VBS Malware [Archive] - Safer-Networking Forums

Zeniker

2017-02-23, 05:28

Yesterday avast started to detect a vbs malware whenever the Opera or Google Chrome was open, howerer it doesn't happen with firefox. I ran Avast scan and it detected several files infected with the same virus i think, some of those in the Windows folder. Here's the farbar log.

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19-02-2017
Executado por Guilherme (administrador) em GUILHERME-NOTE (22-02-2017 05:44:09)
Executando a partir de C:\Users\Guilherme\Desktop
Perfis Carregados: UpdatusUser & Guilherme (Perfis Disponíveis: UpdatusUser & Guilherme & Administrador)
Platform: Windows 10 Home Single Language (X64) Idioma: Português (Brasil)
Internet Explorer Versão 11 (Navegador padrão: Opera)
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
() C:\Windows\System32\igfxTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() D:\Games\Crypt of the NecroDancer\unins000.exe
() C:\Users\Guilherme\AppData\Local\Temp\_iu14D2N.tmp

==================== Registro (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [920280 2015-04-17] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-11-01] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [X]
HKU\S-1-5-21-3040258654-2525527317-1144640668-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Google Update] => C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Spotify Web Helper] => C:\Users\Guilherme\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-19] (Spotify Ltd)
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Spotify] => C:\Users\Guilherme\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-19] (Spotify Ltd)
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\RunOnce: [Uninstall C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\RunOnce: [Uninstall C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\RunOnce: [Uninstall C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-26] (AVAST Software)
Startup: C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-01-31]
ShortcutTarget: Curse.lnk -> C:\Users\Guilherme\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
GroupPolicy: Restrição <======= ATENÇÃO

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\..\Interfaces\{185f0d10-ace8-4f9b-9b2b-b13488d7d565}: [DhcpNameServer] 201.21.192.161 201.21.192.166
Tcpip\..\Interfaces\{fa2d569b-cdc1-4147-a5a5-2fdf68d294d5}: [DhcpNameServer] 201.21.192.161 201.21.192.166

Internet Explorer:
==================
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll => Nenhum Arquivo
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 8x4uo2vf.default
FF ProfilePath: C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\kp37pia3.dev-edition-default [2016-12-17]
FF Extension: (Adblock Plus) - C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\kp37pia3.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF ProfilePath: C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\8x4uo2vf.default [2016-12-17]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-14]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-14]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-12] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-11-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3040258654-2525527317-1144640668-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3040258654-2525527317-1144640668-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418085823&from=smt&uid=ST2000DM001-1CH164_W1E5G644XXXXW1E5G644"
CHR Profile: C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Apresentações) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-24]
CHR Extension: (Google Docs) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
CHR Extension: (Google Drive) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Adblock Plus) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30]
CHR Extension: (Google Search) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Planilhas do Google) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-24]
CHR Extension: (Documentos Google off-line) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Avast Online Security) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <não encontrado (a)>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <não encontrado (a)>

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Guilherme\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-10-28]

==================== Serviços (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [Arquivo não assinado]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-07-21] (ELAN Microelectronics Corp.)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [Arquivo não assinado]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-06-03] (Electronic Arts)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [Arquivo não assinado]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2016-08-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-26] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-26] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-26] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2016-07-24] (GAS Tecnologia)
R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.)
R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [96776 2015-11-16] (Intel Corporation)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2016-01-23] (hxxp://libusb-win32.sourceforge.net)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 GBPRCM; \??\C:\Program Files (x86)\GbPlugin\gbprcm64.sys [X]
S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um Mês Criados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-02-22 05:45 - 2017-02-22 05:45 - 05198336 _____ (AVAST Software) C:\Users\Guilherme\Desktop\aswMBR.exe
2017-02-22 05:44 - 2017-02-22 05:50 - 00023985 _____ C:\Users\Guilherme\Desktop\FRST.txt
2017-02-22 05:42 - 2017-02-22 05:44 - 00000000 ____D C:\FRST
2017-02-22 05:42 - 2017-02-22 05:42 - 02422784 _____ (Farbar) C:\Users\Guilherme\Desktop\FRST64.exe
2017-02-22 05:37 - 2017-02-22 05:37 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-GUILHERME-NOTE-Windows-10-Home-Single-Language-(64-bit).dat
2017-02-22 05:37 - 2017-02-22 05:37 - 00000000 ____D C:\RegBackup
2017-02-22 05:36 - 2017-02-22 05:36 - 00018004 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2017-02-22 05:36 - 2017-02-22 05:36 - 00002314 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2017-02-22 05:36 - 2017-02-22 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-02-22 05:36 - 2017-02-22 05:36 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-02-22 05:35 - 2017-02-22 05:36 - 05766144 _____ (Tweaking.com) C:\Users\Guilherme\Desktop\tweaking.com_registry_backup_setup.exe
2017-02-22 05:26 - 2017-02-22 05:26 - 00016148 _____ C:\WINDOWS\system32\GUILHERME-NOTE_Guilherme_HistoryPrediction.bin
2017-01-31 10:35 - 2017-01-31 10:35 - 00020542 _____ C:\Users\Guilherme\Downloads\segundaViaDoc.pdf
2017-01-28 18:18 - 2017-01-28 18:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software

==================== Um Mês Modificados arquivos e pastas ========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2017-02-22 05:51 - 2015-10-24 21:41 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\BitTorrent
2017-02-22 05:47 - 2015-07-30 19:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 05:40 - 2015-07-30 19:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-22 05:35 - 2015-10-24 21:11 - 00000075 _____ C:\Users\Guilherme\AppData\Roaming\sp_data.sys
2017-02-22 05:34 - 2015-07-30 19:42 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-22 05:33 - 2016-02-03 16:55 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-02-22 05:33 - 2015-10-27 18:24 - 02238952 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-22 05:33 - 2015-09-10 02:05 - 02278134 _____ C:\WINDOWS\system32\prfh0416.dat
2017-02-22 05:33 - 2015-09-10 02:05 - 00664324 _____ C:\WINDOWS\system32\prfc0416.dat
2017-02-22 05:33 - 2014-03-29 14:22 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-02-22 05:32 - 2015-11-01 14:12 - 00004190 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A98DCBA0-4827-44CB-80EA-350247BCB4A2}
2017-02-22 05:27 - 2016-10-27 18:31 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-02-22 05:27 - 2015-10-27 18:32 - 00000000 __SHD C:\Users\Guilherme\IntelGraphicsProfiles
2017-02-22 05:27 - 2015-10-27 18:00 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-22 05:26 - 2016-04-15 20:06 - 00000093 _____ C:\HaxLogs.txt
2017-02-22 05:26 - 2015-07-30 18:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-22 02:27 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Default.migrated
2017-02-22 00:07 - 2015-10-24 21:29 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Skype
2017-02-22 00:07 - 2015-07-10 06:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-02-22 00:06 - 2016-06-03 19:09 - 00000000 ____D C:\Users\Guilherme\AppData\Local\Spotify
2017-02-22 00:01 - 2015-10-24 22:53 - 00000426 _____ C:\WINDOWS\Tasks\update-sys.job
2017-02-21 23:31 - 2015-10-24 22:53 - 00000426 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002.job
2017-02-21 20:48 - 2016-06-03 19:06 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Spotify
2017-02-20 20:24 - 2017-01-05 21:44 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-20 20:24 - 2015-10-27 18:40 - 00002387 _____ C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-09 21:47 - 2016-06-28 21:22 - 00003974 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1467159759
2017-02-09 21:47 - 2016-06-28 21:22 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-02-09 21:47 - 2016-06-28 21:20 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-07 00:11 - 2015-10-24 21:24 - 00002477 _____ C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-05 23:36 - 2016-10-01 22:26 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Audacity
2017-02-02 19:06 - 2016-09-13 18:27 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-02 19:06 - 2015-10-24 21:28 - 00000000 ____D C:\Users\Todos os Usuários\Skype
2017-02-02 19:06 - 2015-10-24 21:28 - 00000000 ____D C:\ProgramData\Skype
2017-02-01 13:51 - 2016-04-09 12:43 - 00000000 ____D C:\Users\Guilherme\Desktop\App
2017-01-30 18:19 - 2015-11-01 11:38 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2017-01-30 14:35 - 2016-01-23 11:19 - 00000000 ____D C:\Users\Guilherme\Desktop\Jogos
2017-01-30 14:35 - 2015-10-25 23:50 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-29 17:29 - 2015-10-27 18:06 - 00000000 ____D C:\Users\UpdatusUser
2017-01-28 18:18 - 2015-10-25 12:07 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-28 14:44 - 2015-11-10 18:39 - 00000000 ____D C:\Users\Guilherme\Documents\CnWizards
2017-01-27 23:17 - 2015-11-09 17:40 - 00000000 ____D C:\Users\Todos os Usuários\Embarcadero
2017-01-27 23:17 - 2015-11-09 17:40 - 00000000 ____D C:\ProgramData\Embarcadero
2017-01-27 15:52 - 2015-10-27 18:06 - 00000000 ____D C:\Users\Guilherme

