Results 1 to 9 of 9

Thread: VBS Malware

  1. #1
    Junior Member
    Join Date
    Feb 2017
    Posts
    4

    Default VBS Malware

    Yesterday avast started to detect a vbs malware whenever the Opera or Google Chrome was open, howerer it doesn't happen with firefox. I ran Avast scan and it detected several files infected with the same virus i think, some of those in the Windows folder. Here's the farbar log.

    Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 19-02-2017
    Executado por Guilherme (administrador) em GUILHERME-NOTE (22-02-2017 05:44:09)
    Executando a partir de C:\Users\Guilherme\Desktop
    Perfis Carregados: UpdatusUser & Guilherme (Perfis Disponíveis: UpdatusUser & Guilherme & Administrador)
    Platform: Windows 10 Home Single Language (X64) Idioma: Português (Brasil)
    Internet Explorer Versão 11 (Navegador padrão: Opera)
    Modo da Inicialização: Normal
    Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processos (Whitelisted) =================

    (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
    (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
    (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
    (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
    (Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
    () C:\Windows\System32\igfxTray.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
    (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.17020_none_1152834562020692\TiWorker.exe
    (Opera Software) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
    () D:\Games\Crypt of the NecroDancer\unins000.exe
    () C:\Users\Guilherme\AppData\Local\Temp\_iu14D2N.tmp

    ==================== Registro (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [920280 2015-04-17] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
    HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
    HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-11-01] (ELAN Microelectronics Corp.)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-18] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
    HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
    HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
    Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll [X]
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Google Update] => C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Spotify Web Helper] => C:\Users\Guilherme\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-02-19] (Spotify Ltd)
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Spotify] => C:\Users\Guilherme\AppData\Roaming\Spotify\Spotify.exe [7067760 2017-02-19] (Spotify Ltd)
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27427808 2017-01-23] (Skype Technologies S.A.)
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\RunOnce: [Uninstall C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\RunOnce: [Uninstall C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\RunOnce: [Uninstall C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
    AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
    IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
    ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll -> Nenhum Arquivo
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.3.226\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-26] (AVAST Software)
    Startup: C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-01-31]
    ShortcutTarget: Curse.lnk -> C:\Users\Guilherme\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
    GroupPolicy: Restrição <======= ATENÇÃO

    ==================== Internet (Whitelisted) ====================

    (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

    Tcpip\..\Interfaces\{185f0d10-ace8-4f9b-9b2b-b13488d7d565}: [DhcpNameServer] 201.21.192.161 201.21.192.166
    Tcpip\..\Interfaces\{fa2d569b-cdc1-4147-a5a5-2fdf68d294d5}: [DhcpNameServer] 201.21.192.161 201.21.192.166

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-12] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-12] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
    BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll => Nenhum Arquivo
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)

    FireFox:
    ========
    FF DefaultProfile: 8x4uo2vf.default
    FF ProfilePath: C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\kp37pia3.dev-edition-default [2016-12-17]
    FF Extension: (Adblock Plus) - C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\kp37pia3.dev-edition-default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
    FF ProfilePath: C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\8x4uo2vf.default [2016-12-17]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-14]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-14]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-12] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-12] (Oracle Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-11-14] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3040258654-2525527317-1144640668-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin HKU\S-1-5-21-3040258654-2525527317-1144640668-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe

    Chrome:
    =======
    CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418085823&from=smt&uid=ST2000DM001-1CH164_W1E5G644XXXXW1E5G644"
    CHR Profile: C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
    CHR Extension: (Google Apresentações) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-24]
    CHR Extension: (Google Docs) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
    CHR Extension: (Google Drive) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
    CHR Extension: (YouTube) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
    CHR Extension: (Adblock Plus) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-30]
    CHR Extension: (Google Search) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (Planilhas do Google) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-24]
    CHR Extension: (Documentos Google off-line) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
    CHR Extension: (Avast Online Security) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-16]
    CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
    CHR Extension: (Gmail) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
    CHR Extension: (Chrome Media Router) - C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <não encontrado (a)>
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <não encontrado (a)>

    Opera:
    =======
    OPR Extension: (Adblock Plus) - C:\Users\Guilherme\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-10-28]

    ==================== Serviços (Whitelisted) ====================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [Arquivo não assinado]
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144104 2015-07-21] (ELAN Microelectronics Corp.)
    R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
    U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [Arquivo não assinado]
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [Arquivo não assinado]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
    R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
    R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
    S3 Origin Client Service; D:\Origin\OriginClientService.exe [2120712 2016-06-03] (Electronic Arts)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [Arquivo não assinado]
    S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24856 2016-08-03] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-09-26] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-09-26] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-09-26] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-09-26] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-26] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-09-26] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-09-26] (AVAST Software)
    R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-09-26] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
    S1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2016-07-24] (GAS Tecnologia)
    R3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2015-08-06] (LogMeIn Inc.)
    R2 IntelHaxm; C:\WINDOWS\system32\DRIVERS\IntelHaxm.sys [96776 2015-11-16] (Intel Corporation)
    R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
    S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2016-01-23] (hxxp://libusb-win32.sourceforge.net)
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
    S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [82072 2015-08-10] (McAfee, Inc.)
    R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
    R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider)
    R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.)
    R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
    R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
    R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
    S3 UdeCx; C:\WINDOWS\System32\drivers\udecx.sys [44032 2015-07-10] ()
    R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
    R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    S3 GBPRCM; \??\C:\Program Files (x86)\GbPlugin\gbprcm64.sys [X]
    S3 Warsaw_PP; \??\C:\PROGRA~2\GbPlugin\wsftprp64.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


    ==================== Um Mês Criados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-02-22 05:45 - 2017-02-22 05:45 - 05198336 _____ (AVAST Software) C:\Users\Guilherme\Desktop\aswMBR.exe
    2017-02-22 05:44 - 2017-02-22 05:50 - 00023985 _____ C:\Users\Guilherme\Desktop\FRST.txt
    2017-02-22 05:42 - 2017-02-22 05:44 - 00000000 ____D C:\FRST
    2017-02-22 05:42 - 2017-02-22 05:42 - 02422784 _____ (Farbar) C:\Users\Guilherme\Desktop\FRST64.exe
    2017-02-22 05:37 - 2017-02-22 05:37 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-GUILHERME-NOTE-Windows-10-Home-Single-Language-(64-bit).dat
    2017-02-22 05:37 - 2017-02-22 05:37 - 00000000 ____D C:\RegBackup
    2017-02-22 05:36 - 2017-02-22 05:36 - 00018004 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2017-02-22 05:36 - 2017-02-22 05:36 - 00002314 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2017-02-22 05:36 - 2017-02-22 05:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2017-02-22 05:36 - 2017-02-22 05:36 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2017-02-22 05:35 - 2017-02-22 05:36 - 05766144 _____ (Tweaking.com) C:\Users\Guilherme\Desktop\tweaking.com_registry_backup_setup.exe
    2017-02-22 05:26 - 2017-02-22 05:26 - 00016148 _____ C:\WINDOWS\system32\GUILHERME-NOTE_Guilherme_HistoryPrediction.bin
    2017-01-31 10:35 - 2017-01-31 10:35 - 00020542 _____ C:\Users\Guilherme\Downloads\segundaViaDoc.pdf
    2017-01-28 18:18 - 2017-01-28 18:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software

    ==================== Um Mês Modificados arquivos e pastas ========

    (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

    2017-02-22 05:51 - 2015-10-24 21:41 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\BitTorrent
    2017-02-22 05:47 - 2015-07-30 19:25 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-02-22 05:40 - 2015-07-30 19:42 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-02-22 05:35 - 2015-10-24 21:11 - 00000075 _____ C:\Users\Guilherme\AppData\Roaming\sp_data.sys
    2017-02-22 05:34 - 2015-07-30 19:42 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-22 05:33 - 2016-02-03 16:55 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
    2017-02-22 05:33 - 2015-10-27 18:24 - 02238952 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-02-22 05:33 - 2015-09-10 02:05 - 02278134 _____ C:\WINDOWS\system32\prfh0416.dat
    2017-02-22 05:33 - 2015-09-10 02:05 - 00664324 _____ C:\WINDOWS\system32\prfc0416.dat
    2017-02-22 05:33 - 2014-03-29 14:22 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
    2017-02-22 05:32 - 2015-11-01 14:12 - 00004190 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A98DCBA0-4827-44CB-80EA-350247BCB4A2}
    2017-02-22 05:27 - 2016-10-27 18:31 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
    2017-02-22 05:27 - 2015-10-27 18:32 - 00000000 __SHD C:\Users\Guilherme\IntelGraphicsProfiles
    2017-02-22 05:27 - 2015-10-27 18:00 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-02-22 05:26 - 2016-04-15 20:06 - 00000093 _____ C:\HaxLogs.txt
    2017-02-22 05:26 - 2015-07-30 18:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-02-22 02:27 - 2013-08-22 10:36 - 00000000 ____D C:\Users\Default.migrated
    2017-02-22 00:07 - 2015-10-24 21:29 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Skype
    2017-02-22 00:07 - 2015-07-10 06:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2017-02-22 00:06 - 2016-06-03 19:09 - 00000000 ____D C:\Users\Guilherme\AppData\Local\Spotify
    2017-02-22 00:01 - 2015-10-24 22:53 - 00000426 _____ C:\WINDOWS\Tasks\update-sys.job
    2017-02-21 23:31 - 2015-10-24 22:53 - 00000426 _____ C:\WINDOWS\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002.job
    2017-02-21 20:48 - 2016-06-03 19:06 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Spotify
    2017-02-20 20:24 - 2017-01-05 21:44 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-02-20 20:24 - 2015-10-27 18:40 - 00002387 _____ C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-02-09 21:47 - 2016-06-28 21:22 - 00003974 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1467159759
    2017-02-09 21:47 - 2016-06-28 21:22 - 00001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
    2017-02-09 21:47 - 2016-06-28 21:20 - 00000000 ____D C:\Program Files (x86)\Opera
    2017-02-07 00:11 - 2015-10-24 21:24 - 00002477 _____ C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-02-05 23:36 - 2016-10-01 22:26 - 00000000 ____D C:\Users\Guilherme\AppData\Roaming\Audacity
    2017-02-02 19:06 - 2016-09-13 18:27 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-02-02 19:06 - 2015-10-24 21:28 - 00000000 ____D C:\Users\Todos os Usuários\Skype
    2017-02-02 19:06 - 2015-10-24 21:28 - 00000000 ____D C:\ProgramData\Skype
    2017-02-01 13:51 - 2016-04-09 12:43 - 00000000 ____D C:\Users\Guilherme\Desktop\App
    2017-01-30 18:19 - 2015-11-01 11:38 - 00004278 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2017-01-30 14:35 - 2016-01-23 11:19 - 00000000 ____D C:\Users\Guilherme\Desktop\Jogos
    2017-01-30 14:35 - 2015-10-25 23:50 - 00000000 ____D C:\Program Files (x86)\Steam
    2017-01-29 17:29 - 2015-10-27 18:06 - 00000000 ____D C:\Users\UpdatusUser
    2017-01-28 18:18 - 2015-10-25 12:07 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-01-28 14:44 - 2015-11-10 18:39 - 00000000 ____D C:\Users\Guilherme\Documents\CnWizards
    2017-01-27 23:17 - 2015-11-09 17:40 - 00000000 ____D C:\Users\Todos os Usuários\Embarcadero
    2017-01-27 23:17 - 2015-11-09 17:40 - 00000000 ____D C:\ProgramData\Embarcadero
    2017-01-27 15:52 - 2015-10-27 18:06 - 00000000 ____D C:\Users\Guilherme

