Pishing Invasor

por pamonha Qua 16 Jun 2021, 21:29

Tenho muito receio de que seja um espião! Teima em me alertar sobre impressora HP. Invade ininterruptamente minha navegação, transparecendo ser também alguma sobra de aplicativos que desinstalei. Peço sua valiosa ajuda.

por **joram** Qua 16 Jun 2021, 22:07

/!\ Boa Noite! pamonha /!\

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> ( ... by Farbar )

> Para sistemas 32 bit!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (64 bit)

> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Poste os relatórios! (FRST.txt + Addition.txt)
>
> Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >

[A+]

por pamonha Sáb 19 Jun 2021, 20:58

Boa noite, Joram !

Envio-lhe o relatório;

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

por **joram** Sáb 19 Jun 2021, 21:07

/!\ Boa Noite! pamonha /!\

Os relatórios não foram postados.
Vc postou somente o link a cjoint.com.

[]s

por pamonha Seg 21 Jun 2021, 22:41

Boa Noite, Joram...!

Desculpe, amigo ! Ainda muito leigo...! Encaminhei-o para o CJoint.

por **joram** Seg 21 Jun 2021, 22:54

/!\ Boa Noite! pamonha /!\

Ainda nada dos relatórios...

Poste-os diretamente em seu Post.

[]s

por pamonha Ter 22 Jun 2021, 16:51

Boa tarde, Joram !

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20-06-2021
Executado por Haroldo (administrador) em DESKTOP-JEDS5A5 (Acer Aspire 5820T) (21-06-2021 21:17:27)
Executando a partir de C:\Users\Haroldo\Downloads
Perfis Carregados: defaultuser0 & Haroldo
Platform: Windows 10 Pro Versão 2004 19041.1052 (X64) Idioma: Português (Brasil)
Navegador padrão: IE
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(DEVGURU Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe
(Hewlett Packard -> Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting) C:\Program Files (x86)\VPNMaster\master_vpn-service.exe
(INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting) C:\Program Files (x86)\VPNMaster\VPNMaster.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) C:\Program Files\Diebold\Warsaw\core.exe <2>
(RealNetworks, Inc. -> ) C:\Program Files (x86)\Real\RealPlayer\downloader2.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\recordingmanager.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\rpbgdownloader.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(RealNetworks, Inc. -> RealNetworks, Inc.) C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [413000 2019-07-10] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
HKLM-x32\...\Run: [VPNMaster] => C:\Program Files (x86)\VPNMaster\Startup.exe [493040 2021-05-31] (INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [353832 2021-06-19] (RealNetworks, Inc. -> RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => c:\program files (x86)\real\realplayer\downloader2.exe [1193512 2021-06-19] (RealNetworks, Inc. -> )
HKU\S-1-5-21-865912419-3386349657-2234709077-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [34508416 2021-06-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-865912419-3386349657-2234709077-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\hpfpp101: C:\Windows\System32\spool\prtprocs\x64\hpfpp101.dll [254464 2009-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\hpf3l101.dll: C:\WINDOWS\system32\hpf3l101.dll [138752 2009-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [46080 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-11] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-05-26]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2021-06-19]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc. -> RealNetworks, Inc.)
Startup: C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe [2011-04-29] (Hewlett Packard -> Hewlett-Packard Co.)

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {05C3942F-87E4-4F7C-840F-34F79572BC59} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {1C6C3600-6E5D-4259-A7E3-F4B3CA46E86F} - System32\Tasks\googleupdatetaskmachinecore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-16] (Google Inc -> Google Inc.)
Task: {30CDC859-668F-4C50-A031-D1FD809F95AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {3129d6a0-6b71-4464-bafb-1b645407dba3} - não caminho do arquivo
Task: {37D3D01B-579C-48A2-A20A-BB44C45F559F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {440509A9-52FF-455B-A16B-2BE9C30DAB4C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-865912419-3386349657-2234709077-1001 => c:\program files (x86)\real\realplayer\realupgrade.exe [136232 2021-06-19] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {48BBD3F4-6438-4DD4-8953-5A2E1C066B04} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {576C1B1D-D990-4752-B6A4-57F1401A31D0} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-16] (Google Inc -> Google Inc.)
Task: {6447dcb1-5513-4466-b4fd-cb626a05beb4} - não caminho do arquivo
Task: {659DB370-7315-44BF-B0E7-C5BCF5778329} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {75998452-05FC-46BC-9640-D831EED36CDD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28880512 2021-06-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7F85DF16-4BFF-4976-BDD6-B0A03724BA0A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-06-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {82354D5B-76F8-400D-925D-382EBB6F6E28} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-16] (Piriform Software Ltd -> Piriform)
Task: {8C38A57E-B703-46C6-98B8-67872758A50A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
Task: {B08EDAFF-2FB8-466C-BAEE-70E44F6F9A32} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {B37F48E2-8100-4382-9808-9F03AD9BDF69} - System32\Tasks\realdownloader update check => c:\program files (x86)\real\RealDownloader\downloader2.exe [1271080 2019-05-24] (RealNetworks, Inc. -> )
Task: {B54D46B6-F4B6-4E5E-8694-CA588D1DC4A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BE0D13FC-76AE-4869-846D-EAA23804FCC5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: {D209E83E-6F10-4099-B888-B9B7F2972A6D} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {D78E0FCB-8A95-436A-85EF-289DF37FD729} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MpCmdRun.exe [595288 2021-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DF2A3D9F-EF91-49E6-80BA-6872400CF9CE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {FE2A5A22-534C-4F35-B760-3A8979F4F904} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-865912419-3386349657-2234709077-1001 => c:\program files (x86)\real\realplayer\realupgrade.exe [136232 2021-06-19] (RealNetworks, Inc. -> RealNetworks, Inc.)
Task: {FF285AE0-8547-4A23-96EE-208513F19E35} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{44d745f9-2958-496b-87a6-23ab502980f2}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{61b9137e-59c5-4569-992b-2811b051f414}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{7a95d55c-edbc-4e4e-a108-ca74ca92f484}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{9fef04ee-0cad-4166-85cd-a4c8dea25c77}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Edge:
=======
Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)]
Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)]
Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)]
Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)]
Edge Profile: C:\Users\Haroldo\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-18]

FireFox:
========
FF DefaultProfile: 1bxa6027.default-1496061531795
FF ProfilePath: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\1bxa6027.default-1496061531795 [2021-06-21]
FF NetworkProxy: Mozilla\Firefox\Profiles\1bxa6027.default-1496061531795 -> type", 0
FF Notifications: Mozilla\Firefox\Profiles\1bxa6027.default-1496061531795 -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF ProfilePath: C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ohkjoxqt.default-1495895753317 [2021-06-19]
FF user.js: detected! => C:\Users\Haroldo\AppData\Roaming\Mozilla\Firefox\Profiles\ohkjoxqt.default-1495895753317\user.js [2017-05-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-07] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-07] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-04-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-04-25] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=20.0.4.306 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2021-06-19] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=20.0.4.306 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2021-06-19] (RealNetworks, Inc. -> RealPlayer)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2021-06-19]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default [2021-06-18]
CHR Extension: (Apresentações) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-01]
CHR Extension: (Adobe Acrobat) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-03-24]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-13]
CHR Profile: C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Profile 1 [2021-06-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-22]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\Haroldo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