==================== Arquivos na raiz de alguns diretórios =======

2015-10-24 21:11 - 2017-02-22 05:35 - 0000075 _____ () C:\Users\Guilherme\AppData\Roaming\sp_data.sys
2016-08-14 20:08 - 2016-08-14 20:08 - 0000000 ___SH () C:\Users\Guilherme\AppData\Local\LumaEmu
2016-11-17 18:19 - 2016-11-17 18:19 - 0002421 _____ () C:\Users\Guilherme\AppData\Local\recently-used.xbel
2015-10-24 22:53 - 2015-10-24 22:53 - 0000003 _____ () C:\Users\Guilherme\AppData\Local\updater.log
2015-10-24 22:53 - 2016-08-07 03:07 - 0000424 _____ () C:\Users\Guilherme\AppData\Local\UserProducts.xml
2013-12-18 14:55 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-12-18 14:55 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-18 14:55 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Alguns arquivos em TEMP:
====================
2015-11-15 16:42 - 2015-11-15 16:42 - 0079736 _____ (AppWork GmbH) C:\Users\Guilherme\AppData\Local\Temp\130920901306023245.exe
2015-11-15 16:42 - 2015-11-15 16:42 - 0872476 _____ (Web installer ) C:\Users\Guilherme\AppData\Local\Temp\13092090138792059536.exe
2016-09-23 03:46 - 2000-04-06 07:00 - 0263168 ____N () C:\Users\Guilherme\AppData\Local\Temp\binkw32.dll
2016-09-23 03:46 - 2001-05-09 21:19 - 0352256 ____N (Blizzard Entertainment) C:\Users\Guilherme\AppData\Local\Temp\d2l_Install.exe
2016-02-17 17:44 - 2016-02-17 17:44 - 0000000 _____ () C:\Users\Guilherme\AppData\Local\Temp\GURDACB.exe
2016-01-04 17:06 - 2016-01-04 17:07 - 24814584 _____ (ArenaNet) C:\Users\Guilherme\AppData\Local\Temp\Gw2.exe
2016-10-13 19:23 - 2016-10-13 19:23 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.2182347912007514.dll
2016-08-23 22:04 - 2016-08-23 22:04 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.30589597969029025.dll
2016-07-24 22:19 - 2016-07-24 22:19 - 0741440 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u101-windows-au.exe
2015-10-07 15:17 - 2015-10-07 15:17 - 0585824 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u65-windows-au.exe
2016-01-20 21:55 - 2016-01-20 21:55 - 0644704 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-13 09:54 - 2016-02-13 09:54 - 0736352 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u73-windows-au.exe
2015-09-01 08:11 - 2015-09-01 08:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Guilherme\AppData\Local\Temp\McCSPInstall.dll
2015-11-01 11:20 - 2015-09-01 08:11 - 0162120 _____ (McAfee Inc.) C:\Users\Guilherme\AppData\Local\Temp\mccspuninstall.exe
2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole146836755875676782.dll
2016-09-27 10:28 - 2016-09-27 10:28 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole4981657535685034036.dll
2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole6307089412700812183.dll

==================== Bamital & volsnap ======================

(Não há correção automática para arquivos que não passaram na verificação.)

C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

LastRegBack: 2017-02-19 16:26

==================== Fim de FRST.txt ============================

Addition Log:

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 19-02-2017
Executado por Guilherme (22-02-2017 05:51:58)
Executando a partir de C:\Users\Guilherme\Desktop
Windows 10 Home Single Language (X64) (2015-10-27 21:31:29)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

Administrador (S-1-5-21-3040258654-2525527317-1144640668-500 - Administrator - Disabled) => C:\Users\Administrator
Convidado (S-1-5-21-3040258654-2525527317-1144640668-501 - Limited - Enabled)
DefaultAccount (S-1-5-21-3040258654-2525527317-1144640668-503 - Limited - Disabled)
Guilherme (S-1-5-21-3040258654-2525527317-1144640668-1002 - Administrator - Enabled) => C:\Users\Guilherme
HomeGroupUser$ (S-1-5-21-3040258654-2525527317-1144640668-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-3040258654-2525527317-1144640668-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