    ==================== Arquivos na raiz de alguns diretórios =======

    2015-10-24 21:11 - 2017-02-22 05:35 - 0000075 _____ () C:\Users\Guilherme\AppData\Roaming\sp_data.sys
    2016-08-14 20:08 - 2016-08-14 20:08 - 0000000 ___SH () C:\Users\Guilherme\AppData\Local\LumaEmu
    2016-11-17 18:19 - 2016-11-17 18:19 - 0002421 _____ () C:\Users\Guilherme\AppData\Local\recently-used.xbel
    2015-10-24 22:53 - 2015-10-24 22:53 - 0000003 _____ () C:\Users\Guilherme\AppData\Local\updater.log
    2015-10-24 22:53 - 2016-08-07 03:07 - 0000424 _____ () C:\Users\Guilherme\AppData\Local\UserProducts.xml
    2013-12-18 14:55 - 2012-09-07 08:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
    2013-12-18 14:55 - 2009-07-22 07:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2013-12-18 14:55 - 2012-09-07 08:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

    Alguns arquivos em TEMP:
    ====================
    2015-11-15 16:42 - 2015-11-15 16:42 - 0079736 _____ (AppWork GmbH) C:\Users\Guilherme\AppData\Local\Temp\130920901306023245.exe
    2015-11-15 16:42 - 2015-11-15 16:42 - 0872476 _____ (Web installer ) C:\Users\Guilherme\AppData\Local\Temp\13092090138792059536.exe
    2016-09-23 03:46 - 2000-04-06 07:00 - 0263168 ____N () C:\Users\Guilherme\AppData\Local\Temp\binkw32.dll
    2016-09-23 03:46 - 2001-05-09 21:19 - 0352256 ____N (Blizzard Entertainment) C:\Users\Guilherme\AppData\Local\Temp\d2l_Install.exe
    2016-02-17 17:44 - 2016-02-17 17:44 - 0000000 _____ () C:\Users\Guilherme\AppData\Local\Temp\GURDACB.exe
    2016-01-04 17:06 - 2016-01-04 17:07 - 24814584 _____ (ArenaNet) C:\Users\Guilherme\AppData\Local\Temp\Gw2.exe
    2016-10-13 19:23 - 2016-10-13 19:23 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.2182347912007514.dll
    2016-08-23 22:04 - 2016-08-23 22:04 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.30589597969029025.dll
    2016-07-24 22:19 - 2016-07-24 22:19 - 0741440 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u101-windows-au.exe
    2015-10-07 15:17 - 2015-10-07 15:17 - 0585824 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u65-windows-au.exe
    2016-01-20 21:55 - 2016-01-20 21:55 - 0644704 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u71-windows-au.exe
    2016-02-13 09:54 - 2016-02-13 09:54 - 0736352 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u73-windows-au.exe
    2015-09-01 08:11 - 2015-09-01 08:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Guilherme\AppData\Local\Temp\McCSPInstall.dll
    2015-11-01 11:20 - 2015-09-01 08:11 - 0162120 _____ (McAfee Inc.) C:\Users\Guilherme\AppData\Local\Temp\mccspuninstall.exe
    2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole146836755875676782.dll
    2016-09-27 10:28 - 2016-09-27 10:28 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole4981657535685034036.dll
    2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole6307089412700812183.dll

    ==================== Bamital & volsnap ======================

    (Não há correção automática para arquivos que não passaram na verificação.)

    C:\WINDOWS\system32\winlogon.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\wininit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\explorer.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\svchost.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\services.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\User32.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\userinit.exe => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\rpcss.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\SysWOW64\dnsapi.dll => O arquivo é assinado digitalmente
    C:\WINDOWS\system32\Drivers\volsnap.sys => O arquivo é assinado digitalmente

    LastRegBack: 2017-02-19 16:26

    ==================== Fim de FRST.txt ============================

    Addition Log:

    Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 19-02-2017
    Executado por Guilherme (22-02-2017 05:51:58)
    Executando a partir de C:\Users\Guilherme\Desktop
    Windows 10 Home Single Language (X64) (2015-10-27 21:31:29)
    Modo da Inicialização: Normal
    ==========================================================


    ==================== Contas: =============================

    Administrador (S-1-5-21-3040258654-2525527317-1144640668-500 - Administrator - Disabled) => C:\Users\Administrator
    Convidado (S-1-5-21-3040258654-2525527317-1144640668-501 - Limited - Enabled)
    DefaultAccount (S-1-5-21-3040258654-2525527317-1144640668-503 - Limited - Disabled)
    Guilherme (S-1-5-21-3040258654-2525527317-1144640668-1002 - Administrator - Enabled) => C:\Users\Guilherme
    HomeGroupUser$ (S-1-5-21-3040258654-2525527317-1144640668-1004 - Limited - Enabled)
    UpdatusUser (S-1-5-21-3040258654-2525527317-1144640668-1001 - Limited - Enabled) => C:\Users\UpdatusUser

    ==================== Central de Segurança ========================

    (Se uma entrada for incluída na fixlist, será removida.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Programas Instalados ======================