Opera:
=======
OPR Profile: C:\Users\Haroldo\AppData\Roaming\Opera Software\Opera Stable [2021-06-18]
OPR DefaultSuggestURL: Opera Stable -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
OPR Extension: (360 Internet Protection) - C:\Users\Haroldo\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2021-02-16]
OPR Extension: (Rich Hints Agent) - C:\Users\Haroldo\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-02-16]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S4 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-06-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation)
S3 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-07-17] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [631520 2017-08-02] (GAS INFORMATICA LTDA -> GAS Tecnologia)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-10] (HP Inc. -> HP Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [Arquivo não assinado]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-11] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [1101056 2021-03-25] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
S3 QHProtected; C:\Program Files (x86)\360\Total Security\safemon\WscReg.exe [3097592 2020-08-13] (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe [38856 2021-05-25] (RealNetworks, Inc. -> RealNetworks, Inc.)
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [991176 2021-06-19] (RealNetworks, Inc. -> RealNetworks, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2019-09-23] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [780328 2019-09-23] (DEVGURU Co., Ltd. -> DEVGURU Co., LTD.)
R2 VPNProxyMasterService; C:\Program Files (x86)\VPNMaster\master_vpn-service.exe [661488 2021-05-31] (INNOVATIVE CONNECTING PTE. LIMITED -> Innovative Connecting)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1141648 2020-08-10] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\NisSrv.exe [2599328 2021-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MsMpEng.exe [128376 2021-05-18] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R1 360AntiHacker; C:\WINDOWS\System32\Drivers\360AntiHacker64.sys [197960 2020-12-14] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S3 360AvFlt; C:\WINDOWS\System32\DRIVERS\360AvFlt.sys [95232 2017-05-17] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
R1 360Box64; C:\WINDOWS\System32\DRIVERS\360Box64.sys [344904 2021-01-18] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R1 360Camera; C:\WINDOWS\System32\Drivers\360Camera64.sys [58200 2020-12-14] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S1 360CondrvFix; C:\WINDOWS\system32\DRIVERS\360CondrvFix.sys [39752 2021-01-19] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S0 360elam64; C:\WINDOWS\System32\DRIVERS\360elam64.sys [17192 2019-01-07] (Microsoft Windows Early Launch Anti-malware Publisher -> 360.cn)
R1 360FsFlt; C:\WINDOWS\System32\DRIVERS\360FsFlt.sys [489800 2020-12-17] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R1 360netmon; C:\WINDOWS\System32\DRIVERS\360netmon.sys [96424 2017-12-15] (Qihoo 360 Software (Beijing) Company Limited -> 360.cn)
S3 aftap0901; C:\WINDOWS\System32\drivers\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project)
R1 BAPIDRV; C:\WINDOWS\System32\DRIVERS\BAPIDRV64.sys [229176 2020-12-14] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]
S1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2020-09-10] (GAS INFORMATICA LTDA -> GAS Tecnologia)
R0 gbpddreg; C:\WINDOWS\System32\drivers\gbpddreg64.sys [29816 2017-07-12] (GAS INFORMATICA LTDA -> GAS Tecnologia)
S3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2017-08-02] (GAS INFORMATICA LTDA -> GAS Tecnologia)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [214496 2020-06-15] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-11] (Malwarebytes Inc -> Malwarebytes)
S3 scsiscan; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [21504 2020-10-14] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2021-05-24] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2017-08-02] (GAS INFORMATICA LTDA -> GAS Tecnologia LTDA)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-05-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [421112 2021-05-18] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [73960 2021-05-18] (Microsoft Windows -> Microsoft Corporation)
R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [47800 2021-06-19] (Gas Informatica Ltda -> GAS Tecnologia)
R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [61456 2020-08-11] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [44728 2019-04-15] (Gas Informatica Ltda -> GAS Tecnologia)
R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [43528 2020-07-23] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
U3 avgbdisk; não ImagePath

