Resultado do exame Adicional Farbar Recovery Scan Tool (x64) VersÃ£o: 09-12-2017
Executado por user (10-12-2017 14:35:10)
Executando a partir de C:\Users\user\Desktop
Windows 10 Pro VersÃ£o 1607 14393.1914 (X64) (2016-12-03 15:57:34)
Modo da InicializaÃ§Ã£o: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2921273976-1507871447-3902036225-500 - Administrator - Disabled)
Convidado (S-1-5-21-2921273976-1507871447-3902036225-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-2921273976-1507871447-3902036225-503 - Limited - Disabled)
user (S-1-5-21-2921273976-1507871447-3902036225-1001 - Administrator - Enabled) => C:\Users\user

==================== Central de SeguranÃ§a ========================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicaÃ§Ã£o "Oculto" podem ser adicionados Ã  fixlist para desocultÃ¡-los. Os programas adwares devem ser desinstalados manualmente.)

ÂµTorrent (HKU\S-1-5-21-2921273976-1507871447-3902036225-1001\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
ÂµTorrent (HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
ÂµTorrent (HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823\...\uTorrent) (Version: 3.5.0.44294 - BitTorrent Inc.)
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - PortuguÃªs (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AIDA64 Engineer v5.60 (HKLM-x32\...\AIDA64 Engineer_is1) (Version: 5.60 - FinalWire Ltd.)
Aplicativos da Autodesk em destaque 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
AtualizaÃ§Ãµes da NVIDIA 28.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 28.0.0.0 - NVIDIA Corporation) Hidden
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 4.0.69.0 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.15 - Autodesk)
Backup and Sync from Google (HKLM-x32\...\{908DB568-E5FA-40C7-A2AA-AB340190858B}) (Version: 3.38.7642.3857 - Google, Inc.)
BeerSmith 2 (HKLM-x32\...\BeerSmith 2) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Foxit Advanced PDF Editor 3 (HKLM-x32\...\B521582C-6BE3-491D-BCC8-FFB8301298E9_is1) (Version: 3.0.5.0 - Foxit Corporation)
Gas Guzzlers Extreme Gold Pack (HKLM-x32\...\Gas Guzzlers Extreme Gold Pack_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
ImportaÃ§Ã£o do SketchUp 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Kodi (HKU\S-1-5-21-2921273976-1507871447-3902036225-1001\...\Kodi) (Version:  - XBMC-Foundation)
Kodi (HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575\...\Kodi) (Version:  - XBMC-Foundation)
Kodi (HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823\...\Kodi) (Version:  - XBMC-Foundation)
Lumion 6.0 (HKLM\...\Lumion 6.0_is1) (Version: 6.0 - Act-3D B.V.)
Malwarebytes versÃ£o 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Memu (HKLM-x32\...\{CA42170D-90AC-4578-A858-C851D886B82B}) (Version: 2.9.0.5 - Brotsoft technology co., limited.)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.7167.2040 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Movavi Video Suite 15 (HKLM-x32\...\Movavi Video Suite 15) (Version: 15.4.0 - Movavi)
Mozilla Firefox 55.0.3 (x64 pt-BR) (HKLM\...\Mozilla Firefox 55.0.3 (x64 pt-BR)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
NVIDIA Driver de Ã¡udio HD 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA Driver de controle do 3D Vision 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA Driver de grÃ¡ficos 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.7167.2040 - Microsoft Corporation) Hidden
Painel de controle da NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.3.2 - pdfforge GmbH)
PerformanceTest v9.0 (HKLM\...\PerformanceTest 9_is1) (Version: 9.0.1019.0 - Passmark Software)
Project64 version 2.2.0.3 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.2.0.3 - )
ProteÃ§Ã£o de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.161 - Trusteer)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1804.161 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.36.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
SketchUp 2016 (HKLM\...\{8539258A-B911-475F-94E8-8AA394D95B40}) (Version: 16.0.19912 - Trimble Navigation Limited)
Software de dispositivo do Chipset IntelÂ® (HKLM-x32\...\{d370215a-d003-43ae-a3b6-1028af64d5a1}) (Version: 10.0.20 - Intel(R) Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TP-LINK TL-WN781ND Driver (HKLM-x32\...\{87C7B472-9BC2-43C8-9F03-86D2908E1A51}) (Version: 1.3.1 - TP-LINK)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.8 - MSI)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
V-Ray 3.4 for SketchUp (HKLM\...\V-Ray 3.4 for SketchUp) (Version: 3.40.02 - Chaos Software Ltd)
V-Ray Online License Server (HKLM\...\V-Ray Online License Server) (Version: 4.3.1 - Chaos Software Ltd)
V-Ray Swarm (HKLM\...\V-Ray Swarm) (Version: 1.3.5 - Chaos Software Ltd)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Warsaw 2.0.3.2 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.0.3.2 - GAS Tecnologia)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\user\AppData\Local\Roblox\Versions\version-d31f23e3f760404e\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\user\AppData\Local\Roblox\Versions\version-d31f23e3f760404e\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\user\AppData\Local\Roblox\Versions\version-d31f23e3f760404e\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-20] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => c:\windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-06] (Autodesk)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => c:\windows\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Nenhum Arquivo
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-20] (Google)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