    (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

    99Vidas (HKLM\...\Steam App 557040) (Version: - QUByte Interactive)
    Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
    Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
    Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
    Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
    Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
    Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader Driver (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden
    Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
    Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
    ASUS Backtracker (HKLM-x32\...\{C15C060C-ED1C-49EB-83B3-F7C0FD1CD661}) (Version: 3.0.3 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.6 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.7 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
    ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
    ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
    AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
    Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
    Build Tools for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
    Build Tools for Windows 10 (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
    Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
    CnPack IDE Wizards (HKLM-x32\...\CnWizards) (Version: 1.0.5.693 - CnPack Team)
    CodeBlocks (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\CodeBlocks) (Version: 13.12 - The Code::Blocks Team)
    CodedUITestUAP (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.4.60 - Conexant)
    Curse (HKLM-x32\...\{A20BFF62-AE3C-42BD-9C52-841CAB96BC49}) (Version: 6.0.0.0 - Curse)
    DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
    Dead Space™ (HKLM-x32\...\{6E6F22D7-8AD6-4A87-9A47-733E6E996F50}) (Version: 1.0.0.222 - Electronic Arts)
    Deus Ex Human Revolution Directors Cut version 2.0.66.0 (HKLM-x32\...\Deus Ex Human Revolution Directors Cut_is1) (Version: 2.0.66.0 - Mr DJ)
    Devil May Cry 4 (HKLM-x32\...\Steam App 45700) (Version: - Capcom)
    Discord (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
    Disgaea PC (HKLM\...\Steam App 405900) (Version: - Nippon Ichi Software, Inc.)
    Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
    Dustforce (HKLM-x32\...\Steam App 65300) (Version: - Hitbox Team)
    ELAN Touchpad 11.5.20.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.20.3 - ELAN Microelectronic Corp.)
    Embarcadero RAD Studio XE7 (HKLM-x32\...\{70A0BF24-4DD3-42C9-81A5-43C5644F5834}_is1) (Version: 21.0.17707.5020 - Lsuper)
    Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
    Firefox Developer Edition 45.0a2 (x86 pt-BR) (HKLM-x32\...\Firefox Developer Edition 45.0a2 (x86 pt-BR)) (Version: 45.0a2 - Mozilla)
    Firestorm Launcher version 1.3 (HKLM-x32\...\{008D5963-9A73-4472-8C16-A5BF04491B9D}_is1) (Version: 1.3 - Firestorm)
    GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.269.0 - International GeoGebra Institute)
    GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
    Google Chrome (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
    Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
    Hyper Light Drifter (HKLM-x32\...\1452863689_is1) (Version: 2.6.0.8 - GOG.com)
    IDE Tools for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
    IDE Tools for Windows 10 (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
    IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
    IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
    IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
    Intel® Hardware Accelerated Execution Manager (HKLM\...\{30F3FF94-225B-4319-A13C-E307FFDA3CFB}) (Version: 6.0.1 - Intel Corporation)
    Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    Java 8 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418071F0}) (Version: 8.0.710.15 - Oracle Corporation)
    Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
    Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
    Java SE Development Kit 7 Update 71 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
    Java SE Development Kit 8 Update 73 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180730}) (Version: 8.0.730.2 - Oracle Corporation)
    JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
    Kits Configuration Installer (x32 Version: 10.1.14393.33 - Microsoft) Hidden
    League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
    League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
    LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation)
    Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
    LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
    LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
    Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios)
    Mediatek Bluetooth (HKLM\...\{E0B1ECF5-766A-5464-BFE2-2C1BED6A49FB}) (Version: 11.0.748.2 - Mediatek)
    Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
    Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
    Microsoft Server Speech Platform Runtime (x64) (HKLM\...\{3B433087-E62E-4BF5-97F9-4AF6E1C2409C}) (Version: 11.0.7400.345 - Microsoft Corporation)
    Microsoft Server Speech Platform Runtime (x86) (HKLM-x32\...\{22CB8ED7-DF57-4864-BD04-F63B9CE4B494}) (Version: 11.0.7400.345 - Microsoft Corporation)
    Microsoft Server Speech Recognition Language - TELE (en-US) (HKLM-x32\...\{66D57636-BD4B-402F-9E7D-5E89C28C8136}) (Version: 11.0.7400.335 - Microsoft Corporation)
    Microsoft Server Speech Recognition Language - TELE (pt-BR) (HKLM-x32\...\{F6B5EB21-0ABF-487C-B9A9-D9DB259C4403}) (Version: 11.0.7400.335 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
    Microsoft Speech Platform SDK (x64) v11.0 (HKLM\...\{53D682B6-5381-4B44-B590-584AAD0460C0}) (Version: 11.0.7400.345 - Microsoft Corporation)
    Microsoft Speech Platform SDK (x86) v11.0 (HKLM-x32\...\{A946A6CC-E9F2-44A8-9A8D-095C756AF4EB}) (Version: 11.0.7400.345 - Microsoft Corporation)
    Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
    Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{52EBC484-44A1-4DC5-824A-0A503735ABD8}) (Version: 12.1.4100.1 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
    Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
    Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{dfcbf7c4-6232-423c-b43c-38d118e2378f}) (Version: 14.0.24720.41 - Microsoft Corporation)
    Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    Momodora: Reverie Under the Moonlight (HKLM\...\Steam App 428550) (Version: - Bombservice)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.0.5833 - Mozilla)
    MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
    MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
    Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
    MySQL Workbench 6.3 CE (HKLM\...\{0D901124-B910-4985-9D4F-AC5C2FEF7493}) (Version: 6.3.7 - Oracle Corporation)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.5 - Notepad++ Team)
    NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
    Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
    Pacote de Direcionamento do Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM-x32\...\{34A6EAAA-8D75-4775-A982-FBC793C4A868}) (Version: 4.6.01055 - Microsoft Corporation)
    Painel de controle da NVIDIA 353.54 (Version: 353.54 - NVIDIA Corporation) Hidden
    PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
    Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
    Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
    Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
    Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
    Python 2.7.12 (Anaconda2 4.1.1 64-bit) (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Python 2.7.12 (Anaconda2 4.1.1 64-bit)) (Version: 4.1.1 - Continuum Analytics, Inc.)
    Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
    Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
    Rayman Origins (HKLM-x32\...\Uplay Install 80) (Version: - Ubisoft)
    Roleplaying City Map Generator 5.40 (HKLM-x32\...\{3B585A53-CC41-4969-A7CB-F0E5D34ACA08}) (Version: 5.4.0.0 - )
    Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
    Roslyn Language Services - x86 (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden
    RPG Maker 2003 v1.08 (HKLM-x32\...\RPG Maker 2003_is1) (Version: - Enterbrain, Inc.)
    RRPG Firecast (HKLM-x32\...\{EB4C3686-A52C-4F40-9D53-F8571CC5FD5D}_is1) (Version: 7 - AlyssonRPG)
    SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
    SDK do Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM-x32\...\{5C233FE7-872F-4526-87AF-0E8D8AE00DEB}) (Version: 4.6.01055 - Microsoft Corporation)
    Secure Download Manager (HKLM-x32\...\{F0858165-B8DB-4347-89B8-6D9F882B9BF3}) (Version: 3.1.60 - Kivuto Solutions Inc.)
    Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.9.0.16 - GOG.com)
    Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.103 - Skype Technologies S.A.)
    SourceTree (HKLM-x32\...\SourceTree 1.9.6.1) (Version: 1.9.6.1 - Atlassian)
    SourceTree (x32 Version: 1.9.6.1 - Atlassian) Hidden
    Spotify (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\Spotify) (Version: 1.0.49.125.g72ee7853 - Spotify AB)
    Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    TalonRO Client (HKLM-x32\...\TalonRO_is1) (Version: 2.0 - TalonRO)
    Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25521 - Microsoft) Hidden
    Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
    Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
    The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
    The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version: - Ubisoft)
    Tiled (HKLM-x32\...\{8C09C5E0-D123-49E9-926A-5A81513A25EE}) (Version: 0.17.1 - mapeditor.org)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
    TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
    TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
    Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
    Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
    Universal CRT Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
    Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
    Universal CRT Headers Libraries and Sources (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    Universal CRT Redistributable (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    Universal CRT Tools x64 (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    Universal CRT Tools x86 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    Universal General MIDI DLS Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
    Uplay (HKLM-x32\...\Uplay) (Version: 27.0 - Ubisoft)
    Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
    VS Update core components (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden
    vs_update3notification (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden
    WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
    WinAppDeploy (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    Windows 10 IoT Core Dashboard (HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\2c4529525b7e166a) (Version: 1.0.1608.1003 - Windows 10 IoT Core)
    Windows Driver Package - ASUS (ATP) Mouse (10/31/2013 1.0.0.191) (HKLM\...\15591935E93BF0A0E42CA53B578EE5E630971E15) (Version: 10/31/2013 1.0.0.191 - ASUS)
    Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
    Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    WinRT Intellisense Desktop - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    WinRT Intellisense IoT - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    WinRT Intellisense PPI - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    WinRT Intellisense UAP - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
    XAMPP (HKLM-x32\...\xampp) (Version: 5.6.24-1 - Bitnami)

    ==================== Exame Personalizado CLSID (Whitelisted): ==========================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

    ==================== Tarefas Agendadas (Whitelisted) =============

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    Task: {076F7AEB-CB16-4C39-B6AD-7AF0D84CC122} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
    Task: {0BBB8BCE-B9C8-4466-BAE0-FBFD1617B2F8} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.)
    Task: {1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
    Task: {1EB7CF1F-8529-42C4-BFF9-0610FCBBE27A} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
    Task: {25C30DA3-04C0-4DBE-97D2-A495D4844B68} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS)
    Task: {2AF3646E-0564-4F20-9F1C-A23655106DB3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-26] (AVAST Software)
    Task: {4015100D-83DE-40EC-B5E5-F296E74BF4D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
    Task: {5145C73D-2A5B-4203-B693-F7759064FE78} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
    Task: {573F27BB-CD64-450F-83C4-9303BF29941F} - System32\Tasks\SafeZone scheduled Autoupdate 1455485946 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
    Task: {587BB18C-0389-495F-9807-33212B50E3FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
    Task: {5C8BB0C1-D3B3-4D3D-953D-F8225D91B8C5} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
    Task: {6E286273-3F62-402D-80FA-055926CB5473} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-08-28] (ASUSTeK Computer Inc.)
    Task: {712FC852-B2ED-4B60-BB01-42C88CC0605A} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] ()
    Task: {79967A12-F86E-436A-A082-2D733828D896} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3040258654-2525527317-1144640668-1002Core => C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
    Task: {A4B6D2AB-B9F6-4EA0-AD11-2F44D29FE556} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3040258654-2525527317-1144640668-1002UA => C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-24] (Google Inc.)
    Task: {A6EA4B90-80A6-494F-A983-A55FD06F904D} - System32\Tasks\{6CA3CC62-928C-4FF4-B0FB-31199B921F3F} => pcalua.exe -a "C:\Riot Games\League of Legends\lol.launcher.exe" -d "C:\Riot Games\League of Legends"
    Task: {A9028622-2D2C-4D52-B2BE-BE65D4BCC767} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
    Task: {AF0D1740-4539-41C5-A87B-0227C9E31CB6} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
    Task: {B6D0320B-1E91-4B6F-9789-AEB809182133} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
    Task: {BAA4A7F1-FDE3-47A1-B178-532D0FFB0F95} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2013-08-29] ()
    Task: {BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMKMGMKJMJOJOMHMJMCNGMMMJJHMCNLMNMOJLMCNGMMJMMJMCNMJHMKMNJMMLJOJLMGMHMOMNJJNJICMIMCNGMCNOMHMFMOMOMCNPMCNOMPMNMLMPMFMPMCNPMCNOMPMNMLMPMCNNMJNPICMPMFMFMNMMMMMJNHICMEKMICNJJCKJNBJCMILKIGJDJHJKJNICJKJJNKJCMJNNICMJNDJCMNJNIJNMJCMPM (a entrada de dados tem 41 mais caracteres).
    Task: {CA40B574-6760-4D88-A39E-897FB3867519} - System32\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
    Task: {D4050526-C85B-4727-9629-66E8EC3BCB49} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-29] (ASUS)
    Task: {E7D72BDE-7AE1-438D-97D6-77E14CC51A37} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
    Task: {F04BE228-640C-4740-8575-1D2EBB1DC3D8} - System32\Tasks\Opera scheduled Autoupdate 1467159759 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-06] (Opera Software)
    Task: {F200B5E8-1625-4AEC-AFA1-0BA0988E8DC1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {FC6B6BC0-A5E2-4AE6-A37D-59415556544A} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

    (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\McAfee Remediation (Prepare).job => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
    Task: C:\WINDOWS\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
    Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

    ==================== Atalhos =============================

    (As entradas podem ser listadas para serem restauradas ou removidas.)