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-06-21 21:17 - 2021-06-21 21:17 - 000000000 ____D C:\Users\Haroldo\Downloads\FRST-OlderVersion
2021-06-21 21:11 - 2020-09-29 10:02 - 000000000 _____ C:\Users\Haroldo\Desktop\TryLock2019 - Copia.txt
2021-06-20 00:54 - 2021-06-20 00:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-20 00:45 - 2021-06-20 00:51 - 000003592 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-865912419-3386349657-2234709077-1001
2021-06-20 00:45 - 2021-06-20 00:51 - 000003530 _____ C:\WINDOWS\system32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-865912419-3386349657-2234709077-1001
2021-06-19 23:59 - 2021-06-19 23:59 - 000208424 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000001277 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2021-06-19 23:58 - 2021-06-19 23:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2021-06-19 23:58 - 2021-06-19 23:58 - 000286248 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2021-06-19 23:41 - 2021-06-19 23:57 - 000020067 _____ C:\WINDOWS\SysWOW64\rsslogs.20210619234025
2021-06-19 20:34 - 2021-06-19 20:41 - 000054505 _____ C:\Users\Haroldo\Downloads\Addition.txt
2021-06-19 20:24 - 2021-06-21 21:20 - 000027071 _____ C:\Users\Haroldo\Downloads\FRST.txt
2021-06-19 20:20 - 2021-06-21 21:17 - 002300416 _____ (Farbar) C:\Users\Haroldo\Downloads\FRST64(1).exe
2021-06-19 19:10 - 2021-06-19 20:32 - 000315685 _____ C:\WINDOWS\SysWOW64\rsslogs.20210619190959
2021-06-18 19:10 - 2021-06-19 19:09 - 001702584 _____ C:\WINDOWS\SysWOW64\rsslogs.20210618190959
2021-06-17 19:10 - 2021-06-18 19:09 - 001700663 _____ C:\WINDOWS\SysWOW64\rsslogs.20210617190958
2021-06-16 23:45 - 2021-06-17 19:09 - 001375251 _____ C:\WINDOWS\SysWOW64\rsslogs.20210616234417
2021-06-16 19:10 - 2021-06-16 23:42 - 000322204 _____ C:\WINDOWS\SysWOW64\rsslogs.20210616190957
2021-06-15 22:36 - 2021-06-15 22:36 - 000065804 _____ C:\Users\Haroldo\Downloads\OLPDF_379_1623807393_result.pdf
2021-06-15 19:10 - 2021-06-16 19:09 - 001699241 _____ C:\WINDOWS\SysWOW64\rsslogs.20210615190956
2021-06-14 19:10 - 2021-06-15 19:09 - 001699431 _____ C:\WINDOWS\SysWOW64\rsslogs.20210614190955
2021-06-14 01:10 - 2021-06-14 01:10 - 000000000 ____D C:\Users\Haroldo\AppData\Local\turbovpn
2021-06-14 01:06 - 2021-06-19 23:40 - 000000000 ____D C:\Program Files (x86)\VPNMaster
2021-06-14 01:06 - 2021-06-14 01:06 - 000001084 _____ C:\Users\Haroldo\Desktop\VPN Proxy Master.lnk
2021-06-14 01:06 - 2021-06-14 01:06 - 000000000 ____D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VPNMaster
2021-06-13 19:10 - 2021-06-14 19:09 - 001699213 _____ C:\WINDOWS\SysWOW64\rsslogs.20210613190954
2021-06-11 19:22 - 2021-06-11 19:22 - 000000000 ____D C:\Users\Haroldo\AppData\Local\mbam
2021-06-11 19:21 - 2021-06-11 19:21 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-06-11 19:21 - 2021-06-11 19:21 - 000001981 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-06-11 19:21 - 2021-01-18 20:46 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-06-11 19:18 - 2021-06-11 19:18 - 002080712 _____ (Malwarebytes) C:\Users\Haroldo\Downloads\ (2).exe
2021-06-11 19:17 - 2021-06-11 19:17 - 002080712 _____ (Malwarebytes) C:\Users\Haroldo\Downloads\ (1).exe
2021-06-11 15:11 - 2021-06-11 15:11 - 000000000 ____D C:\Users\Haroldo\AppData\Local\MicrosoftEdge
2021-06-10 23:35 - 2021-06-10 23:35 - 000002525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-06-10 23:35 - 2021-06-10 23:35 - 000002490 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-06-10 23:35 - 2021-06-10 23:35 - 000002474 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-06-10 23:35 - 2021-06-10 23:35 - 000002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-06-10 23:35 - 2021-06-10 23:35 - 000002461 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-06-10 23:35 - 2021-06-10 23:35 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-06-10 23:35 - 2021-06-10 23:35 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-06-10 23:35 - 2021-06-10 23:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office
2021-06-09 20:16 - 2021-06-09 20:16 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-09 20:16 - 2021-06-09 20:16 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-09 20:13 - 2021-06-09 20:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-09 20:13 - 2021-06-09 20:13 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-09 20:12 - 2021-06-09 20:12 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-09 20:12 - 2021-06-09 20:12 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-09 20:12 - 2021-06-09 20:12 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-09 20:12 - 2021-06-09 20:12 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-09 20:11 - 2021-06-09 20:11 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-09 20:11 - 2021-06-09 20:11 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-09 20:10 - 2021-06-09 20:10 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-09 20:10 - 2021-06-09 20:10 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-09 20:10 - 2021-06-09 20:10 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-09 20:10 - 2021-06-09 20:10 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-09 20:09 - 2021-06-09 20:09 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-09 20:09 - 2021-06-09 20:09 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-09 20:09 - 2021-06-09 20:09 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-09 20:08 - 2021-06-09 20:08 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-05-31 16:38 - 2021-05-31 16:38 - 000395596 _____ C:\Users\Haroldo\Documents\06578560610-IRPF-2021-2020-origi-imagem-declaracao.pdf
2021-05-28 16:58 - 2021-05-28 16:58 - 000003618 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-05-28 16:58 - 2021-05-28 16:58 - 000003524 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7109a40c385f9
2021-05-26 19:53 - 2021-05-26 19:53 - 000001765 _____ C:\Users\Public\Desktop\IRPF2021 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
2021-05-26 19:53 - 2021-05-26 19:53 - 000000000 ____D C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2021
2021-05-26 19:53 - 2021-05-26 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2021
2021-05-26 12:28 - 2021-05-26 13:18 - 190635504 _____ (Foxit Software Inc. ) C:\Users\Haroldo\Downloads\FoxitPDFReader110_L10N_Setup_Prom.exe
2021-05-26 12:18 - 2021-05-26 12:18 - 003311381 _____ C:\Users\Haroldo\Downloads\pr-irpf-2021-v-1-0-2021-02-25(4).pdf
2021-05-26 12:18 - 2021-05-26 12:18 - 003311381 _____ C:\Users\Haroldo\Downloads\pr-irpf-2021-v-1-0-2021-02-25(3).pdf
2021-05-26 12:18 - 2021-05-26 12:18 - 003311381 _____ C:\Users\Haroldo\Downloads\pr-irpf-2021-v-1-0-2021-02-25(2).pdf
2021-05-26 12:18 - 2021-05-26 12:18 - 003311381 _____ C:\Users\Haroldo\Downloads\pr-irpf-2021-v-1-0-2021-02-25(1).pdf
2021-05-26 12:17 - 2021-05-26 12:18 - 003311381 _____ C:\Users\Haroldo\Downloads\pr-irpf-2021-v-1-0-2021-02-25.pdf
2021-05-25 18:08 - 2021-05-25 18:08 - 000006244 _____ C:\Users\Haroldo\Downloads\comprovante.html
2021-05-24 22:56 - 2021-05-24 22:56 - 000039920 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\tap0901.sys
2021-05-24 11:09 - 2021-05-24 11:09 - 000041421 _____ C:\Users\Haroldo\Downloads\servicosDetran(1).pdf