99Vidas (HKLM\...\Steam App 557040) (Version: - QUByte Interactive)
Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.3 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.7 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
CnPack IDE Wizards (HKLM-x32\...\CnWizards) (Version: 1.0.5.693 - CnPack Team)
CodeBlocks (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
CodedUITestUAP (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.60 - Conexant)
Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
Dead Space™ (HKLM-x32\...\{6E6F22D7-8AD6-4A87-9A47-733E6E996F50}) (Version: 1.0.0.222 - Electronic Arts)
Deus Ex Human Revolution Directors Cut version 2.0.66.0 (HKLM-x32\...\Deus Ex Human Revolution Directors Cut_is1) (Version: 2.0.66.0 - Mr DJ)
Devil May Cry 4 (HKLM-x32\...\Steam App 45700) (Version: - Capcom)
Discord (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Disgaea PC (HKLM\...\Steam App 405900) (Version: - Nippon Ichi Software, Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Dustforce (HKLM-x32\...\Steam App 65300) (Version: - Hitbox Team)
ELAN Touchpad 11.5.20.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.20.3 - ELAN Microelectronic Corp.)
Embarcadero RAD Studio XE7 (HKLM-x32\...\{70A0BF24-4DD3-42C9-81A5-43C5644F5834}_is1) (Version: 21.0.17707.5020 - Lsuper)
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Firefox Developer Edition 45.0a2 (x86 pt-BR) (HKLM-x32\...\Firefox Developer Edition 45.0a2 (x86 pt-BR)) (Version: 45.0a2 - Mozilla)
Firestorm Launcher version 1.3 (HKLM-x32\...\{008D5963-9A73-4472-8C16-A5BF04491B9D}_is1) (Version: 1.3 - Firestorm)
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.269.0 - International GeoGebra Institute)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hyper Light Drifter (HKLM-x32\...\1452863689_is1) (Version: 2.6.0.8 - GOG.com)
IDE Tools for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{30F3FF94-225B-4319-A13C-E307FFDA3CFB}) (Version: 6.0.1 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (x32 Version: 10.1.14393.33 - Microsoft) Hidden
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Mediatek Bluetooth (HKLM\...\{E0B1ECF5-766A-5464-BFE2-2C1BED6A49FB}) (Version: 11.0.748.2 - Mediatek)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Server Speech Recognition Language - TELE (pt-BR) (HKLM-x32\...\{F6B5EB21-0ABF-487C-B9A9-D9DB259C4403}) (Version: 11.0.7400.335 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Speech Platform SDK (x64) v11.0 (HKLM\...\{53D682B6-5381-4B44-B590-584AAD0460C0}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft Speech Platform SDK (x86) v11.0 (HKLM-x32\...\{A946A6CC-E9F2-44A8-9A8D-095C756AF4EB}) (Version: 11.0.7400.345 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{dfcbf7c4-6232-423c-b43c-38d118e2378f}) (Version: 14.0.24720.41 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Momodora: Reverie Under the Moonlight (HKLM\...\Steam App 428550) (Version: - Bombservice)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.0.5833 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MySQL Workbench 6.3 CE (HKLM\...\{0D901124-B910-4985-9D4F-AC5C2FEF7493}) (Version: 6.3.7 - Oracle Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.5 - Notepad++ Team)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
Pacote de Direcionamento do Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM-x32\...\{34A6EAAA-8D75-4775-A982-FBC793C4A868}) (Version: 4.6.01055 - Microsoft Corporation)
Painel de controle da NVIDIA 353.54 (Version: 353.54 - NVIDIA Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Python 2.7.12 (Anaconda2 4.1.1 64-bit) (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Python 2.7.12 (Anaconda2 4.1.1 64-bit)) (Version: 4.1.1 - Continuum Analytics, Inc.)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version: - Ubisoft)
Roleplaying City Map Generator 5.40 (HKLM-x32\...\{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}) (Version: 5.4.0.0 - )
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden
RPG Maker 2003 v1.08 (HKLM-x32\...\RPG Maker 2003_is1) (Version: - Enterbrain, Inc.)
RRPG Firecast (HKLM-x32\...\{EB4C3686-A52C-4F40-9D53-F8571CC5FD5D}_is1) (Version: 7 - AlyssonRPG)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
SDK do Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM-x32\...\{5C233FE7-872F-4526-87AF-0E8D8AE00DEB}) (Version: 4.6.01055 - Microsoft Corporation)
Secure Download Manager (HKLM-x32\...\{F0858165-B8DB-4347-89B8-6D9F882B9BF3}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.9.0.16 - GOG.com)
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.9.6.1) (Version: 1.9.6.1 - Atlassian)
SourceTree (x32 Version: 1.9.6.1 - Atlassian) Hidden
Spotify (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TalonRO Client (HKLM-x32\...\TalonRO_is1) (Version: 2.0 - TalonRO)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25521 - Microsoft) Hidden
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
Tiled (HKLM-x32\...\{8C09C5E0-D123-49E9-926A-5A81513A25EE}) (Version: 0.17.1 - mapeditor.org)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
WinAppDeploy (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Windows 10 IoT Core Dashboard (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\2c4529525b7e166a) (Version: 1.0.1608.1003 - Windows 10 IoT Core)
Windows Driver Package - ASUS (ATP) Mouse (10/31/2013 1.0.0.191) (HKLM\...\15591935E93BF0A0E42CA53B578EE5E630971E15) (Version: 10/31/2013 1.0.0.191 - ASUS)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.24-1 - Bitnami)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {076F7AEB-CB16-4C39-B6AD-7AF0D84CC122} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {0BBB8BCE-B9C8-4466-BAE0-FBFD1617B2F8} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
Task: {1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {1EB7CF1F-8529-42C4-BFF9-0610FCBBE27A} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {25C30DA3-04C0-4DBE-97D2-A495D4844B68} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
Task: {2AF3646E-0564-4F20-9F1C-A23655106DB3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-26] (AVAST Software)
Task: {4015100D-83DE-40EC-B5E5-F296E74BF4D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {5145C73D-2A5B-4203-B693-F7759064FE78} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {573F27BB-CD64-450F-83C4-9303BF29941F} - System32\Tasks\SafeZone scheduled Autoupdate 1455485946 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {587BB18C-0389-495F-9807-33212B50E3FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {5C8BB0C1-D3B3-4D3D-953D-F8225D91B8C5} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {6E286273-3F62-402D-80FA-055926CB5473} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
Task: {712FC852-B2ED-4B60-BB01-42C88CC0605A} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
Task: {79967A12-F86E-436A-A082-2D733828D896} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3040258654-2525527317-1144640668-1002Core => C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
Task: {A4B6D2AB-B9F6-4EA0-AD11-2F44D29FE556} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3040258654-2525527317-1144640668-1002UA => C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
Task: {A6EA4B90-80A6-494F-A983-A55FD06F904D} - System32\Tasks\{6CA3CC62-928C-4FF4-B0FB-31199B921F3F} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
Task: {A9028622-2D2C-4D52-B2BE-BE65D4BCC767} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {AF0D1740-4539-41C5-A87B-0227C9E31CB6} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {B6D0320B-1E91-4B6F-9789-AEB809182133} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {BAA4A7F1-FDE3-47A1-B178-532D0FFB0F95} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
Task: {BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMKMGMKJMJOJOMHMJMCNGMMMJJHMCNLMNMOJLMCNGMMJMMJMCNMJHMKMNJMMLJOJLMGMHMOMNJJNJICMIMCNGMCNOMHMFMOMOMCNPMCNOMPMNMLMPMFMPMCNPMCNOMPMNMLMPMCNNMJNPICMPMFMFMNMMMMMJNHICMEKMICNJJCKJNBJCMILKIGJDJHJKJNICJKJJNKJCMJNNICMJNDJCMNJNIJNMJCMPM (a entrada de dados tem 41 mais caracteres).
Task: {CA40B574-6760-4D88-A39E-897FB3867519} - System32\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {D4050526-C85B-4727-9629-66E8EC3BCB49} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
Task: {E7D72BDE-7AE1-438D-97D6-77E14CC51A37} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {F04BE228-640C-4740-8575-1D2EBB1DC3D8} - System32\Tasks\Opera scheduled Autoupdate 1467159759 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-06] (Opera Software)
Task: {F200B5E8-1625-4AEC-AFA1-0BA0988E8DC1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {FC6B6BC0-A5E2-4AE6-A37D-59415556544A} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\McAfee Remediation (Prepare).job => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Guilherme\Anaconda2\Scripts\activate.bat C:\Users\Guilherme\Anaconda2

==================== Módulos Carregados (Whitelisted) ==============

2015-09-10 02:08 - 2015-09-10 02:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-27 18:01 - 2015-07-13 14:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-10 02:08 - 2015-09-10 02:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2016-08-27 12:03 - 2016-08-03 02:44 - 02495776 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-08-29 20:01 - 2013-08-29 20:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-08-27 12:03 - 2016-08-03 02:44 - 02495776 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-04-15 17:13 - 2015-04-15 17:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-10-27 18:36 - 2015-10-27 18:36 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-08-27 12:04 - 2016-08-03 01:34 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-27 12:04 - 2015-11-25 01:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-27 12:04 - 2016-08-03 01:31 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-27 18:36 - 2015-10-27 18:36 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 00:13 - 2015-09-10 02:07 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\Windows\System32\igfxTray.exe
2016-08-27 12:03 - 2016-03-16 01:46 - 02642272 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-08-27 12:03 - 2016-03-16 01:46 - 02107744 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2017-02-22 05:31 - 2016-05-15 11:16 - 01327184 ____N () C:\Users\Guilherme\AppData\Local\Temp\_iu14D2N.tmp
2016-09-26 23:51 - 2016-09-26 23:51 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-21 23:08 - 2017-02-21 23:08 - 05989072 _____ () C:\Program Files\AVAST Software\Avast\defs\17022101\algo.dll
2016-09-26 23:51 - 2016-09-26 23:51 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-10-09 00:41 - 2013-10-09 00:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-09 22:23 - 2013-09-09 22:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-09-26 23:51 - 2016-09-26 23:51 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-04 03:14 - 2016-09-04 03:14 - 00747520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Vbeb7089b#\02522fd092d881ca09d470946bc046e8\Microsoft.VisualStudio.Threading.ni.dll
2016-09-04 03:14 - 2016-09-04 03:14 - 00052224 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Vd43b287e#\35d8963e28bd478ec40e0d46fcab1f0a\Microsoft.VisualStudio.Validation.ni.dll
2013-04-27 14:24 - 2013-04-27 14:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
2017-02-09 21:47 - 2017-02-06 03:29 - 39820376 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_browser.dll
2014-03-29 14:15 - 2013-09-16 16:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-02-09 21:47 - 2017-02-06 03:29 - 45837912 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_child.dll
2017-02-09 21:47 - 2017-02-06 03:29 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libglesv2.dll
2017-02-09 21:47 - 2017-02-06 03:29 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libegl.dll
2015-06-08 16:06 - 2015-06-08 16:06 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\WINDOWS\System32:DA3B8AF1_Uni.gbp [2]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)

==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\google.com -> www.google.com
IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\google.com.br -> www.google.com.br
IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itau.b.br -> www.itau.b.br
IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br
IE restricted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\skype.com -> hxxps://apps.skype.com

==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2013-08-22 10:25 - 2016-03-02 21:18 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-3040258654-2525527317-1144640668-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Guilherme\Pictures\118156.jpg
DNS Servers: 201.21.192.161 - 201.21.192.166
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

MSCONFIG\Services: Ds3Service => 2
HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Diebold - Warsaw"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_8E3994B149A099EB717863317060641F"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "RoboForm"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Spotify Web Helper"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{DE12D2C3-3458-4B34-B1F8-97DD53D6DE72}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{DA22B1C9-E8CB-437D-82A0-DB35D63EA8B4}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{0931B61C-340E-4839-9B02-DFB96CC41E8D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F5E4992-D41F-41E9-BC32-CF5A872C5258}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2BFBD6E9-230B-43A7-8E16-C81E61931EDE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C8D57F68-74B2-41D5-937D-C66E999822BF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{97834B26-15C0-4122-A138-E837EF88F7AF}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{389D6039-F232-4654-9549-688ADC772473}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B486233B-EDB2-479B-844E-C151D903C86B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{DC80A1D9-D7AF-42BA-94C4-022350CEA18A}] => (Allow) C:\Users\Guilherme\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2C32981C-E208-40CE-A688-18FB85D8EC3F}] => (Allow) C:\Users\Guilherme\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1B885182-2C0E-4E3C-A900-D216A2A1C5F9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B4F014BA-B7BB-44E8-A329-21785B14F130}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{384A1B77-B050-4C7C-9F48-725795DAFED6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5DE274E9-538C-411C-A8D7-5BDF66BC93E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9B541573-172B-4F40-B240-F9DAB7880D71}] => (Allow) D:\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{5C04C042-D52E-4783-9F28-4CC647E4D8DE}] => (Allow) D:\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{92A88604-011B-44EE-BD42-8E8ED1C22A85}] => (Allow) C:\Program Files (x86)\Embarcadero\Studio\15.0\bin\bds.exe
FirewallRules: [{C9A0DC45-876B-4134-BEE9-97D03F7156F4}] => (Allow) C:\Program Files (x86)\Embarcadero\Studio\15.0\bin\dbkw64_19_0.exe
FirewallRules: [TCP Query User{E8AE3515-29A5-47FE-9BC4-DF66B584B19D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{C8677CB6-2179-4AB2-BC10-8329DB7A05C8}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{EBDB20D3-B701-4049-BBD3-9D7DD0FF217E}C:\level up\smite\binaries\win32\smite.exe] => (Allow) C:\level up\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{1F6B28F5-4EFE-474C-A637-47C141BDCB77}C:\level up\smite\binaries\win32\smite.exe] => (Allow) C:\level up\smite\binaries\win32\smite.exe
FirewallRules: [{B391A776-6A57-4A54-8603-69A67CFE076E}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
FirewallRules: [{BA0F831F-D832-414C-878D-9BC5343642BD}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
FirewallRules: [TCP Query User{EAC1BB14-473A-42FB-BEB4-BAB10B8DE36D}C:\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe
FirewallRules: [UDP Query User{B15AB396-0986-4819-9FB9-0F474F3E885F}C:\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe
FirewallRules: [TCP Query User{30739AE7-250A-4BFD-8D90-E4E24C57A33A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{13705EC4-C3EF-41B8-BBBC-8A28DD5847A6}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{F95685AA-0306-464F-BEC4-0208BD934C42}] => (Allow) LPort=1688
FirewallRules: [{D196F4F4-B9E1-435A-BFEC-03969550FAF7}] => (Allow) D:\Installers\Windows 10 Activators\KMSpico.10.0.102040 Beta\KMSELDI.exe
FirewallRules: [{C4131B89-4E24-4C24-9775-3540207D9CBA}] => (Allow) D:\Installers\Windows 10 Activators\KMSpico.10.0.102040 Beta\KMSELDI.exe
FirewallRules: [TCP Query User{CDF11983-3DD6-480D-9017-F0286AAEC220}C:\users\guilherme\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilherme\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{7210040D-816F-4885-A4D1-63E5951719AA}C:\users\guilherme\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilherme\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{A847D85B-48DB-48F0-86AD-421028C007AF}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{7AAEB37F-65DE-41E7-A8C7-EFCF6B4B6746}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [TCP Query User{BC6C99A9-F764-4D08-B10A-6DA3A3BFA1B6}D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [UDP Query User{029FCE7E-F15E-4674-BD63-74D918F376F0}D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{55595132-149F-4407-8304-F912F59DA06A}] => (Block) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{CF1B9A4A-05F8-46C9-8C82-3836FE3A36EC}] => (Block) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
FirewallRules: [{111F126A-E69C-4E0F-B02F-95BDC12857BA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{4F8A2C6F-9FC6-4534-9ACB-0DB9ECCE8395}] => (Allow) D:\SteamLibrary\steamapps\common\Dustforce\dustforce.exe
FirewallRules: [{2D33B0FF-0FB8-4650-B14A-7B65A9F8CFC6}] => (Allow) D:\SteamLibrary\steamapps\common\Dustforce\dustforce.exe
FirewallRules: [{87547FCD-CB77-4FBD-9BF5-D2AD6F26B3DD}] => (Allow) D:\SteamLibrary\steamapps\common\Devil May Cry 4\DevilMayCry4_DX9.exe
FirewallRules: [{6968D28D-2758-4A0B-A729-4F94B2E49B61}] => (Allow) D:\SteamLibrary\steamapps\common\Devil May Cry 4\DevilMayCry4_DX9.exe
FirewallRules: [{8A5DE508-DD78-42AB-AF72-CB0C4C0FC8D5}] => (Allow) D:\SteamLibrary\steamapps\common\Devil May Cry 4\DevilMayCry4_DX10.exe
FirewallRules: [{1208AB90-05EE-4A02-857E-85B53B4ADA88}] => (Allow) D:\SteamLibrary\steamapps\common\Devil May Cry 4\DevilMayCry4_DX10.exe
FirewallRules: [TCP Query User{5F8582F5-E805-4194-BB74-3D5443BDF3C7}C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [UDP Query User{E4E5BDC9-554F-420E-BEBC-D171F1D569A9}C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [{88569BEB-84ED-4438-85BD-740C6FD86329}] => (Block) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [{59F1F1CF-A502-44EC-BA90-59A32B961C5A}] => (Block) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
FirewallRules: [TCP Query User{41300623-EEBB-45DB-AB89-F5675C1FEE0E}C:\program files\factorio\bin\x64\factorio.exe] => (Allow) C:\program files\factorio\bin\x64\factorio.exe
FirewallRules: [UDP Query User{4A381300-054C-4203-B8BD-3CA94EFB3432}C:\program files\factorio\bin\x64\factorio.exe] => (Allow) C:\program files\factorio\bin\x64\factorio.exe
FirewallRules: [TCP Query User{5CA6DFC3-09ED-4F86-9014-D2EE3F04FC05}C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => (Allow) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.6_42095.exe
FirewallRules: [UDP Query User{A91ED817-9C26-4608-962B-F30B24DD46F5}C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => (Allow) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.6_42095.exe
FirewallRules: [TCP Query User{11847CD6-0C6C-49A0-B43D-62EF9750D653}D:\games\enter the gungeon\etg.exe] => (Allow) D:\games\enter the gungeon\etg.exe
FirewallRules: [UDP Query User{D4E4A2DB-AB00-4249-AEAB-A845FC656131}D:\games\enter the gungeon\etg.exe] => (Allow) D:\games\enter the gungeon\etg.exe
FirewallRules: [{CCBE955E-FE63-4DA7-A281-A56232EC2257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{4A31ED45-126A-4835-B912-0D4D8D1293E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{00FBF3F4-2281-4A45-984E-12409723150F}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{1F0B5DB5-C76B-4EA3-926C-7F11010E693D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{D5FF75AD-C1BD-4049-BFB3-34D90D622DB6}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{CC6F1996-EF19-4038-B1D8-EE85313FBC92}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [TCP Query User{CB837A76-513A-4131-8A2E-C9A83F5AF579}C:\program files\java\jdk1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_73\bin\java.exe
FirewallRules: [UDP Query User{2993D00A-ACE5-4CD9-BF40-8D61C1269FF9}C:\program files\java\jdk1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_73\bin\java.exe
FirewallRules: [{F96B4501-BC48-4671-9E0E-1BCDE6E5C5A0}] => (Allow) D:\SteamLibrary\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{4AB66D76-599F-4D6A-9D5F-2F12B5F18395}] => (Allow) D:\SteamLibrary\steamapps\common\Magicka\Magicka.exe
FirewallRules: [TCP Query User{9E606FAF-A2C0-4D5A-926D-93231982D733}D:\steamlibrary\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) D:\steamlibrary\steamapps\common\torchlight ii\torchlight2.exe
FirewallRules: [UDP Query User{82C4E034-4080-4E73-BA4B-F0BC8893EAA1}D:\steamlibrary\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) D:\steamlibrary\steamapps\common\torchlight ii\torchlight2.exe
FirewallRules: [TCP Query User{6B93BC21-9FD0-457D-A1CE-78399123B45E}D:\installers\salt and sanctuary v1.0.0.3\salt.exe] => (Allow) D:\installers\salt and sanctuary v1.0.0.3\salt.exe