Task: {08BD9287-1DEB-4844-87F9-CB0486340EDF} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
Task: {0AA06FAA-5BA7-4672-AB49-3367959F5417} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {145892EB-7BDE-43FA-9838-D2DD87E88D5E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {1A5FE92C-5AC2-43E3-970B-41ED3E34BAF2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.)
Task: {37B17D02-09EB-41E1-BCEE-98E5D1AC8A9E} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {38924CE8-F1E9-4F3F-A1F2-23D004E2D2B4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {3A529DB3-01E2-476D-BEC8-F60CFEBF6A5C} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {3D4B4E4E-816C-4871-A6FB-C46B99E04DF4} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-t_sch@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {3EAD37E3-9E0F-4EF9-A8BF-61DCD8C0ED59} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {4DDA6E53-78FC-4C4A-9FC5-94869A92D0A6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {5634C1A4-5EB0-489B-9700-4ECB4C1D5FB0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-16] (Google Inc.)
Task: {71EFF6A3-1F6B-47F7-8861-9CDD49AE72E1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {75022374-06B7-4D5C-BFE7-993DC14CAC6E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {7DBCB5F2-FBCB-4D2F-8DA1-B3D0082789B7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {820A0E8F-3491-4B72-978C-7625C9B06987} - System32\Tasks\{ACE6450B-1DBF-4FE1-8FFE-7CA84C80D57A} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\user\Desktop\Xbox 360 Controller Drivers\Win 7-8 64bit\Xbox360_64Eng.exe" -d "C:\Users\user\Desktop\Xbox 360 Controller Drivers\Win 7-8 64bit"
Task: {846CB156-A3AA-4965-A9FE-110902CB8A6D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {931B4991-910F-4883-9459-9BD79DA3FC75} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2017-10-09] (Microsoft Corporation)
Task: {AEE94056-D1F4-444A-99CE-C3210170C496} - System32\Tasks\R@1n-KMS\Office365ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {AF2B89AA-BEFC-485E-832F-04C3D5A90A35} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {B6D210DA-4469-488F-AA62-AF107CC8EFA5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-08-23] (Microsoft Corporation)
Task: {BFDEDF66-B10F-4FF5-8B6B-6231893B073A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {CA0840E1-E783-48B6-8B17-1C076908A3D9} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-07-13] (AVAST Software)
Task: {D36A738B-66B3-4A6F-B762-931835DAA587} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-08-23] (Microsoft Corporation)
Task: {E36A8B4F-758E-4DE9-8F46-1B70F837934D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-11] (Microsoft Corporation)