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-06-21 21:19 - 2018-05-15 17:06 - 000000000 ____D C:\FRST
2021-06-21 21:14 - 2020-10-19 23:07 - 000000000 ____D C:\Users\Haroldo\Documents\Minhas digitalizações
2021-06-21 21:04 - 2017-05-25 18:44 - 000000000 __SHD C:\ProgramData\360Quarant
2021-06-21 21:03 - 2020-10-14 05:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-21 21:02 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-21 17:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-21 12:00 - 2017-05-25 18:19 - 000000000 ____D C:\Users\Haroldo\AppData\LocalLow\360WD
2021-06-21 09:58 - 2018-06-05 12:55 - 000000000 ____D C:\Program Files\CCleaner
2021-06-21 08:14 - 2020-10-14 08:13 - 000004186 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{EA1DF8A8-5435-4215-B0F8-F256BA4E5088}
2021-06-21 00:09 - 2017-05-25 18:18 - 000000000 ____D C:\ProgramData\360safe
2021-06-20 13:37 - 2018-09-19 18:15 - 000000000 ____D C:\Users\Haroldo\AppData\Local\CrashDumps
2021-06-20 07:07 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-20 01:18 - 2017-09-15 03:20 - 000000000 ____D C:\Users\Haroldo\.cache
2021-06-20 00:55 - 2019-02-05 14:27 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-20 00:54 - 2020-09-24 12:22 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-20 00:54 - 2017-05-26 05:34 - 000000000 ____D C:\Users\Haroldo\AppData\LocalLow\Mozilla
2021-06-20 00:54 - 2017-05-26 05:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-20 00:54 - 2017-05-25 18:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-06-20 00:51 - 2017-05-26 06:14 - 000000000 ____D C:\Users\Haroldo\AppData\Roaming\Real
2021-06-20 00:45 - 2017-05-26 06:12 - 000000000 ____D C:\ProgramData\Real
2021-06-19 23:59 - 2017-05-26 06:25 - 000000000 ____D C:\Program Files (x86)\Real
2021-06-19 23:57 - 2017-05-26 06:25 - 000361512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2021-06-19 23:57 - 2017-05-26 06:14 - 000513064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2021-06-19 23:41 - 2019-05-10 22:04 - 000000447 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2021-06-19 23:40 - 2020-10-13 01:13 - 000000000 ___DC C:\WINDOWS\Panther
2021-06-19 23:40 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-19 23:40 - 2019-04-23 13:21 - 000047800 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys
2021-06-19 23:39 - 2020-10-14 08:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-19 23:39 - 2020-10-14 05:55 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2021-06-19 23:37 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-06-19 23:35 - 2020-10-14 08:13 - 000003542 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-06-19 12:10 - 2017-06-10 08:49 - 000000000 ____D C:\Users\Haroldo\AppData\Roaming\vlc
2021-06-18 16:50 - 2017-05-26 14:39 - 000000000 ____D C:\Program Files (x86)\HP
2021-06-18 16:46 - 2017-05-26 14:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2021-06-18 09:58 - 2020-10-14 08:13 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-06-15 22:43 - 2017-05-26 06:44 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-14 01:05 - 2020-07-04 12:56 - 000000000 ____D C:\Users\Haroldo\Downloads\TS Recommended Apps
2021-06-14 00:53 - 2017-05-26 05:40 - 000000000 ____D C:\ProgramData\Temp
2021-06-11 23:38 - 2018-09-19 17:34 - 000002376 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2021-06-11 19:21 - 2020-06-12 23:54 - 000001993 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-06-11 19:21 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-11 19:20 - 2019-10-06 04:04 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-06-11 16:17 - 2020-10-14 06:21 - 001821244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-11 16:17 - 2019-12-07 11:53 - 000785862 _____ C:\WINDOWS\system32\prfh0416.dat
2021-06-11 16:17 - 2019-12-07 11:53 - 000157944 _____ C:\WINDOWS\system32\prfc0416.dat
2021-06-10 23:33 - 2017-05-25 18:20 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-06-09 21:55 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-09 21:47 - 2020-10-14 05:56 - 000455048 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-09 21:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-09 21:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-09 21:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-06-09 21:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-09 21:39 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-09 21:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-09 20:35 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-09 18:46 - 2020-10-13 00:36 - 000000000 ___HD C:\$WinREAgent
2021-06-09 18:40 - 2017-05-26 08:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 18:33 - 2017-05-26 08:37 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-09 18:32 - 2017-05-25 18:23 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-06-09 18:28 - 2016-07-16 08:47 - 000000265 _____ C:\WINDOWS\win.ini
2021-06-02 07:04 - 2020-10-01 14:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-05-31 17:20 - 2019-04-30 00:47 - 000000000 ____D C:\Users\Haroldo\.receitanet
2021-05-31 16:49 - 2020-06-29 19:33 - 000000000 ____D C:\Users\Haroldo\.irpf
2021-05-28 16:50 - 2020-10-14 06:06 - 000000000 ____D C:\Users\Haroldo
2021-05-26 22:41 - 2018-06-05 14:26 - 000001260 _____ C:\Users\Haroldo\Desktop\Revo Uninstaller.lnk
2021-05-26 19:53 - 2020-06-29 19:20 - 000000000 ____D C:\Arquivos de Programas RFB
2021-05-26 19:53 - 2019-04-25 17:23 - 000000000 ___HD C:\Program Files (x86)\InstallJammer Registry
2021-05-25 07:48 - 2020-10-01 14:06 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-05-25 07:48 - 2020-10-01 14:06 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-05-24 00:20 - 2017-05-25 18:17 - 000000000 _RSHD C:\360SANDBOX

==================== Arquivos na raiz de alguns diretórios ========

2021-01-22 01:10 - 2021-01-22 01:10 - 000003584 _____ () C:\Users\Haroldo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-10-14 11:55 - 2020-10-14 12:02 - 000007597 _____ () C:\Users\Haroldo\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

por **joram** Ter 22 Jun 2021, 17:54

/!\ Boa Tarde! pamonha /!\

Faltou postar o log Addition.txt, pois sem ele o script fica incompleto.

[]s

por pamonha Sáb 26 Jun 2021, 17:50

Boa tarde, amigo Joram !

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 20-06-2021
Executado por Haroldo (21-06-2021 21:23:28)
Executando a partir de C:\Users\Haroldo\Downloads
Windows 10 Pro Versão 2004 19041.1052 (X64) (2020-10-14 11:17:06)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

Administrador (S-1-5-21-865912419-3386349657-2234709077-500 - Administrator - Disabled)
Convidado (S-1-5-21-865912419-3386349657-2234709077-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-865912419-3386349657-2234709077-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-865912419-3386349657-2234709077-1000 - Limited - Disabled) => C:\Users\defaultuser0
Haroldo (S-1-5-21-865912419-3386349657-2234709077-1001 - Administrator - Enabled) => C:\Users\Haroldo
WDAGUtilityAccount (S-1-5-21-865912419-3386349657-2234709077-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Enabled - Up to date) {FFDC234A-CE9B-08F9-406B-F876951CE066}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 10.8.0.1286 - 360 Security Center)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.82 - Piriform)
Dropbox (HKLM-x32\...\Dropbox) (Version: 66.4.84 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.141.1 - Dropbox, Inc.) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C4400 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{886E586A-9121-4515-9C18-2C04202614B2}) (Version: 14.0 - HP)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
IRPF2019 (HKLM-x32\...\IRPF2019) (Version: 1.5 - Receita Federal do Brasil)
IRPF2020 (HKLM-x32\...\IRPF2020) (Version: 1.9 - Receita Federal do Brasil)
IRPF2021 (HKLM-x32\...\IRPF2021) (Version: 1.5 - Receita Federal do Brasil)
Java 8 Update 201 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180201F0}) (Version: 8.0.2010.9 - Oracle Corporation)
Java 8 Update 211 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Java 8 Update 211 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.14026.20270 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.54 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-865912419-3386349657-2234709077-1001\...\OneDriveSetup.exe) (Version: 19.070.0410.0005 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 89.0.1 (x64 pt-BR) (HKLM\...\Mozilla Firefox 89.0.1 (x64 pt-BR)) (Version: 89.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0 - Mozilla)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
RealDownloader (HKLM-x32\...\{71c04ed6-4835-4641-b39d-6b855d1281bb}) (Version: 18.1.7.344 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 20.0) (Version: 20.0.4 - RealNetworks)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Revo Uninstaller 2.2.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.5 - VS Revo Group, Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.17.0 - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0416-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
VPNMaster 3.6.0.0 stable (HKLM-x32\...\VPNMaster) (Version: 3.6.0.0 stable - inconnecting.com)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Warsaw 2.18.0.65 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.18.0.65 - GAS Tecnologia)
WhatsApp (HKU\S-1-5-21-865912419-3386349657-2234709077-1001\...\WhatsApp) (Version: 0.3.5374 - WhatsApp)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