FirewallRules: [UDP Query User{817DC711-23A8-4F08-ADCE-45B4DB4E4145}D:\installers\salt and sanctuary v1.0.0.3\salt.exe] => (Allow) D:\installers\salt and sanctuary v1.0.0.3\salt.exe
FirewallRules: [TCP Query User{7524ADA4-3038-4132-A0EE-957224D13AE7}C:\users\guilherme\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guilherme\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2FDB6F01-E1C5-427C-BFA5-AD229B533CEE}C:\users\guilherme\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guilherme\appdata\roaming\spotify\spotify.exe
FirewallRules: [{2A2A67AA-919B-4DB0-8099-63C6C318F227}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{7A5FD532-795C-4AA7-97C9-A3B272600A70}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
FirewallRules: [{57411AE2-23E6-4733-83D7-37E2D82C082D}] => (Allow) D:\Prince of Persia Sands of Time\PrinceOfPersia.EXE
FirewallRules: [{FFB488AA-FB47-4A89-9009-7F94A441450C}] => (Allow) D:\Prince of Persia Sands of Time\PrinceOfPersia.EXE
FirewallRules: [{14669AD6-C509-4CE4-A977-AD13BA07B724}] => (Allow) D:\Prince of Persia Sands of Time\POP.EXE
FirewallRules: [{353335E3-B44E-41C7-A18F-D21E308C19B4}] => (Allow) D:\Prince of Persia Sands of Time\POP.EXE
FirewallRules: [{8B8603A2-B470-42A4-9C6B-3815C798D9F3}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [{F10DA50C-7B54-4FF9-9183-C17C6D3F18D5}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\mod_uploader.exe
FirewallRules: [TCP Query User{023D1361-DAD1-48B5-BF93-68755924C49E}C:\program files\android\android-studio\jre\bin\java.exe] => (Allow) C:\program files\android\android-studio\jre\bin\java.exe
FirewallRules: [UDP Query User{BA710EE6-03A1-4E12-8D91-1BF9FE833C61}C:\program files\android\android-studio\jre\bin\java.exe] => (Allow) C:\program files\android\android-studio\jre\bin\java.exe
FirewallRules: [TCP Query User{94F2D592-072D-4FD7-A6D8-D064A5A81E63}D:\games\portal 2\portal2.exe] => (Allow) D:\games\portal 2\portal2.exe
FirewallRules: [UDP Query User{7DD18F3B-7B01-404E-8257-5C2BD223E3B5}D:\games\portal 2\portal2.exe] => (Allow) D:\games\portal 2\portal2.exe
FirewallRules: [TCP Query User{4ACD9DB8-8EF4-48AC-919A-E2D7D761F82C}C:\users\guilherme\appdata\local\apps\2.0\kxko4wp6.g9m\t45te2y2.22x\wind..tion_c3bce3770c238a49_0001.0000_e0e9c97537a0c660\windows10iotcoredashboard.exe] => (Allow) C:\users\guilherme\appdata\local\apps\2.0\kxko4wp6.g9m\t45te2y2.22x\wind..tion_c3bce3770c238a49_0001.0000_e0e9c97537a0c660\windows10iotcoredashboard.exe
FirewallRules: [UDP Query User{391CF7FA-DB37-4C32-A525-2E3037E8C89A}C:\users\guilherme\appdata\local\apps\2.0\kxko4wp6.g9m\t45te2y2.22x\wind..tion_c3bce3770c238a49_0001.0000_e0e9c97537a0c660\windows10iotcoredashboard.exe] => (Allow) C:\users\guilherme\appdata\local\apps\2.0\kxko4wp6.g9m\t45te2y2.22x\wind..tion_c3bce3770c238a49_0001.0000_e0e9c97537a0c660\windows10iotcoredashboard.exe
FirewallRules: [{BFB46970-26C7-44E6-9D7A-103025B86C20}] => (Allow) D:\Games\Mr DJ\Deus Ex Human Revolution Directors Cut\DXHRDC.exe
FirewallRules: [{3481FBA6-C29F-4C96-AE75-8F127CB39C37}] => (Allow) D:\Games\Mr DJ\Deus Ex Human Revolution Directors Cut\DXHRDC.exe
FirewallRules: [TCP Query User{C67DF132-A3C6-4ED7-AE7A-A78600218F20}D:\games\factorio\bin\x64\factorio.exe] => (Allow) D:\games\factorio\bin\x64\factorio.exe
FirewallRules: [UDP Query User{C946D36D-AEE0-491B-A40E-30CE48A7772A}D:\games\factorio\bin\x64\factorio.exe] => (Allow) D:\games\factorio\bin\x64\factorio.exe
FirewallRules: [{42D199DD-B268-4B29-9542-45203993EBDE}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{8ED70B21-952D-4581-9F3B-03B962C000BB}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{02591AF2-41DC-491F-8C43-9DEAB20C693F}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{3FF546E9-B832-4F3E-ACA7-2658858F4D14}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{F6662C4B-163D-4AFC-BCA0-C18482FCF667}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{71F084E9-3B46-4DD8-9A03-AB72D40874AD}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{9EEE503E-C150-4FC7-BF57-2B1C78A8071D}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{D1833C22-59B1-4705-B6AF-E32A5FD98C96}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [TCP Query User{0A24C615-9243-4DBE-B048-666982F1A069}D:\games\diablo ii\game.exe] => (Allow) D:\games\diablo ii\game.exe
FirewallRules: [UDP Query User{910890B0-7306-487D-A647-D6BECAEF76AB}D:\games\diablo ii\game.exe] => (Allow) D:\games\diablo ii\game.exe
FirewallRules: [{8412254D-910E-4AFA-A54A-D1D52AC991DF}] => (Allow) D:\Games\Rayman Origins\gu.exe
FirewallRules: [{DE2C1EBD-7D10-453F-9A2A-4CF5D345509B}] => (Allow) D:\Games\Rayman Origins\gu.exe
FirewallRules: [{503C1546-01B8-4858-BEB5-E26DB7886E34}] => (Allow) D:\Games\Rayman Origins\Rayman Origins.exe
FirewallRules: [{48211AD6-506F-4225-A42A-48379857E98D}] => (Allow) D:\Games\Rayman Origins\Rayman Origins.exe
FirewallRules: [TCP Query User{FFF1E654-0168-483D-BAF4-4FCEC342071C}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{3A712EE3-C600-4C33-82FE-C93CF5066C93}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{B66A20C1-A351-4F00-9017-A48CA259B37A}D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe] => (Allow) D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe
FirewallRules: [UDP Query User{2E5A8067-8C9E-435B-B443-1A79F7F6B84F}D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe] => (Allow) D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe
FirewallRules: [{7C39A115-4652-45C1-AF0E-A42F8E696C80}] => (Block) D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe
FirewallRules: [{1F94912C-D6F1-4C70-9F48-812172B9BC92}] => (Block) D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe
FirewallRules: [TCP Query User{E7FA19A5-1593-45BC-A192-34225DBA01D5}D:\games\helldivers\binaries\x64\helldivers.exe] => (Allow) D:\games\helldivers\binaries\x64\helldivers.exe
FirewallRules: [UDP Query User{5693E021-FAE2-42BF-AC85-80A661A6314D}D:\games\helldivers\binaries\x64\helldivers.exe] => (Allow) D:\games\helldivers\binaries\x64\helldivers.exe
FirewallRules: [{EF2C0134-0E0E-4FC5-B333-0C598EE86C50}] => (Block) D:\games\helldivers\binaries\x64\helldivers.exe
FirewallRules: [{5B1C92EE-D192-4D36-A34A-F2A21ECFF2EE}] => (Block) D:\games\helldivers\binaries\x64\helldivers.exe
FirewallRules: [{71BAC44A-5700-494A-9A28-22D111AA0494}] => (Allow) D:\Games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{BE6D7608-6298-4A5B-9632-D19CEDCC867E}] => (Allow) D:\Games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{EBD3FD96-B915-48EC-81F5-077F8E5B2C98}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{93128CEF-A513-4BD9-B4E0-8D67271FA197}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B9CEE81C-32A1-445F-BCEB-F8D5B0FCDA36}] => (Allow) D:\SteamLibrary\steamapps\common\99Vidas - The Game\99VidasGame.exe
FirewallRules: [{729AB607-2A67-45C6-AC0F-2C33C382497B}] => (Allow) D:\SteamLibrary\steamapps\common\99Vidas - The Game\99VidasGame.exe
FirewallRules: [{C0D98FED-9A00-4AD6-B2DB-070A157A21AC}] => (Allow) D:\SteamLibrary\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
FirewallRules: [{23A6740E-3203-4EDA-BA43-422078A77692}] => (Allow) D:\SteamLibrary\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
FirewallRules: [TCP Query User{7016705E-E664-4D28-9F84-BAC7D25C3791}C:\users\guilherme\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guilherme\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{02899235-61C9-4C1E-AE75-67000FAC42D3}C:\users\guilherme\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guilherme\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A10F13BD-1372-4A93-9F2E-715CA9FD28CA}] => (Allow) D:\SteamLibrary\steamapps\common\Disgaea PC\dis1_st.exe
FirewallRules: [{5FA3E5A0-6068-4873-B5A4-6678F088C141}] => (Allow) D:\SteamLibrary\steamapps\common\Disgaea PC\dis1_st.exe
FirewallRules: [{D16875D3-89C2-432E-B7DA-02F99C95F0C5}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{C1A731B9-4C95-4445-AAF4-76496BA3D0A2}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{03E7B35D-9789-4A7B-82E8-E0B16AD63670}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{354F7F85-47FF-46DE-B450-351653C564ED}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{1E5EE88E-BB9A-403F-B42B-0698A32E0E0F}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{575A8F71-0058-4C09-81BF-3E75C7BCDEBB}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{B70FBB56-D947-4AE0-BB31-1D853CC236C7}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{36DEA739-E65E-473E-A6E5-92714ABBF392}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [TCP Query User{32F434C9-FAAA-4F91-9F1A-AD85D1A8B0D0}D:\games\salt and sanctuary\salt.exe] => (Allow) D:\games\salt and sanctuary\salt.exe
FirewallRules: [UDP Query User{B72B2AF6-3DA0-4EAF-9B20-969C13316400}D:\games\salt and sanctuary\salt.exe] => (Allow) D:\games\salt and sanctuary\salt.exe
FirewallRules: [{E1D2041E-D277-43AF-91CA-39506E0A53C4}] => (Block) D:\games\salt and sanctuary\salt.exe
FirewallRules: [{5C754D4A-38EA-46E3-884D-437A148B1731}] => (Block) D:\games\salt and sanctuary\salt.exe
FirewallRules: [TCP Query User{69B4AD74-AAA4-4D4A-B4C9-A2D4335A6095}C:\rrpg\rrpg.exe] => (Allow) C:\rrpg\rrpg.exe
FirewallRules: [UDP Query User{AA951611-A5F3-41B2-9C23-DFEE81BA4D8E}C:\rrpg\rrpg.exe] => (Allow) C:\rrpg\rrpg.exe
FirewallRules: [{EC87EB2E-E244-476F-83AC-58AB670684E7}] => (Block) C:\rrpg\rrpg.exe
FirewallRules: [{51787C44-D190-4E85-80AD-DC5CFA1C777D}] => (Block) C:\rrpg\rrpg.exe
FirewallRules: [{A0F7168B-55EB-469B-A0DE-CB567F273D24}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
FirewallRules: [{F5F199FE-D144-4F9F-B3EF-F6819434E6EA}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe

==================== Pontos de Restauração =========================

30-01-2017 13:58:35 Ponto de Verificação Agendado
08-02-2017 12:15:22 Ponto de Verificação Agendado
17-02-2017 12:13:39 Ponto de Verificação Agendado

==================== Dispositivos Apresentando Falhas No Gerenciador =============

==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (02/22/2017 05:58:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Guilherme-Note)
Description: Falha na ativação do aplicativo Microsoft.WindowsAlarms_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (02/22/2017 05:58:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Guilherme-Note)
Description: Falha na ativação do aplicativo Microsoft.WindowsAlarms_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (02/22/2017 05:33:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: AUTORIDADE NT)
Description: Falha ao descarregar as cadeias de caracteres do contador de desempenho do serviço WmiApRpl (WmiApRpl). O primeiro DWORD da seção de dados contém o código de erro.

Error: (02/22/2017 05:33:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: AUTORIDADE NT)
Description: As cadeias de caracteres de desempenho no valor do Registro de desempenho foram corrompidas durante o processamento do provedor do contador de extensões Performance. O valor BaseIndex do Registro de desempenho é o primeiro DWORD na seção de dados, o valor LastCounter é o segundo DWORD na seção de dados e o valor LastHelp é o terceiro DWORD na seção de dados.

Error: (02/22/2017 05:33:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: AUTORIDADE NT)
Description: As cadeias de caracteres de desempenho no valor do Registro de desempenho foram corrompidas durante o processamento do provedor do contador de extensões Performance. O valor BaseIndex do Registro de desempenho é o primeiro DWORD na seção de dados, o valor LastCounter é o segundo DWORD na seção de dados e o valor LastHelp é o terceiro DWORD na seção de dados.

Error: (02/22/2017 12:07:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Guilherme-Note)
Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (02/21/2017 07:29:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe".
Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (02/21/2017 07:29:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Windows Kits\10\bin\arm64\oleview.exe".
Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (02/21/2017 07:29:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Windows Kits\10\bin\arm64\filetypeverifier.exe".
Assembly dependente Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (02/21/2017 07:28:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
Assembly dependente Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Erros de Sistema:
=============
Error: (02/22/2017 05:59:22 AM) (Source: DCOM) (EventID: 10001) (User: Guilherme-Note)
Description: Não é possível iniciar o servidor DCOM: App.AppXvwgnrrhcka99admvy9fqan3zpdmgg69a.mca como Não Disponível/Não Disponível. O erro:
"31"
Aconteceu ao iniciar este comando:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca

Error: (02/22/2017 05:59:21 AM) (Source: DCOM) (EventID: 10001) (User: Guilherme-Note)
Description: Não é possível iniciar o servidor DCOM: App.AppXrvx5vw3ftamg62prcf1xd7e4aena2tfj.mca como Não Disponível/Não Disponível. O erro:
"31"
Aconteceu ao iniciar este comando:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca

Error: (02/22/2017 05:33:44 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/22/2017 05:33:43 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/22/2017 05:33:42 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/22/2017 05:33:41 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/22/2017 05:33:40 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/22/2017 05:33:39 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/22/2017 05:33:38 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (02/22/2017 05:33:37 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

==================== Informações da Memória ===========================

Processador: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentagem de memória em uso: 57%
RAM física total: 6027.2 MB
RAM física disponível: 2574.45 MB
Virtual Total: 7243.2 MB
Virtual disponível: 3716.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:193.26 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]
Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:361.36 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8BC57F20)

Partition: GPT.