(Se uma entrada for incluÃ­da na fixlist, o arquivo da tarefa (.job) serÃ¡ movido. O arquivo que estÃ¡ sendo executado pela tarefa nÃ£o serÃ¡ movido.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)


==================== MÃ³dulos Carregados (Whitelisted) ==============

2016-11-30 07:51 - 2015-09-01 11:41 - 000095008 _____ () C:\WINDOWS\System32\Primomonnt.dll
2017-04-21 14:37 - 2017-12-08 23:46 - 000026112 _____ () C:\Windows\KMS-R@1n.exe
2016-10-20 06:22 - 2016-10-20 06:22 - 000149176 _____ () C:\ProgramData\MEmu\bin\MEmuUpdateSvc.exe
2017-02-16 15:12 - 2017-08-18 02:36 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-25 19:53 - 2017-09-25 19:53 - 000090176 _____ () C:\Program Files\Chaos Group\V-Ray Swarm\register-service.exe
2017-09-25 19:53 - 2017-09-25 19:53 - 000144384 _____ () \\?\C:\Program Files\Chaos Group\VRLService\OLS\node_modules\os-service\build\Release\service.node
2017-09-25 19:53 - 2017-09-25 19:53 - 000200704 _____ () \\?\C:\Program Files\Chaos Group\VRLService\OLS\node_modules\vrloffline-win32\vrloffline.node
2017-09-25 19:53 - 2017-09-25 19:53 - 000204800 _____ () \\?\C:\Program Files\Chaos Group\V-Ray Swarm\node_modules\v8-profiler\build\profiler\v5.6.5\node-v48-win32-x64\profiler.node
2017-09-25 19:53 - 2017-09-25 19:53 - 000163328 _____ () \\?\C:\Program Files\Chaos Group\V-Ray Swarm\node_modules\ref\build\Release\binding.node
2017-09-25 19:53 - 2017-09-25 19:53 - 000174592 _____ () \\?\C:\Program Files\Chaos Group\V-Ray Swarm\node_modules\ffi\build\Release\ffi_bindings.node
2016-07-16 09:42 - 2016-07-16 09:42 - 000231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-09-14 19:24 - 2017-09-07 04:01 - 002681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-03 13:06 - 2017-10-27 14:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-03 14:14 - 2016-12-03 14:14 - 000959168 _____ () C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-12-03 13:48 - 2016-12-03 13:48 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-17 17:13 - 2017-03-04 04:31 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-11-20 15:27 - 2017-11-20 15:27 - 041061856 _____ () C:\Program Files (x86)\Google\Drive\googledrivesync.exe
2017-12-08 23:10 - 2017-12-06 02:24 - 002873688 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libglesv2.dll
2017-12-08 23:10 - 2017-12-06 02:24 - 000137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.84\swiftshader\libegl.dll
2017-12-05 23:51 - 2017-12-05 23:51 - 000087040 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-12-05 23:51 - 2017-12-05 23:51 - 000202752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-12-05 23:51 - 2017-12-05 23:51 - 025600000 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-12-05 23:51 - 2017-12-05 23:51 - 002546176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\skypert.dll
2017-12-05 23:51 - 2017-12-05 23:51 - 000672256 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-06-07 17:46 - 2017-10-09 23:09 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-04-21 14:37 - 2017-12-08 23:46 - 000004608 _____ () C:\WINDOWS\KMS-R@1nhook.exe
2017-03-17 17:14 - 2017-03-04 04:12 - 009760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-17 17:14 - 2017-03-04 04:05 - 001401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-17 17:14 - 2017-03-04 04:05 - 000757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-11-27 18:18 - 2017-11-18 01:28 - 001033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-11-27 18:18 - 2017-11-18 01:28 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-11-27 18:18 - 2017-11-18 01:31 - 004853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-17 00:24 - 2014-12-05 00:27 - 000055688 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2016-04-17 00:24 - 2014-12-05 00:27 - 000104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
2016-10-20 06:22 - 2016-10-20 06:22 - 000354176 _____ () C:\ProgramData\MEmu\bin\report.dll
2017-02-16 15:13 - 2017-08-18 02:36 - 069807552 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-16 15:12 - 2017-08-18 02:36 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-10 12:47 - 2017-12-10 12:47 - 000088064 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\_ctypes.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000919552 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\_hashlib.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000098816 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32api.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000110080 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\pywintypes27.dll
2017-12-10 12:47 - 2017-12-10 12:47 - 000364544 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\pythoncom27.dll
2017-12-10 12:47 - 2017-12-10 12:47 - 000686080 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\unicodedata.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000320512 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32com.shell.shell.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 001177088 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\wx._core_.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000806912 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\wx._gdi_.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000816640 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\wx._windows_.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 001067520 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\wx._controls_.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000733696 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\wx._misc_.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000736256 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\pysqlite2._sqlite.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000119808 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32file.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000108544 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32security.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000007168 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\hashobjs_ext.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000017920 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\thumbnails_ext.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000082432 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\usb_ext.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000013824 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\common.time34.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000018432 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32event.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000027648 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\windows.conditional.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000017408 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\windows.winwrap.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000089088 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\windows.volumes.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000167936 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32gui.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000046080 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\_socket.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 001311744 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\_ssl.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000129536 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\_elementtree.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000127488 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\pyexpat.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000038912 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32inet.