    ShortcutWithArgument: C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Guilherme\Anaconda2\Scripts\activate.bat C:\Users\Guilherme\Anaconda2

    ==================== Módulos Carregados (Whitelisted) ==============

    2015-09-10 02:08 - 2015-09-10 02:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-10-27 18:01 - 2015-07-13 14:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-09-10 02:08 - 2015-09-10 02:08 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
    2016-08-27 12:03 - 2016-08-03 02:44 - 02495776 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2013-08-29 20:01 - 2013-08-29 20:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2016-08-27 12:03 - 2016-08-03 02:44 - 02495776 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-04-15 17:13 - 2015-04-15 17:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2015-10-27 18:36 - 2015-10-27 18:36 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-08-27 12:04 - 2016-08-03 01:34 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-08-27 12:04 - 2015-11-25 01:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-08-27 12:04 - 2016-08-03 01:31 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-27 18:36 - 2015-10-27 18:36 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-07-10 00:13 - 2015-09-10 02:07 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
    2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\Windows\System32\igfxTray.exe
    2016-08-27 12:03 - 2016-03-16 01:46 - 02642272 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2016-08-27 12:03 - 2016-03-16 01:46 - 02107744 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
    2017-02-22 05:31 - 2016-05-15 11:16 - 01327184 ____N () C:\Users\Guilherme\AppData\Local\Temp\_iu14D2N.tmp
    2016-09-26 23:51 - 2016-09-26 23:51 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-02-21 23:08 - 2017-02-21 23:08 - 05989072 _____ () C:\Program Files\AVAST Software\Avast\defs\17022101\algo.dll
    2016-09-26 23:51 - 2016-09-26 23:51 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2013-10-09 00:41 - 2013-10-09 00:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
    2013-09-09 22:23 - 2013-09-09 22:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
    2016-09-26 23:51 - 2016-09-26 23:51 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-09-04 03:14 - 2016-09-04 03:14 - 00747520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Vbeb7089b#\02522fd092d881ca09d470946bc046e8\Microsoft.VisualStudio.Threading.ni.dll
    2016-09-04 03:14 - 2016-09-04 03:14 - 00052224 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Vd43b287e#\35d8963e28bd478ec40e0d46fcab1f0a\Microsoft.VisualStudio.Validation.ni.dll
    2013-04-27 14:24 - 2013-04-27 14:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
    2017-02-09 21:47 - 2017-02-06 03:29 - 39820376 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_browser.dll
    2014-03-29 14:15 - 2013-09-16 16:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2017-02-09 21:47 - 2017-02-06 03:29 - 45837912 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\opera_child.dll
    2017-02-09 21:47 - 2017-02-06 03:29 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libglesv2.dll
    2017-02-09 21:47 - 2017-02-06 03:29 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.806\libegl.dll
    2015-06-08 16:06 - 2015-06-08 16:06 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (Se uma entrada for incluída na fixlist, somente o ADS será removido.)

    AlternateDataStreams: C:\WINDOWS\System32:DA3B8AF1_Uni.gbp [2]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270]

    ==================== Modo de Segurança (Whitelisted) ===================

    (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

    ==================== Associação (Whitelisted) ===============

    (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)


    ==================== Internet Explorer confiável/restrito ===============

    (Se uma entrada for incluída na fixlist, será removida do Registro.)

    IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\google.com -> www.google.com
    IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\google.com.br -> www.google.com.br
    IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itau.b.br -> www.itau.b.br
    IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itau.com.br -> hxxps://bankline.itau.com.br
    IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itau.com.br -> bankline.itau.com.br
    IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
    IE trusted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br
    IE restricted site: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\skype.com -> hxxps://apps.skype.com

    ==================== Hosts Conteúdo: ===============================

    (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

    2013-08-22 10:25 - 2016-03-02 21:18 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Outras Áreas ============================

    (Atualmente não há nenhuma correção automática para esta seção.)

    HKU\S-1-5-21-3040258654-2525527317-1144640668-1001\Control Panel\Desktop\\Wallpaper ->
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Guilherme\Pictures\118156.jpg
    DNS Servers: 201.21.192.161 - 201.21.192.166
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Firewall do Windows está habilitado.

    ==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

    MSCONFIG\Services: Ds3Service => 2
    HKLM\...\StartupApproved\StartupFolder: => "ScpToolkit Tray Notifications.lnk"
    HKLM\...\StartupApproved\Run: => "HotKeysCmds"
    HKLM\...\StartupApproved\Run: => "Diebold - Warsaw"
    HKLM\...\StartupApproved\Run32: => "WebStorage"
    HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\StartupFolder: => "Curse.lnk"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Google Update"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Skype"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Steam"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_8E3994B149A099EB717863317060641F"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "RoboForm"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Spotify"
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\...\StartupApproved\Run: => "Spotify Web Helper"