Packages:
=========
Any Player -> C:\Program Files\WindowsApps\15191PeakPlayer.50533F9B98293_3.1.9.0_x64__y5c4dfz5b21fm [2021-01-22] (Any DVD & Office App)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.195.600.0_x86__kgqvnymyfvs32 [2021-06-11] (king.com)
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-15] (Microsoft Corporation)
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-13] (Microsoft Corporation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.8.1108.0_x64__rz1tebttyb220 [2021-05-29] (Dolby Laboratories)
Dropbox para modo S -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_22.4.4.0_x64__xbfy0k16fey96 [2021-03-05] (Dropbox Inc.)
Enviar para a Área de Transferência -> C:\Program Files\WindowsApps\57256JahusMohusSoftworks.EnvoyerverslePresse-papie_2.1607.35.0_x64__arhjtakdzn2mr [2021-04-21] (Jahus & Mohus Softworks)
Facebook -> C:\Program Files\WindowsApps\FACEBOOK.FACEBOOK_2021.312.1.0_neutral__8xx8rvfyw5nnt [2021-03-25] (Facebook Inc)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-10] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.6.10.0_x86__h6adky7gbf63m [2021-06-09] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-15] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-06-19] (Microsoft Studios) [MS Ad]
Mini Football Head Soccer -> C:\Program Files\WindowsApps\MobiusCalculon.MiniFootballMobius_3.0.1.5_x86__2318c6yx4se08 [2017-10-03] (Mobius LLC)
O Reino Mágico da Disney -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_6.0.12.0_x86__h6adky7gbf63m [2021-06-10] (Gameloft SE)
Paper Scanner Pro -> C:\Program Files\WindowsApps\DeskShare.PaperScannerPro_1.0.28.0_x64__13ddgfpts17ng [2021-03-05] (DeskShare)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-07-25] (Adobe Systems Incorporated)
Roblox -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.483.31805.0_x86__55nm5eh3cm0pr [2021-06-19] (ROBLOX Corporation)
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_7.1.1.0_x86__g0q0z3kw54rap [2021-06-01] (flaregames GmbH)
Slither Snake.io -> C:\Program Files\WindowsApps\56081SweetGamesBox.SlitherSnake.io_10.0.0.0_x64__v5wzgnqbvrv1e [2017-10-09] (Sweet Games Box) [MS Ad]
Torrent RT FREE Plus -> C:\Program Files\WindowsApps\48295AnnsSoft.TorrentRTFREEPlus_1.1.11.0_x64__nt3rsdpnc0zyt [2019-12-09] (Ann's Soft) [MS Ad]
Torrent Search PRO -> C:\Program Files\WindowsApps\325289AEDD75.TorrentSearchPRO_1.2.19.0_x64__qtx9tqphctw9r [2020-10-31] (Vlasenko Bros.)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2020-05-23] (Microsoft Corporation)

==================== Exame Personalizado CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-865912419-3386349657-2234709077-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Haroldo\Dropbox [2018-06-01 16:25]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [4shared_Desktop] -> {EBDF1F20-C829-11D1-8233-0020AF3E97A9} => C:\Program Files (x86)\4shared Desktop\CMenu.dll [2017-07-25] () [Arquivo não assinado]
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2020-10-30] (Beijing Qihu Technology Co., Ltd. -> )
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcontextmenu.dll [2021-06-19] (RealNetworks, Inc. -> RealNetworks, Inc.)
ContextMenuHandlers4: [4shared_Desktop] -> {EBDF1F20-C829-11D1-8233-0020AF3E97A9} => C:\Program Files (x86)\4shared Desktop\CMenu.dll [2017-07-25] () [Arquivo não assinado]
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2020-10-30] (Beijing Qihu Technology Co., Ltd. -> )
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-02-05] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SD360] -> {086F171D-5ED1-4ED2-B736-CFF3AD6A128E} => C:\Program Files (x86)\360\Total Security\MenuEx64.dll [2020-10-30] (Beijing Qihu Technology Co., Ltd. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Haroldo\Desktop\Haroldo Dawson - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Haroldo\Desktop\Haroldo Dawson Silva - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Haroldo\Desktop\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"

==================== Módulos Carregados (Whitelisted) =============

2017-11-03 19:50 - 2017-07-25 04:01 - 001742336 _____ () [Arquivo não assinado] C:\Program Files (x86)\4shared Desktop\CMenu.dll
2009-11-17 22:58 - 2009-11-17 22:58 - 000342656 _____ (Hewlett Packard -> Hewlett-Packard Co.) [Arquivo não assinado] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2009-11-17 22:58 - 2009-11-17 22:58 - 000559232 _____ (Hewlett Packard -> Hewlett-Packard Co.) [Arquivo não assinado] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2012-05-27 15:54 - 2012-05-27 15:54 - 000032256 _____ (Hewlett-Packard Co.) [Arquivo não assinado] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2011-04-29 11:34 - 2011-04-29 11:34 - 000936448 _____ (Hewlett-Packard Co.) [Arquivo não assinado] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2011-04-29 11:34 - 2011-04-29 11:34 - 000012288 _____ (Hewlett-Packard Co.) [Arquivo não assinado] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2011-08-18 00:29 - 2011-08-18 00:29 - 001039360 _____ (Hewlett-Packard Co.) [Arquivo não assinado] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000079872 _____ (Hewlett-Packard) [Arquivo não assinado] C:\WINDOWS\SYSTEM32\hpzidr12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [Arquivo não assinado] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [Arquivo não assinado] c:\windows\system32\hpzipm12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000054784 _____ (Hewlett-Packard) [Arquivo não assinado] C:\WINDOWS\SYSTEM32\hpzipr12.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000135680 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\audplin.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000122880 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\h263render.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000510976 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\imgrender.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000158208 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\mp3render.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000142336 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\mp4arender.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000182272 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\mp4vrender.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000175104 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\mpgrender.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000144896 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\rarender.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000153088 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\rvrender.dll
2021-06-19 23:58 - 2021-06-19 23:58 - 000397824 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\vidsite.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000168448 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\wm9fformat.dll
2021-06-19 23:59 - 2021-06-19 23:59 - 000117760 _____ (RealNetworks, Inc.) [Arquivo não assinado] C:\program files (x86)\real\realplayer\plugins\wmsechnd.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [14884]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1018]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [14884]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [14884]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [14884]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)

HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice =>
HKU\FileCache\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lnk\UserChoice =>

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-865912419-3386349657-2234709077-1001\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\realplayer\BrowserRecordPlugin\IE\rndlbrowserrecordplugin64.dll [2021-06-19] (RealNetworks, Inc. -> RealPlayer)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-04-25] (Oracle America, Inc. -> Oracle Corporation)
BHO: Sem Nome -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Nenhum Arquivo
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> c:\program files (x86)\real\realplayer\BrowserRecordPlugin\IE\rndlbrowserrecordplugin.dll [2021-06-19] (RealNetworks, Inc. -> RealPlayer)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2020-04-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll [2019-04-25] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540003} -> C:\Program Files (x86)\GbPlugin\gbiehcef.dll [2017-08-02] (GAS INFORMATICA LTDA -> Caixa Economica Federal)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-04-25] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-865912419-3386349657-2234709077-1001\...\bnb.gov.br -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE trusted site: HKU\S-1-5-21-865912419-3386349657-2234709077-1001\...\caixa.gov.br -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2016-07-16 08:47 - 2021-06-14 01:10 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

2019-05-10 22:04 - 2021-06-19 23:41 - 000000447 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.17.48.1 DESKTOP-JEDS5A5.mshome.net # 2026 6 5 19 2 41 49 559

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-865912419-3386349657-2234709077-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-865912419-3386349657-2234709077-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Haroldo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows está habilitado.