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000077824 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\wx._html2.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000036864 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\_psutil_windows.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000524248 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\windows._lib_cacheinvalidation.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000011264 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32crypt.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000218624 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\PIL._imaging.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000027648 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\_multiprocessing.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000020480 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\_yappi.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000035840 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32process.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000024064 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32pipe.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000010240 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\select.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000025600 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32pdh.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000059392 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\windows.device_monitor.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000017408 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32profile.pyd
2017-12-10 12:47 - 2017-12-10 12:47 - 000022528 _____ () C:\Users\user\AppData\Local\Temp\_MEI43242\win32ts.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000088064 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\_ctypes.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000919552 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\_hashlib.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000098816 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32api.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000110080 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\pywintypes27.dll
2017-12-10 12:54 - 2017-12-10 12:54 - 000364544 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\pythoncom27.dll
2017-12-10 12:54 - 2017-12-10 12:54 - 000686080 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\unicodedata.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000320512 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32com.shell.shell.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 001177088 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\wx._core_.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000806912 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\wx._gdi_.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000816640 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\wx._windows_.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 001067520 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\wx._controls_.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000733696 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\wx._misc_.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000736256 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\pysqlite2._sqlite.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000119808 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32file.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000108544 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32security.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000007168 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\hashobjs_ext.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000017920 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\thumbnails_ext.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000082432 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\usb_ext.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000013824 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\common.time34.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000018432 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32event.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000027648 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\windows.conditional.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000017408 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\windows.winwrap.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000089088 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\windows.volumes.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000167936 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32gui.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000046080 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\_socket.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 001311744 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\_ssl.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000129536 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\_elementtree.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000127488 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\pyexpat.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000038912 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32inet.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000077824 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\wx._html2.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000036864 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\_psutil_windows.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000524248 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\windows._lib_cacheinvalidation.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000011264 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32crypt.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000218624 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\PIL._imaging.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000027648 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\_multiprocessing.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000020480 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\_yappi.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000035840 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32process.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000024064 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32pipe.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000010240 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\select.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000025600 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32pdh.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000059392 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\windows.device_monitor.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000017408 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32profile.pyd
2017-12-10 12:54 - 2017-12-10 12:54 - 000022528 _____ () C:\Users\user\AppData\Local\Temp\_MEI97002\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluÃ­da na fixlist, somente o ADS serÃ¡ removido.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\Todos os UsuÃ¡rios\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Modo de SeguranÃ§a (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O valor "AlternateShell" serÃ¡ restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== AssociaÃ§Ã£o (Whitelisted) ===============

(Se uma entrada for incluÃ­da na fixlist, o Ã­tem no Registro serÃ¡ restaurado para o padrÃ£o ou removido.)