    ==================== Regras do Firewall (Whitelisted) ===============

    (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{DE12D2C3-3458-4B34-B1F8-97DD53D6DE72}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
    FirewallRules: [{DA22B1C9-E8CB-437D-82A0-DB35D63EA8B4}] => (Allow) D:\SteamLibrary\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
    FirewallRules: [{0931B61C-340E-4839-9B02-DFB96CC41E8D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{4F5E4992-D41F-41E9-BC32-CF5A872C5258}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{2BFBD6E9-230B-43A7-8E16-C81E61931EDE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{C8D57F68-74B2-41D5-937D-C66E999822BF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{97834B26-15C0-4122-A138-E837EF88F7AF}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{389D6039-F232-4654-9549-688ADC772473}] => (Block) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{B486233B-EDB2-479B-844E-C151D903C86B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{DC80A1D9-D7AF-42BA-94C4-022350CEA18A}] => (Allow) C:\Users\Guilherme\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{2C32981C-E208-40CE-A688-18FB85D8EC3F}] => (Allow) C:\Users\Guilherme\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{1B885182-2C0E-4E3C-A900-D216A2A1C5F9}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{B4F014BA-B7BB-44E8-A329-21785B14F130}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{384A1B77-B050-4C7C-9F48-725795DAFED6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{5DE274E9-538C-411C-A8D7-5BDF66BC93E5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    FirewallRules: [{9B541573-172B-4F40-B240-F9DAB7880D71}] => (Allow) D:\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
    FirewallRules: [{5C04C042-D52E-4783-9F28-4CC647E4D8DE}] => (Allow) D:\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
    FirewallRules: [{92A88604-011B-44EE-BD42-8E8ED1C22A85}] => (Allow) C:\Program Files (x86)\Embarcadero\Studio\15.0\bin\bds.exe
    FirewallRules: [{C9A0DC45-876B-4134-BEE9-97D03F7156F4}] => (Allow) C:\Program Files (x86)\Embarcadero\Studio\15.0\bin\dbkw64_19_0.exe
    FirewallRules: [TCP Query User{E8AE3515-29A5-47FE-9BC4-DF66B584B19D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [UDP Query User{C8677CB6-2179-4AB2-BC10-8329DB7A05C8}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
    FirewallRules: [TCP Query User{EBDB20D3-B701-4049-BBD3-9D7DD0FF217E}C:\level up\smite\binaries\win32\smite.exe] => (Allow) C:\level up\smite\binaries\win32\smite.exe
    FirewallRules: [UDP Query User{1F6B28F5-4EFE-474C-A637-47C141BDCB77}C:\level up\smite\binaries\win32\smite.exe] => (Allow) C:\level up\smite\binaries\win32\smite.exe
    FirewallRules: [{B391A776-6A57-4A54-8603-69A67CFE076E}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
    FirewallRules: [{BA0F831F-D832-414C-878D-9BC5343642BD}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe
    FirewallRules: [TCP Query User{EAC1BB14-473A-42FB-BEB4-BAB10B8DE36D}C:\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe
    FirewallRules: [UDP Query User{B15AB396-0986-4819-9FB9-0F474F3E885F}C:\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\eclipse-java-mars-1-win32-x86_64\eclipse\eclipse.exe
    FirewallRules: [TCP Query User{30739AE7-250A-4BFD-8D90-E4E24C57A33A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
    FirewallRules: [UDP Query User{13705EC4-C3EF-41B8-BBBC-8A28DD5847A6}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
    FirewallRules: [{F95685AA-0306-464F-BEC4-0208BD934C42}] => (Allow) LPort=1688
    FirewallRules: [{D196F4F4-B9E1-435A-BFEC-03969550FAF7}] => (Allow) D:\Installers\Windows 10 Activators\KMSpico.10.0.102040 Beta\KMSELDI.exe
    FirewallRules: [{C4131B89-4E24-4C24-9775-3540207D9CBA}] => (Allow) D:\Installers\Windows 10 Activators\KMSpico.10.0.102040 Beta\KMSELDI.exe
    FirewallRules: [TCP Query User{CDF11983-3DD6-480D-9017-F0286AAEC220}C:\users\guilherme\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilherme\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{7210040D-816F-4885-A4D1-63E5951719AA}C:\users\guilherme\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilherme\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{A847D85B-48DB-48F0-86AD-421028C007AF}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
    FirewallRules: [{7AAEB37F-65DE-41E7-A8C7-EFCF6B4B6746}] => (Allow) D:\SteamLibrary\steamapps\common\CastleCrashers\castle.exe
    FirewallRules: [TCP Query User{BC6C99A9-F764-4D08-B10A-6DA3A3BFA1B6}D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
    FirewallRules: [UDP Query User{029FCE7E-F15E-4674-BD63-74D918F376F0}D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe] => (Allow) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
    FirewallRules: [{55595132-149F-4407-8304-F912F59DA06A}] => (Block) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
    FirewallRules: [{CF1B9A4A-05F8-46C9-8C82-3836FE3A36EC}] => (Block) D:\steamlibrary\steamapps\common\starbound\win32\starbound_server.exe
    FirewallRules: [{111F126A-E69C-4E0F-B02F-95BDC12857BA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
    FirewallRules: [{4F8A2C6F-9FC6-4534-9ACB-0DB9ECCE8395}] => (Allow) D:\SteamLibrary\steamapps\common\Dustforce\dustforce.exe
    FirewallRules: [{2D33B0FF-0FB8-4650-B14A-7B65A9F8CFC6}] => (Allow) D:\SteamLibrary\steamapps\common\Dustforce\dustforce.exe
    FirewallRules: [{87547FCD-CB77-4FBD-9BF5-D2AD6F26B3DD}] => (Allow) D:\SteamLibrary\steamapps\common\Devil May Cry 4\DevilMayCry4_DX9.exe
    FirewallRules: [{6968D28D-2758-4A0B-A729-4F94B2E49B61}] => (Allow) D:\SteamLibrary\steamapps\common\Devil May Cry 4\DevilMayCry4_DX9.exe
    FirewallRules: [{8A5DE508-DD78-42AB-AF72-CB0C4C0FC8D5}] => (Allow) D:\SteamLibrary\steamapps\common\Devil May Cry 4\DevilMayCry4_DX10.exe
    FirewallRules: [{1208AB90-05EE-4A02-857E-85B53B4ADA88}] => (Allow) D:\SteamLibrary\steamapps\common\Devil May Cry 4\DevilMayCry4_DX10.exe
    FirewallRules: [TCP Query User{5F8582F5-E805-4194-BB74-3D5443BDF3C7}C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [UDP Query User{E4E5BDC9-554F-420E-BEBC-D171F1D569A9}C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe] => (Allow) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [{88569BEB-84ED-4438-85BD-740C6FD86329}] => (Block) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [{59F1F1CF-A502-44EC-BA90-59A32B961C5A}] => (Block) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.5_41866.exe
    FirewallRules: [TCP Query User{41300623-EEBB-45DB-AB89-F5675C1FEE0E}C:\program files\factorio\bin\x64\factorio.exe] => (Allow) C:\program files\factorio\bin\x64\factorio.exe
    FirewallRules: [UDP Query User{4A381300-054C-4203-B8BD-3CA94EFB3432}C:\program files\factorio\bin\x64\factorio.exe] => (Allow) C:\program files\factorio\bin\x64\factorio.exe
    FirewallRules: [TCP Query User{5CA6DFC3-09ED-4F86-9014-D2EE3F04FC05}C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => (Allow) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.6_42095.exe
    FirewallRules: [UDP Query User{A91ED817-9C26-4608-962B-F30B24DD46F5}C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.6_42095.exe] => (Allow) C:\users\guilherme\appdata\roaming\bittorrent\updates\7.9.6_42095.exe
    FirewallRules: [TCP Query User{11847CD6-0C6C-49A0-B43D-62EF9750D653}D:\games\enter the gungeon\etg.exe] => (Allow) D:\games\enter the gungeon\etg.exe
    FirewallRules: [UDP Query User{D4E4A2DB-AB00-4249-AEAB-A845FC656131}D:\games\enter the gungeon\etg.exe] => (Allow) D:\games\enter the gungeon\etg.exe
    FirewallRules: [{CCBE955E-FE63-4DA7-A281-A56232EC2257}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{4A31ED45-126A-4835-B912-0D4D8D1293E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [TCP Query User{00FBF3F4-2281-4A45-984E-12409723150F}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [UDP Query User{1F0B5DB5-C76B-4EA3-926C-7F11010E693D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
    FirewallRules: [{D5FF75AD-C1BD-4049-BFB3-34D90D622DB6}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
    FirewallRules: [{CC6F1996-EF19-4038-B1D8-EE85313FBC92}] => (Allow) D:\SteamLibrary\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
    FirewallRules: [TCP Query User{CB837A76-513A-4131-8A2E-C9A83F5AF579}C:\program files\java\jdk1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_73\bin\java.exe
    FirewallRules: [UDP Query User{2993D00A-ACE5-4CD9-BF40-8D61C1269FF9}C:\program files\java\jdk1.8.0_73\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_73\bin\java.exe
    FirewallRules: [{F96B4501-BC48-4671-9E0E-1BCDE6E5C5A0}] => (Allow) D:\SteamLibrary\steamapps\common\Magicka\Magicka.exe
    FirewallRules: [{4AB66D76-599F-4D6A-9D5F-2F12B5F18395}] => (Allow) D:\SteamLibrary\steamapps\common\Magicka\Magicka.exe
    FirewallRules: [TCP Query User{9E606FAF-A2C0-4D5A-926D-93231982D733}D:\steamlibrary\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) D:\steamlibrary\steamapps\common\torchlight ii\torchlight2.exe
    FirewallRules: [UDP Query User{82C4E034-4080-4E73-BA4B-F0BC8893EAA1}D:\steamlibrary\steamapps\common\torchlight ii\torchlight2.exe] => (Allow) D:\steamlibrary\steamapps\common\torchlight ii\torchlight2.exe
    FirewallRules: [TCP Query User{6B93BC21-9FD0-457D-A1CE-78399123B45E}D:\installers\salt and sanctuary v1.0.0.3\salt.exe] => (Allow) D:\installers\salt and sanctuary v1.0.0.3\salt.exe
    FirewallRules: [UDP Query User{817DC711-23A8-4F08-ADCE-45B4DB4E4145}D:\installers\salt and sanctuary v1.0.0.3\salt.exe] => (Allow) D:\installers\salt and sanctuary v1.0.0.3\salt.exe
    FirewallRules: [TCP Query User{7524ADA4-3038-4132-A0EE-957224D13AE7}C:\users\guilherme\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guilherme\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{2FDB6F01-E1C5-427C-BFA5-AD229B533CEE}C:\users\guilherme\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guilherme\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{2A2A67AA-919B-4DB0-8099-63C6C318F227}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
    FirewallRules: [{7A5FD532-795C-4AA7-97C9-A3B272600A70}] => (Allow) D:\Program Files (x86)\Origin Games\Dead Space\Dead Space.exe
    FirewallRules: [{57411AE2-23E6-4733-83D7-37E2D82C082D}] => (Allow) D:\Prince of Persia Sands of Time\PrinceOfPersia.EXE
    FirewallRules: [{FFB488AA-FB47-4A89-9009-7F94A441450C}] => (Allow) D:\Prince of Persia Sands of Time\PrinceOfPersia.EXE
    FirewallRules: [{14669AD6-C509-4CE4-A977-AD13BA07B724}] => (Allow) D:\Prince of Persia Sands of Time\POP.EXE
    FirewallRules: [{353335E3-B44E-41C7-A18F-D21E308C19B4}] => (Allow) D:\Prince of Persia Sands of Time\POP.EXE
    FirewallRules: [{8B8603A2-B470-42A4-9C6B-3815C798D9F3}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\mod_uploader.exe
    FirewallRules: [{F10DA50C-7B54-4FF9-9183-C17C6D3F18D5}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\mod_uploader.exe
    FirewallRules: [TCP Query User{023D1361-DAD1-48B5-BF93-68755924C49E}C:\program files\android\android-studio\jre\bin\java.exe] => (Allow) C:\program files\android\android-studio\jre\bin\java.exe
    FirewallRules: [UDP Query User{BA710EE6-03A1-4E12-8D91-1BF9FE833C61}C:\program files\android\android-studio\jre\bin\java.exe] => (Allow) C:\program files\android\android-studio\jre\bin\java.exe
    FirewallRules: [TCP Query User{94F2D592-072D-4FD7-A6D8-D064A5A81E63}D:\games\portal 2\portal2.exe] => (Allow) D:\games\portal 2\portal2.exe
    FirewallRules: [UDP Query User{7DD18F3B-7B01-404E-8257-5C2BD223E3B5}D:\games\portal 2\portal2.exe] => (Allow) D:\games\portal 2\portal2.exe
    FirewallRules: [TCP Query User{4ACD9DB8-8EF4-48AC-919A-E2D7D761F82C}C:\users\guilherme\appdata\local\apps\2.0\kxko4wp6.g9m\t45te2y2.22x\wind..tion_c3bce3770c238a49_0001.0000_e0e9c97537a0c660\windows10iotcoredashboard.exe] => (Allow) C:\users\guilherme\appdata\local\apps\2.0\kxko4wp6.g9m\t45te2y2.22x\wind..tion_c3bce3770c238a49_0001.0000_e0e9c97537a0c660\windows10iotcoredashboard.exe
    FirewallRules: [UDP Query User{391CF7FA-DB37-4C32-A525-2E3037E8C89A}C:\users\guilherme\appdata\local\apps\2.0\kxko4wp6.g9m\t45te2y2.22x\wind..tion_c3bce3770c238a49_0001.0000_e0e9c97537a0c660\windows10iotcoredashboard.exe] => (Allow) C:\users\guilherme\appdata\local\apps\2.0\kxko4wp6.g9m\t45te2y2.22x\wind..tion_c3bce3770c238a49_0001.0000_e0e9c97537a0c660\windows10iotcoredashboard.exe
    FirewallRules: [{BFB46970-26C7-44E6-9D7A-103025B86C20}] => (Allow) D:\Games\Mr DJ\Deus Ex Human Revolution Directors Cut\DXHRDC.exe
    FirewallRules: [{3481FBA6-C29F-4C96-AE75-8F127CB39C37}] => (Allow) D:\Games\Mr DJ\Deus Ex Human Revolution Directors Cut\DXHRDC.exe
    FirewallRules: [TCP Query User{C67DF132-A3C6-4ED7-AE7A-A78600218F20}D:\games\factorio\bin\x64\factorio.exe] => (Allow) D:\games\factorio\bin\x64\factorio.exe
    FirewallRules: [UDP Query User{C946D36D-AEE0-491B-A40E-30CE48A7772A}D:\games\factorio\bin\x64\factorio.exe] => (Allow) D:\games\factorio\bin\x64\factorio.exe
    FirewallRules: [{42D199DD-B268-4B29-9542-45203993EBDE}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
    FirewallRules: [{8ED70B21-952D-4581-9F3B-03B962C000BB}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
    FirewallRules: [{02591AF2-41DC-491F-8C43-9DEAB20C693F}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
    FirewallRules: [{3FF546E9-B832-4F3E-ACA7-2658858F4D14}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
    FirewallRules: [{F6662C4B-163D-4AFC-BCA0-C18482FCF667}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
    FirewallRules: [{71F084E9-3B46-4DD8-9A03-AB72D40874AD}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
    FirewallRules: [{9EEE503E-C150-4FC7-BF57-2B1C78A8071D}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
    FirewallRules: [{D1833C22-59B1-4705-B6AF-E32A5FD98C96}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
    FirewallRules: [TCP Query User{0A24C615-9243-4DBE-B048-666982F1A069}D:\games\diablo ii\game.exe] => (Allow) D:\games\diablo ii\game.exe
    FirewallRules: [UDP Query User{910890B0-7306-487D-A647-D6BECAEF76AB}D:\games\diablo ii\game.exe] => (Allow) D:\games\diablo ii\game.exe
    FirewallRules: [{8412254D-910E-4AFA-A54A-D1D52AC991DF}] => (Allow) D:\Games\Rayman Origins\gu.exe
    FirewallRules: [{DE2C1EBD-7D10-453F-9A2A-4CF5D345509B}] => (Allow) D:\Games\Rayman Origins\gu.exe
    FirewallRules: [{503C1546-01B8-4858-BEB5-E26DB7886E34}] => (Allow) D:\Games\Rayman Origins\Rayman Origins.exe
    FirewallRules: [{48211AD6-506F-4225-A42A-48379857E98D}] => (Allow) D:\Games\Rayman Origins\Rayman Origins.exe
    FirewallRules: [TCP Query User{FFF1E654-0168-483D-BAF4-4FCEC342071C}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
    FirewallRules: [UDP Query User{3A712EE3-C600-4C33-82FE-C93CF5066C93}D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) D:\steamlibrary\steamapps\common\paladins\binaries\win32\paladins.exe
    FirewallRules: [TCP Query User{B66A20C1-A351-4F00-9017-A48CA259B37A}D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe] => (Allow) D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe
    FirewallRules: [UDP Query User{2E5A8067-8C9E-435B-B443-1A79F7F6B84F}D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe] => (Allow) D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe
    FirewallRules: [{7C39A115-4652-45C1-AF0E-A42F8E696C80}] => (Block) D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe
    FirewallRules: [{1F94912C-D6F1-4C70-9F48-812172B9BC92}] => (Block) D:\installers\dungeon.defenders.v8.2.1.incl.all.dlc\binaries\win32\dundefgame.exe
    FirewallRules: [TCP Query User{E7FA19A5-1593-45BC-A192-34225DBA01D5}D:\games\helldivers\binaries\x64\helldivers.exe] => (Allow) D:\games\helldivers\binaries\x64\helldivers.exe
    FirewallRules: [UDP Query User{5693E021-FAE2-42BF-AC85-80A661A6314D}D:\games\helldivers\binaries\x64\helldivers.exe] => (Allow) D:\games\helldivers\binaries\x64\helldivers.exe
    FirewallRules: [{EF2C0134-0E0E-4FC5-B333-0C598EE86C50}] => (Block) D:\games\helldivers\binaries\x64\helldivers.exe
    FirewallRules: [{5B1C92EE-D192-4D36-A34A-F2A21ECFF2EE}] => (Block) D:\games\helldivers\binaries\x64\helldivers.exe
    FirewallRules: [{71BAC44A-5700-494A-9A28-22D111AA0494}] => (Allow) D:\Games\The Crew (Worldwide)\TheCrew.exe
    FirewallRules: [{BE6D7608-6298-4A5B-9632-D19CEDCC867E}] => (Allow) D:\Games\The Crew (Worldwide)\TheCrew.exe
    FirewallRules: [{EBD3FD96-B915-48EC-81F5-077F8E5B2C98}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{93128CEF-A513-4BD9-B4E0-8D67271FA197}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{B9CEE81C-32A1-445F-BCEB-F8D5B0FCDA36}] => (Allow) D:\SteamLibrary\steamapps\common\99Vidas - The Game\99VidasGame.exe
    FirewallRules: [{729AB607-2A67-45C6-AC0F-2C33C382497B}] => (Allow) D:\SteamLibrary\steamapps\common\99Vidas - The Game\99VidasGame.exe
    FirewallRules: [{C0D98FED-9A00-4AD6-B2DB-070A157A21AC}] => (Allow) D:\SteamLibrary\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
    FirewallRules: [{23A6740E-3203-4EDA-BA43-422078A77692}] => (Allow) D:\SteamLibrary\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
    FirewallRules: [TCP Query User{7016705E-E664-4D28-9F84-BAC7D25C3791}C:\users\guilherme\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guilherme\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{02899235-61C9-4C1E-AE75-67000FAC42D3}C:\users\guilherme\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\guilherme\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{A10F13BD-1372-4A93-9F2E-715CA9FD28CA}] => (Allow) D:\SteamLibrary\steamapps\common\Disgaea PC\dis1_st.exe
    FirewallRules: [{5FA3E5A0-6068-4873-B5A4-6678F088C141}] => (Allow) D:\SteamLibrary\steamapps\common\Disgaea PC\dis1_st.exe
    FirewallRules: [{D16875D3-89C2-432E-B7DA-02F99C95F0C5}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
    FirewallRules: [{C1A731B9-4C95-4445-AAF4-76496BA3D0A2}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
    FirewallRules: [{03E7B35D-9789-4A7B-82E8-E0B16AD63670}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
    FirewallRules: [{354F7F85-47FF-46DE-B450-351653C564ED}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
    FirewallRules: [{1E5EE88E-BB9A-403F-B42B-0698A32E0E0F}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
    FirewallRules: [{575A8F71-0058-4C09-81BF-3E75C7BCDEBB}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
    FirewallRules: [{B70FBB56-D947-4AE0-BB31-1D853CC236C7}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
    FirewallRules: [{36DEA739-E65E-473E-A6E5-92714ABBF392}] => (Allow) D:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
    FirewallRules: [TCP Query User{32F434C9-FAAA-4F91-9F1A-AD85D1A8B0D0}D:\games\salt and sanctuary\salt.exe] => (Allow) D:\games\salt and sanctuary\salt.exe
    FirewallRules: [UDP Query User{B72B2AF6-3DA0-4EAF-9B20-969C13316400}D:\games\salt and sanctuary\salt.exe] => (Allow) D:\games\salt and sanctuary\salt.exe
    FirewallRules: [{E1D2041E-D277-43AF-91CA-39506E0A53C4}] => (Block) D:\games\salt and sanctuary\salt.exe
    FirewallRules: [{5C754D4A-38EA-46E3-884D-437A148B1731}] => (Block) D:\games\salt and sanctuary\salt.exe
    FirewallRules: [TCP Query User{69B4AD74-AAA4-4D4A-B4C9-A2D4335A6095}C:\rrpg\rrpg.exe] => (Allow) C:\rrpg\rrpg.exe
    FirewallRules: [UDP Query User{AA951611-A5F3-41B2-9C23-DFEE81BA4D8E}C:\rrpg\rrpg.exe] => (Allow) C:\rrpg\rrpg.exe
    FirewallRules: [{EC87EB2E-E244-476F-83AC-58AB670684E7}] => (Block) C:\rrpg\rrpg.exe
    FirewallRules: [{51787C44-D190-4E85-80AD-DC5CFA1C777D}] => (Block) C:\rrpg\rrpg.exe
    FirewallRules: [{A0F7168B-55EB-469B-A0DE-CB567F273D24}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
    FirewallRules: [{F5F199FE-D144-4F9F-B3EF-F6819434E6EA}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.806\opera.exe

