-AFC6-01577CD06ABA}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content RU (x64) (HKLM\...\{74BEF304-6B74-4196-A4C4-63C6D4BECCB0}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content SV (x64) (HKLM\...\{A397DC31-3A23-4157-8881-A5E4957ABB19}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - IPM Content TR (x64) (HKLM\...\{3B5FBE0B-541B-47FB-89EC-20ECA3E8D97A}) (Version: 23.1 - Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 - Writing Tools (x64) (HKLM\...\{31CD96CF-4A33-4535-A6CC-F419CEAEFD70}) (Version: 23.1 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite 2021 (64-Bit) (HKLM\...\_{B9EA48EE-695F-4E90-B89D-F7CE4767B49F}) (Version: 23.1.0.389 - Corel Corporation)
CPUID CPU-Z 1.91 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.91 - CPUID, Inc.)
DaVinci Resolve (HKLM\...\{6E40D3ED-077B-45C4-90FF-222CC65C199C}) (Version: 17.4.10004 - Blackmagic Design)
DaVinci Resolve Control Panels (HKLM\...\{7667C543-084F-47F7-BC60-175FC25E9D6F}) (Version: 2.0.1.0 - Blackmagic Design)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B33A1677}) (Version: 2.1.2.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{2dd048a1-b9fb-4e4f-a8f3-1eceafce538c}) (Version: 2.1.2.0 - ) Hidden
Driver Booster 7 (HKLM-x32\...\Driver Booster_is1) (Version: 7.0.1 - IObit)
Easy Photo Scan (HKLM-x32\...\{99364024-626C-4BE1-89C8-2F207023497B}) (Version: 1.00.0018 - Seiko Epson Corporation)
EPS Viewer (HKLM-x32\...\{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1) (Version:  - IdeaMK)
Epson Easy Photo Print 2 (HKLM-x32\...\{71038C40-8258-44D2-BBF4-B6312338172C}) (Version: 2.8.3.0 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{AB8BE3EA-01D3-44B7-8E77-A9601CBDEBDE}) (Version: 3.10.0085 - Seiko Epson Corporation)
EPSON L3150 Series Printer Uninstall (HKLM\...\EPSON L3150 Series) (Version:  - Seiko Epson Corporation)
Epson Printer Connection Checker (HKLM-x32\...\{189DE071-E0BC-4BA5-8E34-83D5ED12600B}) (Version: 3.2.0.0 - Seiko Epson Corporation)
Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{D2D9559D-359A-4C61-B93A-FE01AE2BFB75}) (Version: 4.5.4 - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Instalação (HKLM-x32\...\{66134A9C-2221-4BBB-AD13-44EB81A809F1}) (Version: 1.0.0 - Configurando Windows)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5161 - Intel Corporation)
LibreOffice 7.2.2.2 (HKLM\...\{51F1B587-D4A5-41C0-A4E8-A64BBD343F23}) (Version: 7.2.2.2 - The Document Foundation)
Maxon Cinema 4D R21 (HKLM\...\Maxon Cinema 4D R21) (Version: R21 - Maxon)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - pt-br (HKLM\...\ProPlus2019Retail - pt-br) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{49e969a1-2990-464d-92b5-25f6f34573c6}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{d2c8df0e-f15d-4426-9e51-f13f329f9cb4}) (Version: 12.0.40664.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29913 (HKLM-x32\...\{03d1453c-7d5c-479c-afea-8482f406e036}) (Version: 14.28.29913.0 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 94.0.1 (x64 pt-BR)) (Version: 94.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0 - Mozilla)
Nelogica ProfitPro (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\Profit) (Version: 5.0.0.229 - Nelogica)
Nelogica Rico Trader (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\RicoTrader) (Version: 5.0.0.174 - Nelogica)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Settings CC (HKLM-x32\...\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Suporte para Aplicativos Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.23.9 - TeamViewer)
Verificação de integridade do PC Windows (HKLM\...\{BDA76587-4949-46D7-8427-AE49451F93D4}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows Installer (HKLM-x32\...\{13499434-9821-4E2D-B7DF-7C0867EB1504}) (Version: 5.0.3 - AdvancedWindowsManager)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\ZoomUMX) (Version: 5.7.8 (1247) - Zoom Video Communications, Inc.)

Packages:
=========
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-21] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-11-08] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-12] (Spotify AB) [Startup Task]
TouchVPN -> C:\Program Files\WindowsApps\6F71D7A7.TouchVPN_1.1.14.0_x64__nsbqstbb9qxb6 [2020-12-17] (Pango Inc.)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{272D2E65-05FB-4500-BD7B-5905D5B0A1B8}\localserver32 -> C:\Users\H2 Marketing\AppData\Roaming\Nelogica\Profit\profitchart.exe (Nelogica Sistemas de Software Ltda. -> Nelogica)
CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel(R) pGFX 2020 -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{91B96A80-A1E8-DB69-3D91-B838B0AF5BDE}\InprocServer32 -> não caminho do arquivo
CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{def0be8c-1027-41d3-bcc6-c6235d93ab09}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-321270744-2600619408-4275616409-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2021-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Atalhos & WMI ========================

==================== Módulos Carregados (Whitelisted) =============

2021-10-28 15:15 - 2021-10-28 15:15 - 001010176 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\BMDDavUI.dll
2021-02-18 23:06 - 2021-02-18 23:06 - 000023040 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cdt.dll
2021-02-18 23:06 - 2021-02-18 23:06 - 000073216 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cgraph.dll
2021-02-12 12:13 - 2021-02-12 12:13 - 000049152 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\codexhdedecoder.dll
2021-10-29 00:57 - 2021-10-29 00:57 - 013026304 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\DolbyAtmosBridge.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 047568896 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fraunhoferdcp.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 007281664 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\FusionPage.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 000826368 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\glew32.dll
2021-10-22 12:58 - 2021-10-22 12:58 - 000395264 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\gpudetect.dll
2021-02-18 23:06 - 2021-02-18 23:06 - 000507392 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\gvc.dll
2021-04-28 23:06 - 2021-04-28 23:06 - 001426944 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\kdu_a81R.dll
2021-10-06 19:01 - 2021-10-06 19:01 - 000292864 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\LIBPQ.dll
2021-02-12 12:13 - 2021-02-12 12:13 - 000897024 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libraw.dll
2021-09-14 15:57 - 2021-09-14 15:57 - 002191872 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\log4cxx.dll
2021-02-18 23:06 - 2021-02-18 23:06 - 000267473 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\ltdl.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 000607744 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\lua5.1.dll
2021-10-02 11:56 - 2021-10-02 11:56 - 001061888 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\MXF.dll
2021-09-14 16:01 - 2021-09-14 16:01 - 002425344 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_calib3d341.dll
2021-09-14 16:01 - 2021-09-14 16:01 - 003255808 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_core341.dll
2021-09-14 16:01 - 2021-09-14 16:01 - 004644864 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_dnn341.dll
2021-09-14 16:01 - 2021-09-14 16:01 - 000928768 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_features2d341.dll
2021-09-14 16:01 - 2021-09-14 16:01 - 000629760 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_flann341.dll
2021-09-14 16:01 - 2021-09-14 16:01 - 003281920 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_imgproc341.dll
2021-09-14 16:01 - 2021-09-14 16:01 - 000443392 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\opencv_video341.dll
2021-02-18 23:06 - 2021-02-18 23:06 - 000041472 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Pathplan.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 000128000 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\portaudio.dll
2021-10-02 11:56 - 2021-10-02 11:56 - 000050176 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\QtSingleApplication.dll
2021-10-02 11:55 - 2021-10-02 11:55 - 000194048 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\quazip.dll
2021-10-29 00:57 - 2021-10-29 00:57 - 000186368 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\soxr.dll
2021-10-06 16:01 - 2021-10-06 16:01 - 000086528 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\zlib.dll
2021-02-18 23:06 - 2021-02-18 23:06 - 000100352 _____ () [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\zlibwapi.dll
2021-11-08 11:55 - 2021-11-08 11:55 - 350039835 _____ () [Arquivo não assinado] C:\Users\H2 Marketing\aspecto\nvImage.dll
2021-02-12 12:13 - 2021-02-12 12:13 - 030066688 _____ (ARRI) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\ARRIRAW_SDK.dll
2021-09-14 16:02 - 2021-09-14 16:02 - 005637120 _____ (Avid Technology, Inc.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\DNxHR.dll
2021-09-14 16:02 - 2021-09-14 16:02 - 001167872 _____ (Avid Technology, Inc.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\DNxUncompressedSDK.dll
2021-10-29 00:57 - 2021-10-29 00:57 - 006949376 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\BMDAudioPlugins.dll
2021-10-29 00:57 - 2021-10-29 00:57 - 026614272 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\FairlightPage.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 003226624 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusioncontrols.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 008660992 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusionoperators.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 003526144 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusionscript.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 033285120 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusionsystem.dll
2021-10-28 21:54 - 2021-10-28 21:54 - 002413056 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\3d.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 002969600 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\alembic.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 001333760 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\dimension.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 007612416 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\fbx.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 000216064 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\fuses.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 000790528 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\opencolorio.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 000354816 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\openfx.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 000192000 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\openvr.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 000401408 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\paint.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 000801280 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\particles.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 002177536 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\text.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 000519168 _____ (Blackmagic Design Pty. Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Plugins\utilities.plugin