HKU\S-1-5-21-2921273976-1507871447-3902036225-1001\Software\Classes\.scr: AutoCADScriptFile => 

==================== Internet Explorer confiÃ¡vel/restrito ===============

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro.)

IE trusted site: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br

==================== Hosts ConteÃºdo: ===============================

(Se necessÃ¡rio, a diretiva Hosts: pode ser incluÃ­da na fixlist para redefinir o Hosts.)

2015-07-10 09:04 - 2016-04-20 01:10 - 000001035 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Outras Ãreas ============================

(Atualmente nÃ£o hÃ¡ nenhuma correÃ§Ã£o automÃ¡tica para esta seÃ§Ã£o.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826150\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130118711\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826337\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130119873\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{5de8f99a-48fc-45d5-8c59-c1d451bdbe6b}.jpg
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{5de8f99a-48fc-45d5-8c59-c1d451bdbe6b}.jpg
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{5de8f99a-48fc-45d5-8c59-c1d451bdbe6b}.jpg
DNS Servers: 192.168.15.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Firewall do Windows estÃ¡ habilitado.

==================== MSCONFIG/TASK MANAGER Ã­tens desabilitados ==

HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001\...\StartupApproved\Run: => "NetTraffic"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575\...\StartupApproved\Run: => "NetTraffic"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017125826575\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823\...\StartupApproved\Run: => "NetTraffic"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2921273976-1507871447-3902036225-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12102017130120823\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

FirewallRules: [UDP Query User{56E44A38-C86E-4079-B354-F98C98D3E613}C:\users\user\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Block) C:\users\user\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [TCP Query User{8E5FE3F1-AC27-4E6D-A125-D2F8D412C0E8}C:\users\user\appdata\roaming\utorrent\updates\3.4.9_42973.exe] => (Block) C:\users\user\appdata\roaming\utorrent\updates\3.4.9_42973.exe
FirewallRules: [{370D1691-9F67-4FF9-A76A-B52A0BE060CF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C1E79ADA-D9EE-4AD0-91EE-E7ED8F907124}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{719B78B9-1DC3-4378-AE70-EEEC7B4CE5AB}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{CD17C598-3786-439D-AFC2-04A59ED9BAD0}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B62404F2-7721-4CA9-88CE-0395EAFE4B31}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ECF06C70-8E05-425E-8EC0-1771CF7665E4}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{67CCFA6A-E9CD-40DE-BBC5-1A2032CA2FD7}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FCDF1401-06DE-45AF-8898-0FD7808E4831}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C3482617-8716-4C71-82EA-21CC4725E1A2}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF2101BD-0E99-4CA3-9D6F-38D9BD92C13A}] => (Allow) LPort=50248
FirewallRules: [{E32FB29E-E6DC-4E40-8368-F3962F636D7D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8166BD26-9575-4F0B-9B60-16ECFE938400}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{ACEB8CF7-0431-4C99-BA19-171F9F04150C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5B0EDD1D-5312-45CF-8E3A-E3DC3DFF1FB5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CE4BB1B7-40C5-4C98-8FC4-B1B522DB8C40}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{16B3AA7F-7C3F-4A73-B388-DCE9605FE1C6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{765B9CAC-3261-4D17-B8EF-A3CD9A524AD4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0FAF9054-6720-42B3-ABF3-D7C0205196B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{93154844-DFA8-40D4-90AD-2C76FD6F7D97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9158010B-2E56-4633-B825-B89D1C9D1AD1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{C8857FAB-E652-427B-B4BD-E8FC6303C2C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{04F2AC63-D119-457B-98B2-493450CDC841}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4FFF7CD2-7FDF-4488-A7C5-6CC390D1CC36}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AB611935-7D04-476C-B330-13D32500AC4B}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E55FA4F9-2FCF-497A-8DF3-C67F3BFD6FFE}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6827FC5-5618-4A28-854E-C26BF988C89A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{8EEFDA9D-0572-4D86-9309-8EAE6D00BBB4}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{19C9FFAD-D708-4969-ABA4-C2918C8DC54F}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{47CEA5EE-ABD6-4F07-822E-3631E2FA782A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
FirewallRules: [{47828FD3-EEF6-4F6B-A2CD-6D35B3501B6A}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{F299F4CC-0855-444D-A236-E1F82D5DECE1}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{34303126-C196-4BB3-81D8-14417AA3488E}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [{ECB6E142-8EB9-4CF8-A52D-CCA61053F3D0}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe
FirewallRules: [TCP Query User{1F62A39C-F8E4-479A-AFEA-6C3A61666C2B}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{592016AC-7E9A-4019-89C8-68EB1F6DE754}C:\program files (x86)\kodi\kodi.exe] => (Block) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{37F3F038-B92E-4C13-8CBA-E3BBE03DA27D}C:\users\user\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Block) C:\users\user\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [UDP Query User{012A0A57-25A1-42E3-B59B-C6FC87C0122C}C:\users\user\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe] => (Block) C:\users\user\appdata\roaming\kodi\userdata\addon_data\plugin.video.quasar\bin\windows_x64\quasar.exe
FirewallRules: [{3520C788-E930-4FE1-8E8B-115C3618F5A7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{CB0BE71D-8B73-4978-8EBB-045BF9B66C1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{A2647C60-0D3A-4C65-9CD6-0640CB65A9F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B64BF438-1906-4DA6-B775-978C95D1D200}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{14EA63A9-B288-4A90-A93C-7F3FD9900FE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B22B2BC5-B630-4FC3-9428-08E13B0A95DC}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray 3.4 for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe
FirewallRules: [{CC14B553-7378-4214-B55B-9D034C642919}] => (Allow) C:\Program Files\Chaos Group\V-Ray\V-Ray 3.4 for SketchUp\extension\vrayneui-win32-x64\vrayneui.exe
FirewallRules: [{0A9FFC29-9C4F-4BC6-A004-872038B51897}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
FirewallRules: [{8C770703-A9E9-4689-98CF-B221147D0ED2}] => (Allow) C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
FirewallRules: [{AD4A742D-92C0-4B3B-BD38-7CD791092C29}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{738B114B-4DEB-45ED-B541-A460F3F81757}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C3457C57-4E39-4A99-BDDA-D609764B2CAE}] => (Allow) LPort=20208
FirewallRules: [{0DBB70A2-D78B-4622-8A72-EBCAAEEF53FE}] => (Allow) LPort=20208
FirewallRules: [{BE24F5D9-CBF8-4159-B93C-E370A4D20474}] => (Allow) C:\Program Files\Chaos Group\V-Ray Swarm\swrm.exe
FirewallRules: [{58DA6FFF-A1B8-412D-967C-7744AD630BA3}] => (Allow) C:\Program Files\Chaos Group\V-Ray Swarm\swrm.exe
FirewallRules: [TCP Query User{5AAC4B1B-70BD-4340-8788-C4291909A6D7}C:\program files\sketchup\sketchup 2016\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2016\sketchup.exe
FirewallRules: [UDP Query User{F14999AB-B6E5-4F5B-AF81-BA7FA5B5B984}C:\program files\sketchup\sketchup 2016\sketchup.exe] => (Allow) C:\program files\sketchup\sketchup 2016\sketchup.exe
FirewallRules: [TCP Query User{CC0236E8-BE2C-4F8C-8704-31E451B106F0}C:\users\user\desktop\gclauncher.exe] => (Allow) C:\users\user\desktop\gclauncher.exe
FirewallRules: [UDP Query User{A91AA345-1E9D-48EB-87B9-FBCBF009D7D8}C:\users\user\desktop\gclauncher.exe] => (Allow) C:\users\user\desktop\gclauncher.exe
FirewallRules: [{8B5A6851-48C8-401C-930B-2FBB802D4ACF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{733A2B5B-ED6F-4C89-A806-6D36F3AE9A3F}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{BE341291-0D26-4C0A-BA65-D0B62E433239}] => (Allow) C:\Windows\KMS-R@1n.exe

==================== Pontos de RestauraÃ§Ã£o =========================


==================== Dispositivos Apresentando Falhas No Gerenciador =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (12/10/2017 12:52:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: mbamservice.exe, versÃ£o: 3.1.0.556, carimbo de data/hora: 0x5988c3f1
Nome do mÃ³dulo com falha: mbamservice.exe, versÃ£o: 3.1.0.556, carimbo de data/hora: 0x5988c3f1
CÃ³digo de exceÃ§Ã£o: 0xc0000005
Deslocamento da falha: 0x00000000001b6596
ID do processo com falha: 0x2a98
Hora de inÃ­cio do aplicativo com falha: 0x01d371c67f48900d
Caminho do aplicativo com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Caminho do mÃ³dulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
ID do RelatÃ³rio: c4d898e2-468f-41e4-aa96-6d6024c26199
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (12/09/2017 11:47:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-89IEP7B)
Description: Falha na ativaÃ§Ã£o do aplicativo Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App com o erro: -2144927142. Veja o log Microsoft-Windows-TWinUI/Operational para obter informaÃ§Ãµes adicionais.

Error: (12/09/2017 11:15:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-89IEP7B)
Description: O pacote Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI foi terminado porque levou muito tempo para ser suspenso.

Error: (12/09/2017 10:59:53 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: DESKTOP-89IEP7B)
Description: O aplicativo ou serviÃ§o 'PDF Architect 4' nÃ£o pÃ´de ser reiniciado.

Error: (12/09/2017 10:59:41 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: DESKTOP-89IEP7B)
Description: O aplicativo ou serviÃ§o 'PDF Architect 4 Creator' nÃ£o pÃ´de ser reiniciado.

Error: (12/09/2017 10:57:41 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Erro ao atualizar o status Windows Defender para SECURITY_PRODUCT_STATE_ON (erro %3).

Error: (12/09/2017 10:57:41 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Erro ao atualizar o status Windows Defender para SECURITY_PRODUCT_STATE_ON (erro %3).

Error: (12/09/2017 10:55:43 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Erro ao atualizar o status Windows Defender para SECURITY_PRODUCT_STATE_ON (erro %3).

Error: (12/09/2017 10:55:43 PM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Erro ao atualizar o status Windows Defender para SECURITY_PRODUCT_STATE_ON (erro %3).


Erros de Sistema:
=============
Error: (12/10/2017 12:52:42 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-89IEP7B)
Description: As configuraÃ§Ãµes de permissÃ£o padrÃ£o-computador nÃ£o concedem permissÃ£o Local AtivaÃ§Ã£o para o aplicativo de Servidor COM com CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 e APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 ao usuÃ¡rio DESKTOP-89IEP7B\user SID (S-1-5-21-2921273976-1507871447-3902036225-1001) do endereÃ§o LocalHost (Usando LRPC) que estÃ¡ sendo executado no contÃªiner de aplicativos Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c SID (S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734). Essa permissÃ£o de seguranÃ§a pode ser modificada com a ferramenta administrativa ServiÃ§os de Componentes.

Error: (12/10/2017 12:50:14 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-89IEP7B)
Description: As configuraÃ§Ãµes de permissÃ£o padrÃ£o-computador nÃ£o concedem permissÃ£o Local AtivaÃ§Ã£o para o aplicativo de Servidor COM com CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 e APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 ao usuÃ¡rio DESKTOP-89IEP7B\user SID (S-1-5-21-2921273976-1507871447-3902036225-1001) do endereÃ§o LocalHost (Usando LRPC) que estÃ¡ sendo executado no contÃªiner de aplicativos Microsoft.SkypeApp_12.9.604.0_x64__kzf8qxf38zg5c SID (S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734). Essa permissÃ£o de seguranÃ§a pode ser modificada com a ferramenta administrativa ServiÃ§os de Componentes.