Network Binding:
=============
Ethernet: Diebold Network Monitor -> nt_wsddntf (enabled)
vEthernet (Default Switch): Diebold Network Monitor -> nt_wsddntf (enabled)
Conexão Local: Diebold Network Monitor -> nt_wsddntf (enabled)
Wi-Fi: Diebold Network Monitor -> nt_wsddntf (enabled)

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 3
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: QHActiveDefense => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 3
MSCONFIG\Services: RealTimes Desktop Service => 2
MSCONFIG\Services: SynTPEnhService => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Notificador de atualização.lnk"
HKLM\...\StartupApproved\Run32: => "Dropbox"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{886D0733-4830-4FC8-B6EF-C7AA08398CEB}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
FirewallRules: [{475FE353-F261-4B2F-883A-EE526D6EC319}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{B36EA434-AA68-464D-80E7-9A21CEF93D9B}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [UDP Query User{F689F9B3-73ED-470A-8D20-85F2A2C00276}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{B20AC471-AA13-4B91-9B83-353079BAB3FA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{34307F3E-C6D9-4A1F-9DE7-F2967937413D}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{98DEC233-8384-42AD-BDF5-13F76B00F767}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{E4445E56-F176-4687-992B-FF04A7E29D18}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.) [Arquivo não assinado]
FirewallRules: [{9B3059C9-08C0-48D6-9E7F-1FC3BBACD316}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.) [Arquivo não assinado]
FirewallRules: [{33A46B2E-A449-4493-9278-60EBEBD0FE6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{6898804A-D55E-45F6-9F43-F588F2DC1B4A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{1DC06CCF-2823-4D5B-B9F4-CE55D825FE83}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{1687FDDB-1ED2-4216-9169-BC24D4B5E0A2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{BDDB2A32-FF73-410C-B391-813017B31C28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{448624CC-7BA9-4319-ADD8-461F45CABF4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{91ABB1E1-BF57-4F0B-9EA8-19174E85A1B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{8A2AB551-4D3D-4714-BF76-99EDC1C94488}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{E7F94C75-52E1-4154-8015-B87C7A7D5556}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4A352E85-1A18-48FB-8929-BC93C08ACB49}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3D774B33-B5BC-4A8A-BCB3-1D0312879CD9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9FA5932A-BFA9-456B-8771-6F495CA141FB}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{2FB22745-5D55-4767-BBB9-A10B2B64D521}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{A5C0BE60-0703-4CA7-9E67-DCECD855C31E}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{2B8908C1-C40F-44DC-A7E4-FD1E8F942C5E}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{0AAD617E-B1D0-4848-9AE3-1A111DE18B6F}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{99A2A20B-8DE9-4B14-BB00-BD4F83D05022}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{F8DB80A0-61BF-4081-A7E2-2C0834A3FF84}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{46319A8E-1A32-4999-B414-81506359A2A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AC3AEA32-E9D0-428F-95EC-954FC29DA539}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E3949265-159F-4401-9A2B-19E9C39BC6D6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E842A98B-AC3C-4957-822D-71A643872A0B}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{5DFD0F14-43DA-4DD9-BCCD-418D6E7B1E97}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{65947F81-BE3F-46F5-9DD9-F0B7C75AB57D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{F9D0AEC1-7A44-4252-8D9B-AA19552D596F}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{425C7CAD-C6E6-4E85-88CB-357D220CE956}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{594B00CD-B73C-4EC9-8702-0C858DC95F15}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{CE2640C4-C40B-4FDD-9EFC-B2DDD8C17E9D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [TCP Query User{7A6162B7-14CF-4407-80AB-EB04EE93D84A}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{7F46109E-5E4C-410D-A348-9F4C1C6FDB2E}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{1734FBA8-81F1-42B2-8538-71963F958B24}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe
FirewallRules: [UDP Query User{8D901C16-A427-4D8B-B6B9-645BCE76DAF8}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe
FirewallRules: [DNS Server Forward Rule - TCP - 964f7907-0c7a-43bf-9f59-f794b7e879dd - 0] => (Allow) LPort=53
FirewallRules: [DNS Server Forward Rule - UDP - 964f7907-0c7a-43bf-9f59-f794b7e879dd - 0] => (Allow) LPort=53
FirewallRules: [{39372E9A-6296-40D3-B887-23784969A7DF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F012C27F-8A38-43A4-B31D-DC426DD4879E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9520F177-0B96-42CB-8D86-FCE7522F92C7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27CF205C-8980-4A91-B5EE-C8FD492F3E50}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{42744615-FC54-49BC-9EC9-3265206119E2}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [{96299007-30E9-4EFC-977E-ACD776C82205}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe (Beijing Qihu Technology Co., Ltd. -> Qihoo 360 Technology Co. Ltd.)
FirewallRules: [TCP Query User{8475E9D8-1732-4C0A-B822-6C3055E77405}C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.1.9.0_x64__y5c4dfz5b21fm\playerexe\apps\vlc\vlc.exe] => (Allow) C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.1.9.0_x64__y5c4dfz5b21fm\playerexe\apps\vlc\vlc.exe (Any Player) [Arquivo não assinado]
FirewallRules: [UDP Query User{0AA5E8B0-70FF-4A08-9FE5-0CB321705125}C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.1.9.0_x64__y5c4dfz5b21fm\playerexe\apps\vlc\vlc.exe] => (Allow) C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.1.9.0_x64__y5c4dfz5b21fm\playerexe\apps\vlc\vlc.exe (Any Player) [Arquivo não assinado]
FirewallRules: [{D0CC5383-59E0-46A1-8DD3-38C4A14BF2B0}] => (Block) C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.1.9.0_x64__y5c4dfz5b21fm\playerexe\apps\vlc\vlc.exe (Any Player) [Arquivo não assinado]
FirewallRules: [{F5EC075E-38AF-4E9B-8D89-628E0D1985AB}] => (Block) C:\program files\windowsapps\15191peakplayer.50533f9b98293_3.1.9.0_x64__y5c4dfz5b21fm\playerexe\apps\vlc\vlc.exe (Any Player) [Arquivo não assinado]
FirewallRules: [{8B743D39-7193-4077-9E15-D3A99029AFBB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{6A64C34D-67E2-4B40-818A-A12A2DC53AA6}C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe] => (Allow) C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe
FirewallRules: [UDP Query User{A44E30F4-CBAF-4DA1-B5EE-C505E0353D18}C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe] => (Allow) C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe
FirewallRules: [{B15C6512-881F-4291-A9F2-18B5664D43CA}] => (Block) C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe
FirewallRules: [{DFA0132A-0F1F-4162-B527-46863575EB66}] => (Block) C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe
FirewallRules: [{9C2BDEC9-6BC2-424E-8D2E-265CA2ADBBC5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{95E2399C-6B60-4B4E-8260-81C53838C3AF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{539BCFE7-F26E-4506-94B2-8A6551B75283}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F1300906-D196-4CF7-B4EF-C01FCA27D3F8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A7606F16-E4AC-4C0D-BCBC-2F7F047CD15A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{72211902-BB9E-4871-A82C-E5A42DAEDA25}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7E9B1432-CAA4-4147-95DB-13A7B7F952C5}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{388A8775-D962-432A-AB50-23A1BE0D6CE6}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe (RealNetworks, Inc. -> RealNetworks, Inc.)

==================== Pontos de Restauração =========================

18-06-2021 16:46:06 Removed HP Update.