    ==================== Pontos de Restauração =========================

    30-01-2017 13:58:35 Ponto de Verificação Agendado
    08-02-2017 12:15:22 Ponto de Verificação Agendado
    17-02-2017 12:13:39 Ponto de Verificação Agendado

    ==================== Dispositivos Apresentando Falhas No Gerenciador =============


    ==================== Erros no Log de eventos: =========================

    Erros em Aplicativos:
    ==================
    Error: (02/22/2017 05:58:06 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Guilherme-Note)
    Description: Falha na ativação do aplicativo Microsoft.WindowsAlarms_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

    Error: (02/22/2017 05:58:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Guilherme-Note)
    Description: Falha na ativação do aplicativo Microsoft.WindowsAlarms_8wekyb3d8bbwe!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

    Error: (02/22/2017 05:33:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: AUTORIDADE NT)
    Description: Falha ao descarregar as cadeias de caracteres do contador de desempenho do serviço WmiApRpl (WmiApRpl). O primeiro DWORD da seção de dados contém o código de erro.

    Error: (02/22/2017 05:33:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: AUTORIDADE NT)
    Description: As cadeias de caracteres de desempenho no valor do Registro de desempenho foram corrompidas durante o processamento do provedor do contador de extensões Performance. O valor BaseIndex do Registro de desempenho é o primeiro DWORD na seção de dados, o valor LastCounter é o segundo DWORD na seção de dados e o valor LastHelp é o terceiro DWORD na seção de dados.

    Error: (02/22/2017 05:33:04 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: AUTORIDADE NT)
    Description: As cadeias de caracteres de desempenho no valor do Registro de desempenho foram corrompidas durante o processamento do provedor do contador de extensões Performance. O valor BaseIndex do Registro de desempenho é o primeiro DWORD na seção de dados, o valor LastCounter é o segundo DWORD na seção de dados e o valor LastHelp é o terceiro DWORD na seção de dados.

    Error: (02/22/2017 12:07:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Guilherme-Note)
    Description: Falha na ativação do aplicativo Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI com o erro: -2144927141. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

    Error: (02/21/2017 07:29:14 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe".
    Assembly dependente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.
    Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

    Error: (02/21/2017 07:29:01 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Windows Kits\10\bin\arm64\oleview.exe".
    Assembly dependente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.
    Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

    Error: (02/21/2017 07:29:01 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Windows Kits\10\bin\arm64\filetypeverifier.exe".
    Assembly dependente Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" não pôde ser localizado.
    Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

    Error: (02/21/2017 07:28:54 PM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
    Assembly dependente Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" não pôde ser localizado.
    Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.


    Erros de Sistema:
    =============
    Error: (02/22/2017 05:59:22 AM) (Source: DCOM) (EventID: 10001) (User: Guilherme-Note)
    Description: Não é possível iniciar o servidor DCOM: App.AppXvwgnrrhcka99admvy9fqan3zpdmgg69a.mca como Não Disponível/Não Disponível. O erro:
    "31"
    Aconteceu ao iniciar este comando:
    "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca

    Error: (02/22/2017 05:59:21 AM) (Source: DCOM) (EventID: 10001) (User: Guilherme-Note)
    Description: Não é possível iniciar o servidor DCOM: App.AppXrvx5vw3ftamg62prcf1xd7e4aena2tfj.mca como Não Disponível/Não Disponível. O erro:
    "31"
    Aconteceu ao iniciar este comando:
    "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppX4325622ft6437f3xfywcfxgbedfvpn0x.mca

    Error: (02/22/2017 05:33:44 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    e APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (02/22/2017 05:33:43 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    e APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (02/22/2017 05:33:42 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    e APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (02/22/2017 05:33:41 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    e APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (02/22/2017 05:33:40 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    e APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (02/22/2017 05:33:39 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    e APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (02/22/2017 05:33:38 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    e APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

    Error: (02/22/2017 05:33:37 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
    Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    e APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    ao usuário AUTORIDADE NT\SERVIÇO LOCAL SID (S-1-5-19) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (Não Disponível). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.