==================== Fim de Addition.txt ============================

aswMBR Log

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-02-22 19:11:20
-----------------------------
19:11:20.829 OS Version: Windows x64 6.2.9200
19:11:20.829 Number of processors: 4 586 0x4501
19:11:20.829 ComputerName: GUILHERME-NOTE UserName: Guilherme
19:11:25.829 Initialize success
19:11:25.845 VM: initialized successfully
19:11:25.845 VM: Intel CPU supported
19:11:27.251 VM: disk I/O iaStorA.sys
19:11:39.036 AVAST engine defs: 17022101
19:11:43.739 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036
19:11:43.739 Disk 0 Vendor: TOSHIBA_MQ01ABD100 AX0R2J Size: 953869MB BusType: 11
19:11:44.192 Disk 0 MBR read successfully
19:11:44.192 Disk 0 MBR scan
19:11:44.692 Disk 0 unknown MBR code
19:11:44.739 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
19:11:45.286 Disk 0 scanning C:\WINDOWS\system32\drivers
19:12:36.979 Service scanning
19:15:00.877 Modules scanning
19:15:00.877 Disk 0 trace - called modules:
19:15:01.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
19:15:01.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0003b76e390]
19:15:01.250 3 CLASSPNP.SYS[fffff8005cb246c5] -> nt!IofCallDriver -> [0xffffe0003a1a1e40]
19:15:01.250 5 ACPI.sys[fffff8005baa1361] -> nt!IofCallDriver -> [0xffffe0003a103930]
19:15:01.257 7 ACPI.sys[fffff8005baa1361] -> nt!IofCallDriver -> \Device\00000036[0xffffe00038978500]
19:15:08.780 AVAST engine scan C:\WINDOWS
19:15:14.531 AVAST engine scan C:\WINDOWS\system32
19:27:26.006 AVAST engine scan C:\WINDOWS\system32\drivers
19:28:30.107 AVAST engine scan C:\Users\Guilherme
23:04:43.940 AVAST engine scan C:\ProgramData
23:18:55.656 Disk 0 statistics 13297722/0/0 @ 181,84 MB/s
23:18:55.672 Scan finished successfully
01:16:19.940 Disk 0 MBR has been saved successfully to "C:\Users\Guilherme\Desktop\MBR.dat"
01:16:19.940 The log file has been saved successfully to "C:\Users\Guilherme\Desktop\aswMBR.txt"

Juliet

2017-02-23, 17:52

Hello and welcome

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Or use this method ==> Press the windows key http://i1106.photobucket.com/albums/h363/debojyotidas/Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
GroupPolicy: Restrição <======= ATENÇÃO
SearchScopes: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418085823&from=smt&uid=ST2000DM001-1CH164_W1E5G644XXXXW1E5G644"
2015-11-15 16:42 - 2015-11-15 16:42 - 0079736 _____ (AppWork GmbH) C:\Users\Guilherme\AppData\Local\Temp\130920901306023245.exe
2015-11-15 16:42 - 2015-11-15 16:42 - 0872476 _____ (Web installer ) C:\Users\Guilherme\AppData\Local\Temp\13092090138792059536.exe
2016-09-23 03:46 - 2000-04-06 07:00 - 0263168 ____N () C:\Users\Guilherme\AppData\Local\Temp\binkw32.dll
2016-09-23 03:46 - 2001-05-09 21:19 - 0352256 ____N (Blizzard Entertainment) C:\Users\Guilherme\AppData\Local\Temp\d2l_Install.exe
2016-02-17 17:44 - 2016-02-17 17:44 - 0000000 _____ () C:\Users\Guilherme\AppData\Local\Temp\GURDACB.exe
2016-01-04 17:06 - 2016-01-04 17:07 - 24814584 _____ (ArenaNet) C:\Users\Guilherme\AppData\Local\Temp\Gw2.exe
2016-10-13 19:23 - 2016-10-13 19:23 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.2182347912007514.dll
2016-08-23 22:04 - 2016-08-23 22:04 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.30589597969029025.dll
2016-07-24 22:19 - 2016-07-24 22:19 - 0741440 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u101-windows-au.exe
2015-10-07 15:17 - 2015-10-07 15:17 - 0585824 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u65-windows-au.exe
2016-01-20 21:55 - 2016-01-20 21:55 - 0644704 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-13 09:54 - 2016-02-13 09:54 - 0736352 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u73-windows-au.exe
2015-09-01 08:11 - 2015-09-01 08:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Guilherme\AppData\Local\Temp\McCSPInstall.dll
2015-11-01 11:20 - 2015-09-01 08:11 - 0162120 _____ (McAfee Inc.) C:\Users\Guilherme\AppData\Local\Temp\mccspuninstall.exe
2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole146836755875676782.dll
2016-09-27 10:28 - 2016-09-27 10:28 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole4981657535685034036.dll
2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole6307089412700812183.dll
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Nenhum Arquivo
Task: {1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {4015100D-83DE-40EC-B5E5-F296E74BF4D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {587BB18C-0389-495F-9807-33212B50E3FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMKMGMKJMJOJOMHMJMCNGMMMJJHMCNLMNMOJLMCNGMMJMMJMCNMJHMKMNJMMLJOJLMGMHMOMNJJNJICMIMCNGMCNOMHMFMOMOMCNPMCNOMPMNMLMPMFMPMCNPMCNOMPMNMLMPMCNNMJNPICMPMFMFMNMMMMMJNHICMEKMICNJJCKJNBJCMILKIGJDJHJKJNICJKJJNKJCMJNNICMJNDJCMNJNIJNMJCMPM (a entrada de dados tem 41 mais caracteres).
Task: {E7D72BDE-7AE1-438D-97D6-77E14CC51A37} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Guilherme\Anaconda2\Scripts\activate.bat C:\Users\Guilherme\Anaconda2
AlternateDataStreams: C:\WINDOWS\System32:DA3B8AF1_Uni.gbp [2]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270]
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

Zeniker

2017-02-23, 23:57

Hello Juliet.

Thanks for the help! Here's the logs you requested.

Fixlog

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 23-02-2017 01
Executado por Guilherme (23-02-2017 18:51:46) Run:1
Executando a partir de C:\Users\Guilherme\Desktop
Perfis Carregados: UpdatusUser & Guilherme (Perfis Disponíveis: UpdatusUser & Guilherme & Administrador)
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
start
CreateRestorePoint:
CloseProcesses:
IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
GroupPolicy: Restrição <======= ATENÇÃO
SearchScopes: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418085823&from=smt&uid=ST2000DM001-1CH164_W1E5G644XXXXW1E5G644"
2015-11-15 16:42 - 2015-11-15 16:42 - 0079736 _____ (AppWork GmbH) C:\Users\Guilherme\AppData\Local\Temp\130920901306023245.exe
2015-11-15 16:42 - 2015-11-15 16:42 - 0872476 _____ (Web installer ) C:\Users\Guilherme\AppData\Local\Temp\13092090138792059536.exe
2016-09-23 03:46 - 2000-04-06 07:00 - 0263168 ____N () C:\Users\Guilherme\AppData\Local\Temp\binkw32.dll
2016-09-23 03:46 - 2001-05-09 21:19 - 0352256 ____N (Blizzard Entertainment) C:\Users\Guilherme\AppData\Local\Temp\d2l_Install.exe
2016-02-17 17:44 - 2016-02-17 17:44 - 0000000 _____ () C:\Users\Guilherme\AppData\Local\Temp\GURDACB.exe
2016-01-04 17:06 - 2016-01-04 17:07 - 24814584 _____ (ArenaNet) C:\Users\Guilherme\AppData\Local\Temp\Gw2.exe
2016-10-13 19:23 - 2016-10-13 19:23 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.2182347912007514.dll
2016-08-23 22:04 - 2016-08-23 22:04 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.30589597969029025.dll
2016-07-24 22:19 - 2016-07-24 22:19 - 0741440 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u101-windows-au.exe
2015-10-07 15:17 - 2015-10-07 15:17 - 0585824 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u65-windows-au.exe
2016-01-20 21:55 - 2016-01-20 21:55 - 0644704 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-13 09:54 - 2016-02-13 09:54 - 0736352 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u73-windows-au.exe
2015-09-01 08:11 - 2015-09-01 08:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Guilherme\AppData\Local\Temp\McCSPInstall.dll
2015-11-01 11:20 - 2015-09-01 08:11 - 0162120 _____ (McAfee Inc.) C:\Users\Guilherme\AppData\Local\Temp\mccspuninstall.exe
2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole146836755875676782.dll
2016-09-27 10:28 - 2016-09-27 10:28 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole4981657535685034036.dll
2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole6307089412700812183.dll
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Nenhum Arquivo
Task: {1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {4015100D-83DE-40EC-B5E5-F296E74BF4D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {587BB18C-0389-495F-9807-33212B50E3FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMKMGMKJMJOJOMHMJMCNGMMMJJHMCNLMNMOJLMCNGMMJMMJMCNMJHMKMNJMMLJOJLMGMHMOMNJJNJICMIMCNGMCNOMHMFMOMOMCNPMCNOMPMNMLMPMFMPMCNPMCNOMPMNMLMPMCNNMJNPICMPMFMFMNMMMMMJNHICMEKMICNJJCKJNBJCMILKIGJDJHJKJNICJKJJNKJCMJNNICMJNDJCMNJNIJNMJCMPM (a entrada de dados tem 41 mais caracteres).
Task: {E7D72BDE-7AE1-438D-97D6-77E14CC51A37} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Guilherme\Anaconda2\Scripts\activate.bat C:\Users\Guilherme\Anaconda2
AlternateDataStreams: C:\WINDOWS\System32:DA3B8AF1_Uni.gbp [2]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270]
EmptyTemp:
Hosts:
End
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => chave removido (a) com sucesso.
C:\WINDOWS\system32\GroupPolicy\Machine => movido com sucesso
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido com sucesso
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => chave removido (a) com sucesso.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => chave não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => chave removido (a) com sucesso.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => chave não encontrado (a).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => chave não encontrado (a).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => chave removido (a) com sucesso.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => chave não encontrado (a).
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.73.2 => chave removido (a) com sucesso.
C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll => movido com sucesso
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2 => chave removido (a) com sucesso.
C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll => movido com sucesso
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.71.2 => chave removido (a) com sucesso.
C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => movido com sucesso
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.71.2 => chave removido (a) com sucesso.
C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => movido com sucesso
Chrome StartupUrls => removido (a) com sucesso.
C:\Users\Guilherme\AppData\Local\Temp\130920901306023245.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\13092090138792059536.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\binkw32.dll => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\d2l_Install.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\GURDACB.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\Gw2.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\javagiac0.2182347912007514.dll => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\javagiac0.30589597969029025.dll => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\jre-8u101-windows-au.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\jre-8u65-windows-au.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\jre-8u71-windows-au.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\jre-8u73-windows-au.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\McCSPInstall.dll => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\mccspuninstall.exe => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\proxy_vole146836755875676782.dll => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\proxy_vole4981657535685034036.dll => movido com sucesso
C:\Users\Guilherme\AppData\Local\Temp\proxy_vole6307089412700812183.dll => movido com sucesso
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => chave removido (a) com sucesso.
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => chave removido (a) com sucesso.
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => chave removido (a) com sucesso.
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => chave removido (a) com sucesso.
HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4015100D-83DE-40EC-B5E5-F296E74BF4D2} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4015100D-83DE-40EC-B5E5-F296E74BF4D2} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{587BB18C-0389-495F-9807-33212B50E3FA} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{587BB18C-0389-495F-9807-33212B50E3FA} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Open URL by RoboForm => movido com sucesso
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7D72BDE-7AE1-438D-97D6-77E14CC51A37} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7D72BDE-7AE1-438D-97D6-77E14CC51A37} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => chave removido (a) com sucesso.
C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk => Atalho argumento removido (a) com sucesso..
C:\WINDOWS\System32 => ":DA3B8AF1_Uni.gbp" ADS removido (a) com sucesso..
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":r0d3jo5" ADS removido (a) com sucesso..
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso..
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15163266 B
Java, Flash, Steam htmlcache => 530789706 B
Windows/system/drivers => 616135551 B
Edge => 14820 B
Chrome => 10910257 B
Firefox => 375039377 B
Opera => 19803240 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 100443 B
LocalService => 99424 B
NetworkService => 3166 B
UpdatusUser => 0 B
Guilherme => 13084977915 B
Administrator => 6242 B

RecycleBin => 136365 B
EmptyTemp: => 13.6 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 19:07:44 ====

AdwCleaner[C0]

# AdwCleaner v6.043 - Relatório criado 23/02/2017 às 19:32:25
# Atualizado em 27/01/2017 por Malwarebytes
# Banco de dados : 2017-02-23.4 [Servidor]
# Sistema operacional : Windows 10 Home Single Language (X64)
# Usuário : Guilherme - GUILHERME-NOTE
# Executando de : C:\Users\Guilherme\Desktop\AdwCleaner.exe
# Modo: Limpo
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

***** [ Pastas ] *****

***** [ Arquivos ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Atividades agendadas ] *****

***** [ Registro ] *****

[-] Chave excluída:HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Chave excluída:HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Chave excluída na reinicialização:[x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Chave excluída na reinicialização:[x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Chave excluída:HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Chave excluída:HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Chave excluída:HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com

***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:br.ask.com
[-] [C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:ask.com
[-] [C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:yahoo.com

*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2338 Bytes] - [23/02/2017 19:32:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [2624 Bytes] - [23/02/2017 19:25:34]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2484 Bytes] ##########

And JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home Single Language x64
Ran by Guilherme (Administrator) on 23/02/2017 at 19:43:28,90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 4

Successfully deleted: C:\WINDOWS\system32\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002 (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\update-sys (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002.job (Task)
Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/02/2017 at 19:49:44,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet

2017-02-24, 11:53

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
http://i24.photobucket.com/albums/c30/ken545/MBAM3_zpsw0f8rn9n.jpg

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.

Please paste the log back into this thread for review

Exit Malwarebytes

Computer better?

Zeniker

2017-02-25, 00:40

Thanks again for the help. Everything seems to be fine now.

Here's the Malwarebytes log, no threats found.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/24/17
Scan Time: 8:23 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1345
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: Guilherme-Note\Guilherme

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 605937
Time Elapsed: 11 min, 46 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Juliet

2017-02-25, 05:03

Good deal

Would like to finish up with an online scan please.

Download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download/) and save it to your desktop.
Double-click icon then click Install
A Window should open highlighting Start Emergency Kit Scanner
Right click on the icon and select Run as administrator
Click 1. Update now!
Once the update is completed select Settings under Scan
Uncheck Join the Emsisoft Anti-Malware Network
Click Scan at the top
Click On scan completion
Click Quarantine detected objects, then click OK
Click Malware Scan
Once completed click View Report
Save the file to your Desktop using the default file name
Copy and paste the report in your reply

Zeniker

2017-02-28, 13:39

Sorry for the wait. Here's the log.

Emsisoft Emergency Kit - Version 12.0
Last update: 28/02/2017 09:03:24
User account: Guilherme-Note\Guilherme
Computer name: GUILHERME-NOTE
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 28/02/2017 09:22:43

Scanned 99329
Found 0

Scan end: 28/02/2017 09:37:32
Scan time: 0:14:49

Juliet

2017-02-28, 15:52

If all is still good

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

************************************

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

Juliet

2017-03-05, 12:33

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.