==================== Dispositivos Apresentando Falhas No Gerenciador ============

Name: Photosmart D110 series
Description: Photosmart D110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Dispositivo de Scanner SCSI
Description: Dispositivo de Scanner SCSI
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: scsiscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Dispositivo de Scanner USB
Description: Dispositivo de Scanner USB
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (06/21/2021 09:03:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2121-05-29T00:03:43Z. Código de Erro: 0x80070005.

Error: (06/21/2021 09:03:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2121-05-29T00:03:13Z. Código de Erro: 0x80070005.

Error: (06/21/2021 09:02:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2121-05-29T00:02:43Z. Código de Erro: 0x80070005.

Error: (06/21/2021 09:02:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2121-05-29T00:02:13Z. Código de Erro: 0x80070005.

Error: (06/21/2021 09:01:43 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2121-05-29T00:01:43Z. Código de Erro: 0x80070005.

Error: (06/21/2021 09:01:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2121-05-29T00:01:12Z. Código de Erro: 0x80070005.

Error: (06/21/2021 09:00:42 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2121-05-29T00:00:42Z. Código de Erro: 0x80070005.

Error: (06/21/2021 09:00:12 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Falha ao agendar o reinício do serviço Proteção de Software 2121-05-29T00:00:12Z. Código de Erro: 0x80070005.

Erros de Sistema:
=============
Error: (06/19/2021 11:50:48 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JEDS5A5)
Description: O servidor Microsoft.549981C3F5F10_3.2105.19601.0_x64__8wekyb3d8bbwe!App.AppXsaksz8g893wmfxp53kxywv7nedj5wtfh.mca não se registrou no DCOM dentro do tempo limite necessário.

Error: (06/19/2021 11:50:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço QHProtected devido ao seguinte erro:
O Windows não pode verificar a assinatura digital deste arquivo. Talvez uma alteração recente de hardware ou software tenha instalado um arquivo com uma assinatura incorreta ou danificado, ou talvez o arquivo seja um software mal-intencionado de origem desconhecida.

Error: (06/19/2021 11:50:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço QHProtected devido ao seguinte erro:
O Windows não pode verificar a assinatura digital deste arquivo. Talvez uma alteração recente de hardware ou software tenha instalado um arquivo com uma assinatura incorreta ou danificado, ou talvez o arquivo seja um software mal-intencionado de origem desconhecida.

Error: (06/19/2021 11:42:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço QHProtected devido ao seguinte erro:
O Windows não pode verificar a assinatura digital deste arquivo. Talvez uma alteração recente de hardware ou software tenha instalado um arquivo com uma assinatura incorreta ou danificado, ou talvez o arquivo seja um software mal-intencionado de origem desconhecida.

Error: (06/19/2021 11:42:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço QHProtected devido ao seguinte erro:
O Windows não pode verificar a assinatura digital deste arquivo. Talvez uma alteração recente de hardware ou software tenha instalado um arquivo com uma assinatura incorreta ou danificado, ou talvez o arquivo seja um software mal-intencionado de origem desconhecida.

Error: (06/19/2021 11:36:06 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: O serviço Malwarebytes Service não foi desligado corretamente após receber um controle de pré-desligamento.

Error: (06/18/2021 05:12:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JEDS5A5)
Description: O servidor {ED1D0FDF-4414-470A-A56D-CFB68623FC58} não se registrou no DCOM dentro do tempo limite necessário.

Error: (06/18/2021 05:11:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-JEDS5A5)
Description: O servidor {ED1D0FDF-4414-470A-A56D-CFB68623FC58} não se registrou no DCOM dentro do tempo limite necessário.

Windows Defender:
================
Date: 2020-11-29 17:54:38
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {3FB5FE07-651F-44AB-9B7D-DA5119F7DF93}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-05-27 00:31:56
Description:
O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x80004005
Descrição do erro: Erro não especificado
Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos.

Date: 2021-05-27 00:31:56
Description:
O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x80004005
Descrição do erro: Erro não especificado
Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos.

Date: 2021-05-27 00:31:55
Description:
O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x80004005
Descrição do erro: Erro não especificado
Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos.

Date: 2021-05-27 00:31:55
Description:
O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x80004005
Descrição do erro: Erro não especificado
Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos.

Date: 2021-05-26 23:29:43
Description:
O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou.
Recurso: Em Tempo de Acesso
Código do Erro: 0x80004005
Descrição do erro: Erro não especificado
Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos.

CodeIntegrity:
===============
Date: 2021-06-19 23:50:04
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\360\Total Security\safemon\WscReg.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-06-18 15:54:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-06-18 15:54:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscr64.dll that did not meet the Microsoft signing level requirements.

==================== Informações da Memória ===========================

BIOS: INSYDE V1.18 08/10/2010
placa-mãe: Acer ZR7B
Processador: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentagem de memória em uso: 79%
RAM física total: 3766.76 MB
RAM física disponível: 774.64 MB
Virtual Total: 7193.1 MB
Virtual disponível: 2711.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.33 GB) (Free:15.65 GB) NTFS
Drive d: () (Fixed) (Total:97.66 GB) (Free:2.11 GB) NTFS
Drive e: () (Fixed) (Total:13 GB) (Free:9.4 GB) NTFS

\\?\Volume{fb4f4fb4-0000-0000-0000-104003000000}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.05 GB) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: FB4F4FB4)
Partition 1: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=187.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=97.7 GB) - (Type=0F Extended)

==================== Fim de Addition.txt =======================

por **joram** Sáb 26 Jun 2021, 19:53

/!\ Boa Noite! pamonha /!\

> Desinstale estes aplicativos HP:

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Photosmart C4400 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{886E586A-9121-4515-9C18-2C04202614B2}) (Version: 14.0 - HP)

HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

> Ps: Em momento propício vc os instala novamente.

> Copie estas informações que estão no Spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as em Downloads! //Executando a partir de C:\Users\Haroldo\Downloads

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Spoiler:

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool". (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

< Este script foi elaborado exclusivamente para este computador,portanto peço aos visitantes que não o utilize em outras "máquinas". >

[]s

por pamonha Qua 30 Jun 2021, 00:14

Boa noite, Joram !

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 29-06-2021
Executado por Haroldo (29-06-2021 22:21:25) Run:1
Executando a partir de C:\Users\Haroldo\Downloads
Perfis Carregados: defaultuser0 & Haroldo
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CloseProcesses:
Task: {3129d6a0-6b71-4464-bafb-1b645407dba3} - não caminho do arquivo
Task: {6447dcb1-5513-4466-b4fd-cb626a05beb4} - não caminho do arquivo
Task: {8C38A57E-B703-46C6-98B8-67872758A50A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1790184 2021-04-29] (Avast Software s.r.o. -> Avast Software)
U3 avgbdisk; não ImagePath
2021-06-14 00:53 - 2017-05-26 05:40 - 000000000 ____D C:\ProgramData\Temp
2021-01-22 01:10 - 2021-01-22 01:10 - 000003584 _____ () C:\Users\Haroldo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Nenhum Arquivo
ShortcutWithArgument: C:\Users\Haroldo\Desktop\Haroldo Dawson - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Haroldo\Desktop\Haroldo Dawson Silva - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Haroldo\Desktop\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [14884]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1018]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [14884]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [14884]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [14884]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [468]
BHO: Sem Nome -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Nenhum Arquivo
StartPowershell:
sfc /scannow
EndPowershell:
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:

*****************

Processos fechados com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3129d6a0-6b71-4464-bafb-1b645407dba3}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6447dcb1-5513-4466-b4fd-cb626a05beb4}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8C38A57E-B703-46C6-98B8-67872758A50A}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C38A57E-B703-46C6-98B8-67872758A50A}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Avast Software\Overseer => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\avgbdisk => removido (a) com sucesso.
avgbdisk => serviço removido (a) com sucesso.
C:\ProgramData\Temp => movido com sucesso
C:\Users\Haroldo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => movido com sucesso
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removido (a) com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removido (a) com sucesso.
C:\Users\Haroldo\Desktop\Haroldo Dawson - Chrome.lnk => Atalho argumento removido (a) com sucesso.
"C:\Users\Haroldo\Desktop\Haroldo Dawson Silva - Chrome.lnk" => não encontrado (a)
C:\Users\Haroldo\Desktop\Pessoa 1 - Chrome.lnk => Atalho argumento removido (a) com sucesso.
C:\ProgramData => ":YXVtLmh6aQ" ADS removido (a) com sucesso.
C:\Program Files (x86)\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso.
C:\Program Files (x86)\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso.
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":r0d3jo5" ADS removido (a) com sucesso.
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso.
C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.
"C:\Users\All Users" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\Users\Todos os Usuários" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\ProgramData\Dados de Aplicativos" => ":YXVtLmh6aQ" ADS não encontrado (a).
C:\ProgramData\GbPlugin => ":IncompleteStartGbprcm.cnt" ADS removido (a) com sucesso.
C:\Users\Public\Shared Files => ":VersionCache" ADS removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => removido (a) com sucesso.

========= Powershell: =========

I n i c i a n d o v e r i f i c a þ Ò o d e a r q u i v o s . O p r o c e s s o l e v a r ß a l g u n s m i n u t o s p a r a s e r c o n c l u Ý d o .

I n i c i a n d o f a s e d e v e r i f i c a þ Ò o d e v e r i f i c a þ Ò o d o s i s t e m a .

V e r i f i c a þ Ò o 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 2 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 3 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 4 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 5 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 6 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 7 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 8 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 0 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 1 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 2 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 3 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 4 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 5 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 6 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 7 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 8 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 9 9 % c o n c l u Ý d a .
V e r i f i c a þ Ò o 1 0 0 % c o n c l u Ý d a .

A P r o t e þ Ò o d e R e c u r s o s d o W i n d o w s e n c o n t r o u a r q u i v o s c o r r o m p i d o s e o s r e p a r o u c o m Û x i t o .

P a r a r e p a r o s o n l i n e , o s d e t a l h e s s Ò o i n c l u Ý d o s n o a r q u i v o d e l o g C B S l o c a l i z a d o e m

w i n d i r \ L o g s \ C B S \ C B S . l o g . P o r e x e m p l o , C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g . P a r a r e p a r o s

o f f l i n e , o s d e t a l h e s s Ò o i n c l u Ý d o s n o a r q u i v o d e l o g f o r n e c i d o p e l o s i n a l i z a d o r / O F F L O G F I L E .

========= Fim de Powershell: =========

Ponto de Restauração criado com sucesso.

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removido (a) com sucesso.
HKU\FileCache\SOFTWARE\Policies\Microsoft\Internet Explorer => Não pode ser removido. Acesso Negado.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-865912419-3386349657-2234709077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-865912419-3386349657-2234709077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-865912419-3386349657-2234709077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => Não pode ser removido
"HKU\S-1-5-21-865912419-3386349657-2234709077-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.

========= Fim de RemoveProxy: =========

Não pode ser movido "C:\Windows\System32\Drivers\etc\hosts" => Agendado para ser movido na reinicialização.

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 68700014 B
Java, Flash, Steam htmlcache => 1170 B
Windows/system/drivers => 4590726 B
Edge => 42093 B
Chrome => 51424441 B
Firefox => 736758584 B
Opera => 5978108 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 26892 B
NetworkService => 26892 B
defaultuser0 => 26892 B
Haroldo => 96097008 B
DefaultAppPool => 96097008 B

por **joram** Qua 30 Jun 2021, 08:07

/!\ Bom Dia! pamonha /!\

start::
closeprocesses:
emptytemp:
hosts:
reboot:
end::

Execute novo arquivo texto,com estas informações logo àcima.
Ao copiá-las ao Bloco de Notas,salve-as na mesma localidade em que se encontra a ferramenta FRST.EXE. (...no seu caso,a pasta Downloads)
Este Bloco de Notas será nomeado como fixlist.
O próximo procedimento,será vc acessar a FRST.EXE e ao abri-la,clicar em Corrigir.
Ao finalizar,será gerado o relatório Fixlog, que vc postará integralmente em sua resposta.

[]s

por pamonha Sáb 17 Jul 2021, 22:44

Boa noite, Joran...!!

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-07-2021
Executado por Haroldo (17-07-2021 22:17:40) Run:2
Executando a partir de C:\Users\Haroldo\Downloads
Perfis Carregados: defaultuser0 & Haroldo
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
closeprocesses:
emptytemp:
hosts:
reboot:

*****************

Processos fechados com sucesso.
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 11034624 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13709112 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4383816 B
Edge => 0 B
Chrome => 0 B
Firefox => 133597342 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 19732 B
NetworkService => 102440668 B
defaultuser0 => 102440668 B
Haroldo => 120999602 B
DefaultAppPool => 120999602 B

RecycleBin => 517893288 B
EmptyTemp: => 1.1 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 22:19:45 ====

por **joram** Dom 18 Jul 2021, 10:27

/!\ Bom Dia! pamonha /!\

Tudo Ok?
Como tens o 360,vc pode acionar a proteção aos navegadores imposta pelo Browser Protection.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Abra o 360,vá em Ferramentas >> Proteção do Browser.
O BP é ótimo para detectar sites de phishing.
Informe!

[]s

por pamonha Dom 25 Jul 2021, 16:50

Boa tarde, Joran !

Procedi como recomendou. Mensagem do 360 :

"Seu Browser está protegido".

Algo mais...? Fico no aguardo, amigo.

por **joram** Dom 25 Jul 2021, 16:59

/!\ Boa Tarde! pamonha /!\

Creio que terminamos e,caso queira,desinstale a FRST.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

Nomeie a FRST para Uninstall e depois a execute com duplo clique.
Ps: Este procedimento irá desinstalar a FRST.

Bom trabalho!

[]s

por Conteúdo patrocinado

Pishing Invasor

Pishing Invasor

Re: Pishing Invasor

PISHING INVASOR

Re: Pishing Invasor

PISHING INVASOR

Re: Pishing Invasor

Pishing Invasor

Re: Pishing Invasor

Pishing Invasor

Re: Pishing Invasor

PISHING INVASOR

Re: Pishing Invasor

PISHING INVASOR

Re: Pishing Invasor

PISHING INVASOR

Re: Pishing Invasor

Bom trabalho!

[]s

Re: Pishing Invasor

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30