    ==================== Informações da Memória ===========================

    Processador: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
    Percentagem de memória em uso: 57%
    RAM física total: 6027.2 MB
    RAM física disponível: 2574.45 MB
    Virtual Total: 7243.2 MB
    Virtual disponível: 3716.29 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:193.26 GB) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]
    Drive d: (Data) (Fixed) (Total:537.8 GB) (Free:361.36 GB) NTFS

    ==================== MBR & Tabela de Partições ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: 8BC57F20)

    Partition: GPT.

    ==================== Fim de Addition.txt ============================

    aswMBR Log

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-02-22 19:11:20
    -----------------------------
    19:11:20.829 OS Version: Windows x64 6.2.9200
    19:11:20.829 Number of processors: 4 586 0x4501
    19:11:20.829 ComputerName: GUILHERME-NOTE UserName: Guilherme
    19:11:25.829 Initialize success
    19:11:25.845 VM: initialized successfully
    19:11:25.845 VM: Intel CPU supported
    19:11:27.251 VM: disk I/O iaStorA.sys
    19:11:39.036 AVAST engine defs: 17022101
    19:11:43.739 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000036
    19:11:43.739 Disk 0 Vendor: TOSHIBA_MQ01ABD100 AX0R2J Size: 953869MB BusType: 11
    19:11:44.192 Disk 0 MBR read successfully
    19:11:44.192 Disk 0 MBR scan
    19:11:44.692 Disk 0 unknown MBR code
    19:11:44.739 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    19:11:45.286 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:12:36.979 Service scanning
    19:15:00.877 Modules scanning
    19:15:00.877 Disk 0 trace - called modules:
    19:15:01.234 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
    19:15:01.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0003b76e390]
    19:15:01.250 3 CLASSPNP.SYS[fffff8005cb246c5] -> nt!IofCallDriver -> [0xffffe0003a1a1e40]
    19:15:01.250 5 ACPI.sys[fffff8005baa1361] -> nt!IofCallDriver -> [0xffffe0003a103930]
    19:15:01.257 7 ACPI.sys[fffff8005baa1361] -> nt!IofCallDriver -> \Device\00000036[0xffffe00038978500]
    19:15:08.780 AVAST engine scan C:\WINDOWS
    19:15:14.531 AVAST engine scan C:\WINDOWS\system32
    19:27:26.006 AVAST engine scan C:\WINDOWS\system32\drivers
    19:28:30.107 AVAST engine scan C:\Users\Guilherme
    23:04:43.940 AVAST engine scan C:\ProgramData
    23:18:55.656 Disk 0 statistics 13297722/0/0 @ 181,84 MB/s
    23:18:55.672 Scan finished successfully
    01:16:19.940 Disk 0 MBR has been saved successfully to "C:\Users\Guilherme\Desktop\MBR.dat"
    01:16:19.940 The log file has been saved successfully to "C:\Users\Guilherme\Desktop\aswMBR.txt"

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hello and welcome

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    Or use this method ==> Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.

    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
    GroupPolicy: Restrição <======= ATENÇÃO
    SearchScopes: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-12] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-12] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
    FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-12] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-12] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
    CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418085823&from=smt&uid=ST2000DM001-1CH164_W1E5G644XXXXW1E5G644"
    2015-11-15 16:42 - 2015-11-15 16:42 - 0079736 _____ (AppWork GmbH) C:\Users\Guilherme\AppData\Local\Temp\130920901306023245.exe
    2015-11-15 16:42 - 2015-11-15 16:42 - 0872476 _____ (Web installer ) C:\Users\Guilherme\AppData\Local\Temp\13092090138792059536.exe
    2016-09-23 03:46 - 2000-04-06 07:00 - 0263168 ____N () C:\Users\Guilherme\AppData\Local\Temp\binkw32.dll
    2016-09-23 03:46 - 2001-05-09 21:19 - 0352256 ____N (Blizzard Entertainment) C:\Users\Guilherme\AppData\Local\Temp\d2l_Install.exe
    2016-02-17 17:44 - 2016-02-17 17:44 - 0000000 _____ () C:\Users\Guilherme\AppData\Local\Temp\GURDACB.exe
    2016-01-04 17:06 - 2016-01-04 17:07 - 24814584 _____ (ArenaNet) C:\Users\Guilherme\AppData\Local\Temp\Gw2.exe
    2016-10-13 19:23 - 2016-10-13 19:23 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.2182347912007514.dll
    2016-08-23 22:04 - 2016-08-23 22:04 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.30589597969029025.dll
    2016-07-24 22:19 - 2016-07-24 22:19 - 0741440 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u101-windows-au.exe
    2015-10-07 15:17 - 2015-10-07 15:17 - 0585824 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u65-windows-au.exe
    2016-01-20 21:55 - 2016-01-20 21:55 - 0644704 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u71-windows-au.exe
    2016-02-13 09:54 - 2016-02-13 09:54 - 0736352 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u73-windows-au.exe
    2015-09-01 08:11 - 2015-09-01 08:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Guilherme\AppData\Local\Temp\McCSPInstall.dll
    2015-11-01 11:20 - 2015-09-01 08:11 - 0162120 _____ (McAfee Inc.) C:\Users\Guilherme\AppData\Local\Temp\mccspuninstall.exe
    2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole146836755875676782.dll
    2016-09-27 10:28 - 2016-09-27 10:28 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole4981657535685034036.dll
    2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole6307089412700812183.dll
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Nenhum Arquivo
    Task: {1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
    Task: {4015100D-83DE-40EC-B5E5-F296E74BF4D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
    Task: {587BB18C-0389-495F-9807-33212B50E3FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
    Task: {BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMKMGMKJMJOJOMHMJMCNGMMMJJHMCNLMNMOJLMCNGMMJMMJMCNMJHMKMNJMMLJOJLMGMHMOMNJJNJICMIMCNGMCNOMHMFMOMOMCNPMCNOMPMNMLMPMFMPMCNPMCNOMPMNMLMPMCNNMJNPICMPMFMFMNMMMMMJNHICMEKMICNJJCKJNBJCMILKIGJDJHJKJNICJKJJNKJCMJNNICMJNDJCMNJNIJNMJCMPM (a entrada de dados tem 41 mais caracteres).
    Task: {E7D72BDE-7AE1-438D-97D6-77E14CC51A37} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
    ShortcutWithArgument: C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Guilherme\Anaconda2\Scripts\activate.bat C:\Users\Guilherme\Anaconda2
    AlternateDataStreams: C:\WINDOWS\System32:DA3B8AF1_Uni.gbp [2]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270]
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~~~~~~~~~~~~~~~~~~~~`

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~
    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Feb 2017
    Posts
    4

    Default

    Hello Juliet.

    Thanks for the help! Here's the logs you requested.

    Fixlog

    Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 23-02-2017 01
    Executado por Guilherme (23-02-2017 18:51:46) Run:1
    Executando a partir de C:\Users\Guilherme\Desktop
    Perfis Carregados: UpdatusUser & Guilherme (Perfis Disponíveis: UpdatusUser & Guilherme & Administrador)
    Modo da Inicialização: Normal
    ==============================================

    fixlist Conteúdo:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    IFEO\SppExtComObj.exe: [Debugger] C:\WINDOWS\SECOH-QAD.exe
    GroupPolicy: Restrição <======= ATENÇÃO
    SearchScopes: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-12] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-12] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-20] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-20] (Oracle Corporation)
    FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-12] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-12] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-20] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-20] (Oracle Corporation)
    CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1418085823&from=smt&uid=ST2000DM001-1CH164_W1E5G644XXXXW1E5G644"
    2015-11-15 16:42 - 2015-11-15 16:42 - 0079736 _____ (AppWork GmbH) C:\Users\Guilherme\AppData\Local\Temp\130920901306023245.exe
    2015-11-15 16:42 - 2015-11-15 16:42 - 0872476 _____ (Web installer ) C:\Users\Guilherme\AppData\Local\Temp\13092090138792059536.exe
    2016-09-23 03:46 - 2000-04-06 07:00 - 0263168 ____N () C:\Users\Guilherme\AppData\Local\Temp\binkw32.dll
    2016-09-23 03:46 - 2001-05-09 21:19 - 0352256 ____N (Blizzard Entertainment) C:\Users\Guilherme\AppData\Local\Temp\d2l_Install.exe
    2016-02-17 17:44 - 2016-02-17 17:44 - 0000000 _____ () C:\Users\Guilherme\AppData\Local\Temp\GURDACB.exe
    2016-01-04 17:06 - 2016-01-04 17:07 - 24814584 _____ (ArenaNet) C:\Users\Guilherme\AppData\Local\Temp\Gw2.exe
    2016-10-13 19:23 - 2016-10-13 19:23 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.2182347912007514.dll
    2016-08-23 22:04 - 2016-08-23 22:04 - 16701440 ____N () C:\Users\Guilherme\AppData\Local\Temp\javagiac0.30589597969029025.dll
    2016-07-24 22:19 - 2016-07-24 22:19 - 0741440 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u101-windows-au.exe
    2015-10-07 15:17 - 2015-10-07 15:17 - 0585824 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u65-windows-au.exe
    2016-01-20 21:55 - 2016-01-20 21:55 - 0644704 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u71-windows-au.exe
    2016-02-13 09:54 - 2016-02-13 09:54 - 0736352 _____ (Oracle Corporation) C:\Users\Guilherme\AppData\Local\Temp\jre-8u73-windows-au.exe
    2015-09-01 08:11 - 2015-09-01 08:11 - 0120336 _____ (McAfee, Inc.) C:\Users\Guilherme\AppData\Local\Temp\McCSPInstall.dll
    2015-11-01 11:20 - 2015-09-01 08:11 - 0162120 _____ (McAfee Inc.) C:\Users\Guilherme\AppData\Local\Temp\mccspuninstall.exe
    2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole146836755875676782.dll
    2016-09-27 10:28 - 2016-09-27 10:28 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole4981657535685034036.dll
    2016-09-27 10:29 - 2016-09-27 10:29 - 0040448 ____N () C:\Users\Guilherme\AppData\Local\Temp\proxy_vole6307089412700812183.dll
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Nenhum Arquivo
    CustomCLSID: HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Guilherme\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Nenhum Arquivo
    Task: {1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
    Task: {4015100D-83DE-40EC-B5E5-F296E74BF4D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
    Task: {587BB18C-0389-495F-9807-33212B50E3FA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
    Task: {BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMKMGMKJMJOJOMHMJMCNGMMMJJHMCNLMNMOJLMCNGMMJMMJMCNMJHMKMNJMMLJOJLMGMHMOMNJJNJICMIMCNGMCNOMHMFMOMOMCNPMCNOMPMNMLMPMFMPMCNPMCNOMPMNMLMPMCNNMJNPICMPMFMFMNMMMMMJNHICMEKMICNJJCKJNBJCMILKIGJDJHJKJNICJKJJNKJCMJNNICMJNDJCMNJNIJNMJCMPM (a entrada de dados tem 41 mais caracteres).
    Task: {E7D72BDE-7AE1-438D-97D6-77E14CC51A37} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
    ShortcutWithArgument: C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" C:\Users\Guilherme\Anaconda2\Scripts\activate.bat C:\Users\Guilherme\Anaconda2
    AlternateDataStreams: C:\WINDOWS\System32:DA3B8AF1_Uni.gbp [2]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
    AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1270]
    EmptyTemp:
    Hosts:
    End
    *****************