Error: (12/10/2017 12:45:00 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configuraÃ§Ãµes de permissÃ£o especÃ­fico do aplicativo nÃ£o concedem permissÃ£o Local AtivaÃ§Ã£o para o aplicativo de Servidor COM com CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 e APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 ao usuÃ¡rio AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereÃ§o LocalHost (Usando LRPC) que estÃ¡ sendo executado no contÃªiner de aplicativos NÃ£o DisponÃ­vel SID (NÃ£o DisponÃ­vel). Essa permissÃ£o de seguranÃ§a pode ser modificada com a ferramenta administrativa ServiÃ§os de Componentes.

Error: (12/10/2017 04:18:05 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configuraÃ§Ãµes de permissÃ£o especÃ­fico do aplicativo nÃ£o concedem permissÃ£o Local AtivaÃ§Ã£o para o aplicativo de Servidor COM com CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 e APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 ao usuÃ¡rio AUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereÃ§o LocalHost (Usando LRPC) que estÃ¡ sendo executado no contÃªiner de aplicativos NÃ£o DisponÃ­vel SID (NÃ£o DisponÃ­vel). Essa permissÃ£o de seguranÃ§a pode ser modificada com a ferramenta administrativa ServiÃ§os de Componentes.

Error: (12/10/2017 03:07:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na InstalaÃ§Ã£o: o Windows nÃ£o pÃ´de instalar a seguinte atualizaÃ§Ã£o com o erro 0x8024200d: AtualizaÃ§Ã£o de recursos para o Windows 10, versÃ£o 1709.

Error: (12/10/2017 03:04:46 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na InstalaÃ§Ã£o: o Windows nÃ£o pÃ´de instalar a seguinte atualizaÃ§Ã£o com o erro 0x8024200d: AtualizaÃ§Ã£o de recursos para o Windows 10, versÃ£o 1709.

Error: (12/10/2017 03:00:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na InstalaÃ§Ã£o: o Windows nÃ£o pÃ´de instalar a seguinte atualizaÃ§Ã£o com o erro 0x8024200d: AtualizaÃ§Ã£o de recursos para o Windows 10, versÃ£o 1709.

Error: (12/10/2017 02:56:19 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na InstalaÃ§Ã£o: o Windows nÃ£o pÃ´de instalar a seguinte atualizaÃ§Ã£o com o erro 0x8024200d: AtualizaÃ§Ã£o de recursos para o Windows 10, versÃ£o 1709.

Error: (12/10/2017 02:52:34 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na InstalaÃ§Ã£o: o Windows nÃ£o pÃ´de instalar a seguinte atualizaÃ§Ã£o com o erro 0x8024200d: AtualizaÃ§Ã£o de recursos para o Windows 10, versÃ£o 1709.

Error: (12/10/2017 02:48:52 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT)
Description: Falha na InstalaÃ§Ã£o: o Windows nÃ£o pÃ´de instalar a seguinte atualizaÃ§Ã£o com o erro 0x8024200d: AtualizaÃ§Ã£o de recursos para o Windows 10, versÃ£o 1709.


CodeIntegrity:
===================================
  Date: 2017-12-08 00:18:26.366
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-07 20:40:02.175
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-07 20:15:18.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-07 18:56:35.693
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-07 17:44:29.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-07 17:09:01.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-06 00:39:04.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-05 16:28:03.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-01 21:49:46.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-01 20:41:19.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements.


==================== InformaÃ§Ãµes da MemÃ³ria =========================== 

Processador: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentagem de memÃ³ria em uso: 71%
RAM fÃ­sica total: 8136.01 MB
RAM fÃ­sica disponÃ­vel: 2297.13 MB
Virtual Total: 9864.01 MB
Virtual disponÃ­vel: 2891.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.56 GB) (Free:14.85 GB) NTFS

==================== MBR & Tabela de PartiÃ§Ãµes ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 98EADB01)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.6 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt ============================