2021-10-28 21:54 - 2021-10-28 21:54 - 003672576 _____ (Blackmagic Design.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\fusiongraphics.dll
2021-06-01 17:45 - 2021-11-20 12:56 - 000068752 _____ (Corel Corporation -> Corel Corporation) [Arquivo não assinado] D:\CorelDRAW Graphics Suite 2021\Programs64\CrlSCI.dll
2021-09-26 23:17 - 2021-09-26 23:17 - 012641280 _____ (FFmpeg Project) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\avcodec-58.dll
2021-09-26 23:17 - 2021-09-26 23:17 - 002253824 _____ (FFmpeg Project) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\avformat-58.dll
2021-09-26 23:17 - 2021-09-26 23:17 - 000644608 _____ (FFmpeg Project) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\avutil-56.dll
2020-07-17 09:02 - 2020-07-17 09:02 - 000144896 _____ (Grass Valley K.K.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libgvcodec.dll
2021-10-02 11:56 - 2021-10-02 11:56 - 000165376 _____ (Intel) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libvpl.dll
2021-04-28 23:06 - 2021-04-28 23:06 - 001726464 _____ (Kakadu Software Pty Ltd, Australia) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\kdu_v81R.dll
2021-09-26 23:17 - 2021-09-26 23:17 - 000058539 _____ (MingW-W64 Project. All rights reserved.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libwinpthread-1.dll
2021-09-14 15:57 - 2021-09-14 15:57 - 089057280 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cublas64_11.dll
2021-09-14 15:57 - 2021-09-14 15:57 - 167523328 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cublasLt64_11.dll
2021-09-14 15:57 - 2021-09-14 15:57 - 000401408 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cudart64_110.dll
2021-09-14 16:00 - 2021-09-14 16:00 - 000222720 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\cudnn64_8.dll
2021-09-14 15:57 - 2021-09-14 15:57 - 016161792 _____ (NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\nvrtc64_110_0.dll
2021-10-02 11:56 - 2021-10-02 11:56 - 000100864 _____ (Open Source Software community LGPL) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\pthreadVC2.dll
2021-02-12 12:13 - 2021-02-12 12:13 - 001328640 _____ (Panasonic Corporation) [Arquivo não assinado] C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Libraries\avcu_enc.dll
2021-10-14 17:01 - 2021-10-14 17:01 - 003417600 _____ (RED Digital Cinema) [Arquivo não assinado] C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Libraries\REDOpenCL-x64.dll
2021-10-14 17:01 - 2021-10-14 17:01 - 003363328 _____ (RED Digital Cinema) [Arquivo não assinado] C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\Libraries\REDR3D-x64.dll
2017-02-13 14:54 - 2017-02-13 14:54 - 000132096 _____ (Seiko Epson Corporation) [Arquivo não assinado] C:\Program Files (x86)\EPSON Software\Event Manager\epnsm.dll
2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [Arquivo não assinado] C:\Program Files (x86)\EPSON Software\Event Manager\LcMgr.dll
2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [Arquivo não assinado] C:\Windows\System32\enppmon.dll
2020-07-17 09:02 - 2020-07-17 09:02 - 001191424 _____ (Sony B&P Research Labs) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\mp4decoder_dll.dll
2020-07-17 09:02 - 2020-07-17 09:02 - 002409984 _____ (Sony B&P Research Labs) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\mp4encoder_dll.dll
2021-02-12 12:13 - 2021-02-12 12:13 - 002495488 _____ (Sony Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\SMDK-VC140-x64-4_20_0.dll
2020-09-16 20:01 - 2020-09-16 20:01 - 000316928 _____ (Sony Corporation) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\SonyXAVCEncoder.dll
2021-09-14 16:01 - 2021-09-14 16:01 - 000430592 _____ (The curl library, hxxps://curl.haxx.se/) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\libcurl.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 000032256 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qgif.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 000031744 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qico.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 000414208 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qjpeg.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 000025600 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qsvg.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 000384000 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\imageformats\qtiff.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 001432576 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\platforms\qwindows.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 000026624 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Concurrent.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 006092800 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Core.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 006834688 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Gui.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 000741888 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Multimedia.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 001342976 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Network.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 000315904 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5OpenGL.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 000309760 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5PrintSupport.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 003506176 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Qml.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 000435712 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5QmlModels.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 004142080 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Quick.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 000072192 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5QuickWidgets.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 000203264 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Sql.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 000326656 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Svg.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 000128000 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5WebChannel.dll
2021-10-28 21:52 - 2021-10-28 21:52 - 102873088 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5WebEngineCore.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 000244736 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5WebEngineWidgets.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 005529600 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Widgets.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 000207872 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5Xml.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 002655232 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\Qt5XmlPatterns.dll
2021-10-28 21:53 - 2021-10-28 21:53 - 001406976 _____ (The Qt Company Ltd.) [Arquivo não assinado] C:\Program Files\Blackmagic Design\DaVinci Resolve\sqldrivers\qsqlite.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Modo de Segurança (Whitelisted) ==================

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2019-12-07 06:14 - 2021-11-18 11:21 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run32: => "AdobeCEPServiceManager"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "kissq"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-321270744-2600619408-4275616409-1001\...\StartupApproved\Run: => "CCXProcess"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{5F058B99-7701-4702-A8AF-F1E880EE4806}] => (Block) C:\windows\system32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{11F8A25C-C5D6-4B17-B78D-E85ECED2B2F1}] => (Block) C:\windows\system32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{7BB46E3C-6A23-44E4-90AA-EF26E80F1F64}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{49334AF6-92E8-464D-B5E2-A578B0F41F79}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{AB897490-4BBF-441A-95AC-7CBBAE154F06}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [{945F39AB-6B58-4C55-B823-300B78319A5E}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{C4DEBAE6-7842-4A76-A433-794E7EC4152E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [UDP Query User{5F8FB89C-318C-4FF4-AC97-4A2A47CB31DE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
FirewallRules: [TCP Query User{9F985ADD-0B8D-4677-81AA-79F714D64295}C:\program files\adobe\adobe dreamweaver 2020\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2020\node\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [UDP Query User{8732A7ED-0269-4A4A-B3CE-CD96B393AF42}C:\program files\adobe\adobe dreamweaver 2020\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver 2020\node\node.exe (Adobe Inc. -> Node.js)
FirewallRules: [{BBADF04F-6A4C-45A9-82F2-7558D0D5980A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{EFCCA196-03A9-4509-AAB9-7E3B9A5654DE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{061D548A-4932-47C6-9210-EDBD8A1A025C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8FF9D385-6FCA-4F3A-8D25-3DA1310F8A0D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CCD6ED5E-1541-43BC-959A-D2B617A6AF6F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1F12F659-C09A-4030-9337-5F90B39DB5EB}] => (Allow) LPort=1688
FirewallRules: [{BD344112-B61C-46B2-B0A9-DBC30611908D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{5903F66D-9837-4203-9B85-ABED80EC214D}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{D7802E74-09A6-4E3D-B157-96D6C2271F5E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A4831D53-21C8-431D-96F9-6BA0B36648F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{ECE7ACC5-9997-4898-8D9E-57D6FB9482FD}] => (Allow) C:\Users\H2 Marketing\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{CB2DCCF3-04EE-4902-824D-00946CFC892B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Editor Pro\Video Editor Pro.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{24EA7353-81C6-4A1B-93E8-F142CF0F62F1}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Editor Pro\Video Editor Pro.exe (Apowersoft Ltd -> Apowersoft)
FirewallRules: [{CD02637D-6329-492D-B57B-46B6D7EB9F72}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{86CE2665-8B67-491F-BCFF-BF95A18CB966}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8939D4FA-CB4F-490C-884E-C8BF8EF03F2C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3F235D51-983C-42D8-AE72-B0FFCFA97DA6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7997028C-3FA8-4752-BF23-130A386253B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D8F4BD63-BA22-46B3-8009-72BB4DB3F7AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{3A5EA41C-0712-429C-B1E4-A74D73CF733E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39A1AC8F-3231-487D-908A-CD6C59092DDE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{167F520C-DDBA-4648-BEC5-D5F1073581B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C86C33A4-6B6E-4F6B-9D3B-80E52E71CFFB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{42A53E57-7BD5-4AB7-95AE-4A9472A73109}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A253A0A3-9F43-49E0-86B9-4B2CDCACE20F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4EBB5C39-7683-4AEE-8904-863AC4F8BC88}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{34E24916-2820-4CEB-997F-6ECD09ACDBA0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{50B6D051-AD60-4C50-B251-7FDA06CCD494}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{FC173FEC-28F7-4D07-95CE-6E4BC697BDDD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{1BBBE60B-CD1B-440F-89E0-CEE2283C76D9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{8814D17D-5726-47E9-8556-0A94A77395A6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{56475DF1-4D57-4A50-959F-251D47ECE2F7}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{625E0944-DA8E-4C34-B470-6E1614DE181E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{60D5574D-DB33-4DE5-985E-A322DE629899}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{A24AA179-3508-49EE-9A75-346CC61E9AEC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6A0A8BCE-2E74-4B19-9EFC-D772334118DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{DD29C24F-E724-42E6-93FF-6880FDC4C800}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{30B233C2-56BB-495B-A0CE-9F4900B0C902}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C71D6A1B-883A-4E80-AE61-B516A14D6092}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{08CA138F-E4F7-4C56-8CAA-28A623B02AD5}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{F79F2250-AF5F-4C89-9C9F-D8F6DF451D5F}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{82EA92CC-CFE3-4619-8095-9B2CC0AE9E36}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{3A02DD68-8604-439E-823B-C177487CC177}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.53\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Pontos de Restauração =========================


==================== Dispositivos Apresentando Falhas No Gerenciador ============


==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (11/20/2021 12:56:27 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (11/20/2021 12:56:27 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/19/2021 09:22:44 PM) (Source: MsiInstaller) (EventID: 11605) (User: DESKTOP-QBNRO2F)
Description: Product: CorelDRAW Graphics Suite 2021 - Docs (x64) -- Disk full: Out of disk space -- Volume: c:; required space: 4.380 KB; available space: 0 KB.  If rollback is disabled, enough space is available. Click Cancel to quit, Retry to check available disk space again, or Ignore to continue without rollback.

Error: (11/19/2021 09:22:31 PM) (Source: MsiInstaller) (EventID: 11601) (User: DESKTOP-QBNRO2F)
Description: Product: CorelDRAW Graphics Suite 2021 - Docs (x64) -- Disk full: Out of disk space -- Volume: 'c:'; required space: 637.292 KB; available space: 0 KB.  Free some disk space and retry.

Error: (11/19/2021 09:17:36 PM) (Source: MsiInstaller) (EventID: 11601) (User: DESKTOP-QBNRO2F)
Description: Product: CorelDRAW Graphics Suite 2021 - Docs (x64) -- Disk full: Out of disk space -- Volume: 'c:'; required space: 637.292 KB; available space: 209.476 KB.  Free some disk space and retry.

Error: (11/19/2021 09:17:35 PM) (Source: MsiInstaller) (EventID: 11601) (User: DESKTOP-QBNRO2F)
Description: Product: CorelDRAW Graphics Suite 2021 - Docs (x64) -- Disk full: Out of disk space -- Volume: 'c:'; required space: 637.292 KB; available space: 214.168 KB.  Free some disk space and retry.

Error: (11/19/2021 08:21:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: CorelDRW.exe, versão: 22.1.0.517, carimbo de data/hora: 0x5ed88e0e
Nome do módulo com falha: USER32.dll, versão: 10.0.19041.1202, carimbo de data/hora: 0x032ff40c
Código de exceção: 0xc0000005
Deslocamento da falha: 0x00000000000039e4
ID do processo com falha: 0x23a4
Hora de início do aplicativo com falha: 0x01d7dd9c202160de
Caminho do aplicativo com falha: C:\Program Files\Corel\CorelDRAW Graphics Suite 2020\Programs64\CorelDRW.exe
Caminho do módulo com falha: C:\Windows\System32\USER32.dll
ID do Relatório: da946ccc-3f67-41c5-a529-a2ca2656eab0
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (11/19/2021 08:21:07 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplicativo: CorelDRW.exe
Versão do Framework: v4.0.30319
Descrição: O processo foi terminado devido a uma exceção sem tratamento.
Informações da Exceção: código da exceção c0000005, endereço da exceção 00007FFE8EAC39E4


Erros de Sistema:
=============
Error: (11/20/2021 12:53:57 PM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QBNRO2F)
Description: Não é possível iniciar o servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. O erro:
"2147942767"
Aconteceu ao iniciar este comando:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/19/2021 10:02:50 PM) (Source: volsnap) (EventID: 25) (User: )
Description: As cópias de sombra do volume C: foram excluídas porque o armazenamento de cópia de sombra não pôde ser expandido. Reduza a carga de E/S do sistema ou escolha um volume de armazenamento de cópia de sombra do qual não esteja sendo feita uma cópia de sombra.

Error: (11/19/2021 10:47:15 AM) (Source: DCOM) (EventID: 10000) (User: DESKTOP-QBNRO2F)
Description: Não é possível iniciar o servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. O erro:
"2147942767"
Aconteceu ao iniciar este comando:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Adobe Acrobat Update Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Windows Presentation Foundation Font Cache 3.0.0.0 foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Adobe Genuine Monitor Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (11/18/2021 05:59:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço EpsonCustomerResearchParticipation foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).


Windows Defender:
================
Date: 2021-11-19 20:50:29
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0
Nome: PUA:Win32/Presenoker
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_D:\CorelDRAW.Graphics.Suite2021.23.1.0.389\xfcdgs2021\xfcdgs2021.exe; file:_D:\CorelDRAW.Graphics.Suite2021.23.1.0.389\xfcdgs2021\xfvsu21.exe; file:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar; webfile:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar|https://mega.nz/|pid:3080,ProcessStart:132818383015494191
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Downloads e anexos
Usuário: DESKTOP-QBNRO2F\H2 Marketing
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.353.1258.0, AS: 1.353.1258.0, NIS: 1.353.1258.0
Versão do Mecanismo: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-19 20:50:29
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0
Nome: PUA:Win32/Presenoker
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_D:\CorelDRAW.Graphics.Suite2021.23.1.0.389\xfcdgs2021\xfvsu21.exe; file:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar; webfile:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar|https://mega.nz/|pid:3080,ProcessStart:132818383015494191
Origem da Detecção: Computador local
Tipo da Detecção: Concreto
Fonte da Detecção: Downloads e anexos
Usuário: DESKTOP-QBNRO2F\H2 Marketing
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.353.1258.0, AS: 1.353.1258.0, NIS: 1.353.1258.0
Versão do Mecanismo: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-19 20:50:04
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0
Nome: PUA:Win32/Presenoker
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar; webfile:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar|https://mega.nz/|pid:3080,ProcessStart:132818383015494191
Origem da Detecção: Internet
Tipo da Detecção: FastPath
Fonte da Detecção: Downloads e anexos
Usuário: DESKTOP-QBNRO2F\H2 Marketing
Nome do Processo: C:\Program Files\WinRAR\WinRAR.exe
Versão da Inteligência de Segurança: AV: 1.353.1258.0, AS: 1.353.1258.0, NIS: 1.353.1258.0
Versão do Mecanismo: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-19 20:32:09
Description: 
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Presenoker&threatid=242420&enterprise=0
Nome: PUA:Win32/Presenoker
Gravidade: Baixo
Categoria: Software Potencialmente Indesejado
Caminho: file:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar; webfile:_D:\Downloads\sanet.st_CorelDRAW.Graphics.Suite2021.23.1.0.389.part2.rar|https://mega.nz/|pid:3080,ProcessStart:132818383015494191
Origem da Detecção: Internet
Tipo da Detecção: FastPath
Fonte da Detecção: Downloads e anexos
Usuário: DESKTOP-QBNRO2F\H2 Marketing
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.353.1258.0, AS: 1.353.1258.0, NIS: 1.353.1258.0
Versão do Mecanismo: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-19 19:23:48
Description: 
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {F7833426-98BA-49A5-83B1-267AC09CEFE4}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

==================== Informações da Memória =========================== 

BIOS: American Megatrends Inc. V18.3 03/14/2013
placa-mãe: MSI H61M-E22/W8 (MS-7788)
Processador: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz
Percentagem de memória em uso: 74%
RAM física total: 8077.4 MB
RAM física disponível: 2060.45 MB
Virtual Total: 9357.4 MB
Virtual disponível: 1901.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.14 GB) (Free:12.53 GB) NTFS
Drive d: (Backup) (Fixed) (Total:931.51 GB) (Free:433.84 GB) NTFS
Drive e: (CGS2021_PGRM) (CDROM) (Total:1.5 GB) (Free:0 GB) CDFS

\\?\Volume{721dd1d2-5d13-4307-9ddd-9728d358a588}\ () (Fixed) (Total:0.53 GB) (Free:0.08 GB) NTFS
\\?\Volume{b129e0fd-d3b4-42da-8aa3-6144f94303c5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 20A36536)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt =======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Tarde! astronautalouco /!\

 

> Sua máquina ainda apresenta problemas?
>
> Copie estas informações que estão no Spoiler,para o Bloco de Notas. (Mostrar conteúdo oculto)

 

7n1UbBWO_t.jpg

 

> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as ao desktop! ( Área de trabalho ... )

 

 

start::
CloseProcesses:
Virustotal: C:\Users\H2 Marketing\AppData\Roaming\Master_x64.dll.vbs

2021-11-18 11:23 - 2021-11-18 11:23 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Roaming\aa.tmp
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
Task: {05BB98F6-5DAA-431C-94E0-E935ED13B3A3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET)
Task: {B46C3407-D1EE-4DC3-AF67-084EF87D492D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET)
Task: {E60594CE-945E-411F-9556-95CC68BE373D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
StartPowershell:
DISM /Online /Cleanup-image /Restorehealth
EndPowershell:
CMD: ipconfig /flushdns
EmptyTemp:
Reboot:
end::

 

IsRtnte.jpg

 

> Esteja conectado e abra FRST.exe >> Clique "Corrigir" << Aguarde! 
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool". (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

 

< Este script foi elaborado exclusivamente para este computador. Portanto, peço aos visitantes que não o utilize em outras "máquinas". >

 

[]s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá DigRam boa tarde, segue o log:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-11-2021
Executado por H2 Marketing (22-11-2021 11:34:28) Run:2
Executando a partir de C:\Users\H2 Marketing\Desktop
Perfis Carregados: H2 Marketing
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CloseProcesses:
Virustotal: C:\Users\H2 Marketing\AppData\Roaming\Master_x64.dll.vbs
2021-11-18 11:23 - 2021-11-18 11:23 - 000000000 _____ () C:\Users\H2 Marketing\AppData\Roaming\aa.tmp
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
Task: {05BB98F6-5DAA-431C-94E0-E935ED13B3A3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET)
Task: {B46C3407-D1EE-4DC3-AF67-084EF87D492D} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\H2 Marketing\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-11-17] (ESET, spol. s r.o. -> ESET)
Task: {E60594CE-945E-411F-9556-95CC68BE373D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
StartPowershell:
DISM /Online /Cleanup-image /Restorehealth
EndPowershell:
CMD: ipconfig /flushdns
EmptyTemp:
Reboot:

*****************

Processos fechados com sucesso.
VirusTotal: C:\Users\H2 Marketing\AppData\Roaming\Master_x64.dll.vbs => (3) Erro
C:\Users\H2 Marketing\AppData\Roaming\aa.tmp => movido com sucesso
C:\ProgramData\NTUSER.pol => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{05BB98F6-5DAA-431C-94E0-E935ED13B3A3}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05BB98F6-5DAA-431C-94E0-E935ED13B3A3}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B46C3407-D1EE-4DC3-AF67-084EF87D492D}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B46C3407-D1EE-4DC3-AF67-084EF87D492D}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E60594CE-945E-411F-9556-95CC68BE373D}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E60594CE-945E-411F-9556-95CC68BE373D}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso

========= Powershell: =========


Ferramenta de Gerenciamento e Manutenção de Imagens de Implantação
Versão: 10.0.19041.844

Versão da Imagem: 10.0.19043.1348


[==                         3.8%                           ] 

[==                         4.1%                           ] 

[==                         4.8%                           ] 

[===                        5.7%                           ] 

[===                        6.3%                           ] 

[====                       7.3%                           ] 

[====                       8.3%                           ] 

[=====                      8.8%                           ] 

[=====                      9.8%                           ] 

[======                     10.8%                          ] 

[======                     11.6%                          ] 

[======                     12.0%                          ] 

[=======                    13.0%                          ] 

[========                   14.0%                          ] 

[========                   14.9%                          ] 

[=========                  15.9%                          ] 

[=========                  16.9%                          ] 

[==========                 17.9%                          ] 

[==========                 18.9%                          ] 

[===========                19.8%                          ] 

[============               20.8%                          ] 

[============               21.7%                          ] 

[=============              22.7%                          ] 

[=============              23.7%                          ] 

[==============             24.2%                          ] 

[==============             24.8%                          ] 

[==============             25.3%                          ] 

[==============             25.7%                          ] 

[===============            25.9%                          ] 

[===============            26.0%                          ] 

[===============            26.9%                          ] 

[================           27.9%                          ] 

[================           28.9%                          ] 

[=================          29.9%                          ] 

[=================          30.9%                          ] 

[==================         31.6%                          ] 

[==================         32.6%                          ] 

[===================        33.5%                          ] 

[===================        33.9%                          ] 

[===================        34.0%                          ] 

[===================        34.4%                          ] 

[====================       35.2%                          ] 

[====================       36.0%                          ] 

[=====================      37.0%                          ] 

[=====================      37.1%                          ] 

[=====================      37.5%                          ] 

[=====================      37.9%                          ] 

[======================     38.1%                          ] 

[======================     38.3%                          ] 

[======================     38.5%                          ] 

[======================     38.9%                          ] 

[======================     39.3%                          ] 

[======================     39.5%                          ] 

[======================     39.5%                          ] 

[=======================    40.1%                          ] 

[=======================    40.5%                          ] 

[=======================    41.0%                          ] 

[========================   41.7%                          ] 

[========================   42.4%                          ] 

[=========================  43.2%                          ] 

[=========================  43.8%                          ] 

[=========================  44.2%                          ] 

[=========================  44.5%                          ] 

[========================== 45.1%                          ] 

[========================== 45.8%                          ] 

[===========================46.8%                          ] 

[===========================47.5%                          ] 

[===========================48.5%                          ] 

[===========================49.4%                          ] 

[===========================50.4%                          ] 

[===========================51.4%                          ] 

[===========================52.4%                          ] 

[===========================53.0%                          ] 

[===========================53.1%                          ] 

[===========================53.1%                          ] 

[===========================53.1%                          ] 

[===========================53.1%                          ] 

[===========================53.2%                          ] 

[===========================53.2%                          ] 

[===========================53.3%                          ] 

[===========================53.3%                          ] 

[===========================53.4%                          ] 

[===========================53.4%                          ] 

[===========================53.4%                          ] 

[===========================53.4%                          ] 

[===========================53.5%                          ] 

[===========================53.6%                          ] 

[===========================53.7%                          ] 

[===========================53.7%                          ] 

[===========================53.7%                          ] 

[===========================53.7%                          ] 

[===========================53.8%                          ] 

[===========================53.9%                          ] 

[===========================53.9%                          ] 

[===========================54.0%                          ] 

[===========================54.0%                          ] 

[===========================54.0%                          ] 

[===========================54.0%                          ] 

[===========================54.0%                          ] 

[===========================54.0%                          ] 

[===========================54.1%                          ] 

[===========================54.1%                          ] 

[===========================54.2%                          ] 

[===========================54.3%                          ] 

[===========================54.3%                          ] 

[===========================54.3%                          ] 

[===========================54.3%                          ] 

[===========================54.4%                          ] 

[===========================54.5%                          ] 

[===========================54.6%                          ] 

[===========================54.6%                          ] 

[===========================54.7%                          ] 

[===========================54.7%                          ] 

[===========================54.9%                          ] 

[===========================54.9%                          ] 

[===========================54.9%                          ] 

[===========================55.9%                          ] 

[===========================56.4%                          ] 

[===========================57.1%=                         ] 

[===========================58.0%=                         ] 

[===========================59.0%==                        ] 

[===========================60.0%==                        ] 

[===========================60.0%==                        ] 

[===========================62.3%====                      ] 

[===========================84.9%=================         ] 

[==========================100.0%==========================] 
Operação de restauração concluída com êxito.
A operação foi concluída com êxito.

========= Fim de Powershell: =========


========= ipconfig /flushdns =========


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10714704 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 527800 B
Edge => 0 B
Chrome => 325791747 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
H2 Marketing => 19184957 B

RecycleBin => 101048 B
EmptyTemp: => 341.3 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 11:38:11 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Noite! astronautalouco /!\

 

> Baixe: < KVRT.exe >
> Execute a ferramenta.

 

16t3S2K2_t.jpg

 

> Marque as seguintes opções de varredura.

 

grGyOqir_t.jpg

 

> Indo em "Change parameters"...
> Dê início clicando em "Start scan" e aguarde por algumas horas sua finalização.
> Poste o relatório,acessando "Report".

 

[]s

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Tarde! astronautalouco /!\

 

kxdj4Lhw_t.jpg

 

A ferramenta detectou e removeu estes 13 ítens maliciosos,onde alguns já estavam quarentenados.

Nada potencialmente PERIGOSO,que poderia ter travado sua máquina....

Pelo visto,algum problema de hardware ou memória está ocorrendo com seu PC

 

> Baixe: < KpRm > ( ...by Kernel-panik )

 

QXKihdBk_o.jpg

 

> Estando na página,clique Download e salve-o ao desktop como local de destino.

 

iF8Kyk0w_o.jpg

 

> Na tela,marque:

 

Apagar ferramentas
Deletar pontos de restauração
Criar um ponto de restauração

 

> Eliminar quarentenas: Eliminar agora

 

> Clique Executar e aguarde!

 

UzSZYPQ6_o.jpg

 

> Ao finalizar,clique OK!

> Verifique se os travamentos permanecem!

 

[]s

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa tarde DigRam,

 

Ok, fiz conforme orientação, vou aguardar hoje e amanhã, pra ver se ocorre o erro que originou o post!

 

Se tudo tiver ok eu dou um salve aqui.

 

Obrigado pela dedicação e presteza até aqui! Vlw:thumbsup:

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Tarde! astronautalouco /!\

 

Se os travamentos estiverem ligados aos picos de consumo na memória...

Recomendo o uso do CleanMem Mini Monitor Free.

 

http://www.pcwintech.com/cleanmem << Link!

 

Procure manter as indicações até 50% (verde). ( O mínimo possível! )

Em 70% ficará em vermelho,indicando alto consumo da memória por algum processo inadequado ao sistema.

 

[]s

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso Resolvido!

 

icon-livro.png

 

Para sua Segurança!

Leia as dicas ou orientações contidas na Cartilha de Segurança para Internet.

 

Caso Resolvido!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

  • Conteúdo Similar

    • Por André Severino
      Olá boa tarde a todos,
       
      No ano passado (jun/21) a Anatel publicou uma nota dizendo que alguns analistas encontraram um malware em um aparelho IPTV, o aparelho em questão é o HTV.
       
      Em abril/21 eu comprei um de presente para meus pais e recentemente troquei meu roteador e ele começou a bloquear o aparelho porque ele está fazendo ataques DDOS de dentro da rede. (foi quando descobri esse artigo da anatel)
       
      Atualmente deixei o aparelho um roteador exclusivo para ele com outra faixa de IP na rede, para tentar evitar a captura dos dados do roteador principal, será que isso é suficiente ou não tem nada haver? 
       
      Enfim alguém sabe como faço para descobrir essa porta que ele usa ? Como posso bloquear isso ?
       
      Obs.: não sou a favor da pirataria muito pelo contrário, mas meu pai já usava um aparelho via satélite com o uso de duas antenas, só melhorei o equipamento dele por gratidão :D 
    • Por magalhaesrj
      O Meu Antivirus detecta o virus mais não consegue remove-lo.
      Gostaria de ajuda para conseguir reover o vírus
      obrigado
    • Por kelly Borges
      meu pc esta com virus e nao funciona nada, abre varias paginas e e o meu pc de trabalho, por favor me ajudem, ficarei imensamene agradecida
    • Por LEANDRO BORGES SILVA'
      o meu computador esta abrindo varias janelas e digitando sozinho como se fosse altomatico. abre varias abas de internet e pastas
    • Por manoaj
      Boa noite pessoal!
      Alguém ai entente dos checkouts do Mercado Pago pra me explicar como eu obtenho os dados da preferência criada através da url disponível na API
      https://api.mercadopago.com/checkout/preferences/:id?access_token=ACCESS_TOKEN_ENV  
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.