    Ponto de Restauração criado com sucesso.
    Processos fechados com sucesso.
    HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe => chave removido (a) com sucesso.
    C:\WINDOWS\system32\GroupPolicy\Machine => movido com sucesso
    C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido com sucesso
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => chave removido (a) com sucesso.
    HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => chave não encontrado (a).
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => chave removido (a) com sucesso.
    HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => chave não encontrado (a).
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => chave removido (a) com sucesso.
    HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => chave não encontrado (a).
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => chave removido (a) com sucesso.
    HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => chave não encontrado (a).
    HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.73.2 => chave removido (a) com sucesso.
    C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll => movido com sucesso
    HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2 => chave removido (a) com sucesso.
    C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll => movido com sucesso
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.71.2 => chave removido (a) com sucesso.
    C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => movido com sucesso
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.71.2 => chave removido (a) com sucesso.
    C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => movido com sucesso
    Chrome StartupUrls => removido (a) com sucesso.
    C:\Users\Guilherme\AppData\Local\Temp\130920901306023245.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\13092090138792059536.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\binkw32.dll => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\d2l_Install.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\GURDACB.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\Gw2.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\javagiac0.2182347912007514.dll => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\javagiac0.30589597969029025.dll => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\jre-8u101-windows-au.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\jre-8u65-windows-au.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\jre-8u71-windows-au.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\jre-8u73-windows-au.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\McCSPInstall.dll => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\mccspuninstall.exe => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\proxy_vole146836755875676782.dll => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\proxy_vole4981657535685034036.dll => movido com sucesso
    C:\Users\Guilherme\AppData\Local\Temp\proxy_vole6307089412700812183.dll => movido com sucesso
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => chave removido (a) com sucesso.
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => chave removido (a) com sucesso.
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => chave removido (a) com sucesso.
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => chave removido (a) com sucesso.
    HKU\S-1-5-21-3040258654-2525527317-1144640668-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ACC39EB-D7BF-440F-9478-5F1F5AA2B219} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4015100D-83DE-40EC-B5E5-F296E74BF4D2} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4015100D-83DE-40EC-B5E5-F296E74BF4D2} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{587BB18C-0389-495F-9807-33212B50E3FA} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{587BB18C-0389-495F-9807-33212B50E3FA} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDB0608F-7AD3-42E6-9DBF-830B8BEF38EB} => chave removido (a) com sucesso.
    C:\WINDOWS\System32\Tasks\Open URL by RoboForm => movido com sucesso
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open URL by RoboForm => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7D72BDE-7AE1-438D-97D6-77E14CC51A37} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7D72BDE-7AE1-438D-97D6-77E14CC51A37} => chave removido (a) com sucesso.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => chave removido (a) com sucesso.
    C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)\Anaconda Prompt.lnk => Atalho argumento removido (a) com sucesso..
    C:\WINDOWS\System32 => ":DA3B8AF1_Uni.gbp" ADS removido (a) com sucesso..
    C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":r0d3jo5" ADS removido (a) com sucesso..
    C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso..
    C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
    Hosts restaurado com sucesso.

    =========== EmptyTemp: ==========

    BITS transfer queue => 32768 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15163266 B
    Java, Flash, Steam htmlcache => 530789706 B
    Windows/system/drivers => 616135551 B
    Edge => 14820 B
    Chrome => 10910257 B
    Firefox => 375039377 B
    Opera => 19803240 B

    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 128 B
    systemprofile32 => 100443 B
    LocalService => 99424 B
    NetworkService => 3166 B
    UpdatusUser => 0 B
    Guilherme => 13084977915 B
    Administrator => 6242 B

    RecycleBin => 136365 B
    EmptyTemp: => 13.6 GB de dados temporários Removidos.

    ================================


    O sistema precisou ser reiniciado.

    ==== Fim de Fixlog 19:07:44 ====


    AdwCleaner[C0]

    # AdwCleaner v6.043 - Relatório criado 23/02/2017 às 19:32:25
    # Atualizado em 27/01/2017 por Malwarebytes
    # Banco de dados : 2017-02-23.4 [Servidor]
    # Sistema operacional : Windows 10 Home Single Language (X64)
    # Usuário : Guilherme - GUILHERME-NOTE
    # Executando de : C:\Users\Guilherme\Desktop\AdwCleaner.exe
    # Modo: Limpo
    # Apoio : https://www.malwarebytes.com/support



    ***** [ Serviços ] *****



    ***** [ Pastas ] *****



    ***** [ Arquivos ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Atalhos ] *****



    ***** [ Atividades agendadas ] *****



    ***** [ Registro ] *****

    [-] Chave excluída:HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [-] Chave excluída:HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [#] Chave excluída na reinicialização:[x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
    [#] Chave excluída na reinicialização:[x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
    [-] Chave excluída:HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
    [-] Chave excluída:HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    [-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
    [-] Chave excluída:HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
    [-] Chave excluída:HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
    [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [-] Chave excluída:HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [#] Chave excluída na reinicialização:[x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


    ***** [ Verificando navegadores ... ] *****

    [-] [C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:br.ask.com
    [-] [C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:ask.com
    [-] [C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:yahoo.com


    *************************

    :: Chaves "Tracing" excluídas
    :: Configurações Winsock restauradas

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [2338 Bytes] - [23/02/2017 19:32:25]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2624 Bytes] - [23/02/2017 19:25:34]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2484 Bytes] ##########

    And JRT

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 10 Home Single Language x64
    Ran by Guilherme (Administrator) on 23/02/2017 at 19:43:28,90
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 4

    Successfully deleted: C:\WINDOWS\system32\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002 (Task)
    Successfully deleted: C:\WINDOWS\system32\Tasks\update-sys (Task)
    Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-3040258654-2525527317-1144640668-1002.job (Task)
    Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 23/02/2017 at 19:49:44,46
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here

    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"

    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Please paste the log back into this thread for review

    • Exit Malwarebytes



    Computer better?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Feb 2017
    Posts
    4

    Default

    Thanks again for the help. Everything seems to be fine now.

    Here's the Malwarebytes log, no threats found.

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 2/24/17
    Scan Time: 8:23 PM
    Logfile:
    Administrator: Yes

    -Software Information-
    Version: 3.0.6.1469
    Components Version: 1.0.50
    Update Package Version: 1.0.1345
    License: Trial

    -System Information-
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Guilherme-Note\Guilherme

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 605937
    Time Elapsed: 11 min, 46 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 0
    (No malicious items detected)

    Registry Value: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 0
    (No malicious items detected)

    File: 0
    (No malicious items detected)

    Physical Sector: 0
    (No malicious items detected)


    (end)

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Good deal

    Would like to finish up with an online scan please.

    • Download Emsisoft Emergency Kit and save it to your desktop.
    • Double-click icon then click Install
    • A Window should open highlighting Start Emergency Kit Scanner
    • Right click on the icon and select Run as administrator
    • Click 1. Update now!
    • Once the update is completed select Settings under Scan
    • Uncheck Join the Emsisoft Anti-Malware Network
    • Click Scan at the top
    • Click On scan completion
    • Click Quarantine detected objects, then click OK
    • Click Malware Scan
    • Once completed click View Report
    • Save the file to your Desktop using the default file name
    • Copy and paste the report in your reply
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Feb 2017
    Posts
    4

    Default

    Sorry for the wait. Here's the log.

    Emsisoft Emergency Kit - Version 12.0
    Last update: 28/02/2017 09:03:24
    User account: Guilherme-Note\Guilherme
    Computer name: GUILHERME-NOTE
    OS version: Windows 10x64

    Scan settings:

    Scan type: Malware Scan
    Objects: Rootkits, Memory, Traces, Files

    Detect PUPs: Off
    Scan archives: Off
    ADS Scan: On
    File extension filter: Off
    Direct disk access: Off

    Scan start: 28/02/2017 09:22:43

    Scanned 99329
    Found 0

    Scan end: 28/02/2017 09:37:32
    Scan time: 0:14:49

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    If all is still good

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    ************************************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.


    Want to help others? Join the ClassRoom and learn how.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Glad we could help.

    Since this issue appears resolved ... this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •