Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 29-10-2022 Executado por User (29-10-2022 16:48:02) Executando a partir de C:\Users\User\Desktop Microsoft Windows 10 Home Single Language Versão 21H1 19043.2130 (X64) (2022-08-31 16:50:09) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-3180502729-4026977487-3766181511-500 - Administrator - Disabled) Convidado (S-1-5-21-3180502729-4026977487-3766181511-501 - Limited - Enabled) DefaultAccount (S-1-5-21-3180502729-4026977487-3766181511-503 - Limited - Disabled) User (S-1-5-21-3180502729-4026977487-3766181511-1001 - Administrator - Enabled) => C:\Users\User WDAGUtilityAccount (S-1-5-21-3180502729-4026977487-3766181511-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 22.002.20191 - Adobe) AIMP (HKLM-x32\...\AIMP) (Version: v4.70.2242, 01.02.2021 - AIMP DevTeam) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.10.6038 - Avast Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 106.0.18815.119 - AVAST Software) Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1206.2 - AVAST Software) Hidden BrLauncher (HKLM-x32\...\{C04DCB6D-02A2-41AD-AA79-2644CEB26445}) (Version: 2.0.17.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden Brother iPrint&Scan (HKLM-x32\...\{06e7b8fa-f412-4f47-a8d7-74d4a780099e}) (Version: 10.3.1.1 - Brother Industries, Ltd.) Brother iPrint&Scan (HKLM-x32\...\{79F6CD87-9761-414F-87C4-79767318CBFA}) (Version: 10.3.1.1 - Brother Industries, Ltd.) Hidden Brother Scanner Driver (HKLM-x32\...\{FD9926A8-1E39-4746-8A51-B7E3CC65380D}) (Version: 1.0.47.1 - Brother Industries Ltd.) Hidden BrSupportTools (HKLM-x32\...\{E1B7CE6D-A4F9-4C9B-8FAB-9178CF47FDED}) (Version: 1.0.27.0 - Brother Industries Ltd.) Hidden By Click Downloader (HKLM-x32\...\{1C523908-174B-4690-9ED6-026B936B0C81}) (Version: 2.3.31 - ByClick) Hidden By Click Downloader (HKLM-x32\...\By Click Downloader 2.3.31) (Version: 2.3.31 - ByClick) calibre 64bit (HKLM\...\{DB29AD11-F2D4-401F-B045-1B5E2FB61494}) (Version: 4.7.0 - Kovid Goyal) Canva (HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\3d0ba22d-e02b-5c6d-93a1-4e2a9af9c1f2) (Version: 1.46.0 - Canva Pty Ltd) CCleaner (HKLM\...\CCleaner) (Version: 6.04 - Piriform) Core Temp 1.17.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.17.1 - ALCPU) CPUID CPU-Z 1.98 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.98 - CPUID, Inc.) Discord (HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\Discord) (Version: 1.0.9006 - Discord Inc.) DriverInstaller (HKLM-x32\...\{1CFFC9CA-6EDF-42C2-A288-3F89C19FE8AB}) (Version: 1.0.9.1 - Brother Industries Ltd.) Hidden DriverInstaller (HKLM-x32\...\{BBCDB782-E5D1-4C19-8736-5E7DEB180AF1}) (Version: 1.0.7.1 - Brother Industries Ltd.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 106.0.5249.119 - Google LLC) HttpToUsbBridge (HKLM-x32\...\{6FF1DBC1-A313-460D-B1F2-6444D2F01DEE}) (Version: 2.0.18.1 - Brother Industries Ltd.) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4624 - Intel Corporation) Java 8 Update 341 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180341F0}) (Version: 8.0.3410.10 - Oracle Corporation) Kingston SSD Manager version 1.1.2.6 (HKLM-x32\...\{9A5DD901-0B98-4F2B-9421-B5975014184F}_is1) (Version: 1.1.2.6 - Kingston Digital, Inc) K-Lite Codec Pack 15.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 15.2.0 - KLCP) Kobo (HKLM-x32\...\Kobo) (Version: 4.33.17487 - Rakuten Kobo Inc.) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.24 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.52 - Microsoft Corporation) Microsoft Office 2000 Premium (HKLM-x32\...\{00000416-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-0015-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-0016-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-00A1-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-001A-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-0018-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-001F-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2010 (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-002C-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-0019-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010 (HKLM\...\{90140000-002A-0416-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-006E-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (HKLM-x32\...\{90140000-001B-0416-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212 (HKLM\...\{F20396E5-D84E-3505-A7A8-7358F0155F6C}) (Version: 14.0.24212 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212 (HKLM\...\{FAAD7243-0141-3987-AA2F-E56B20F80E41}) (Version: 14.0.24212 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026 (HKLM-x32\...\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}) (Version: 14.0.23026 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026 (HKLM-x32\...\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}) (Version: 14.0.23026 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 106.0.2 (x64 pt-BR)) (Version: 106.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 104.0.2 - Mozilla) MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security) PDFsam Basic (HKLM\...\{24493C22-01EA-4E07-AB21-84910EB826B0}) (Version: 4.3.3.0 - Sober Lemur S.a.s. di Vacondio Andrea) PDFsam Enhanced 7 (HKLM-x32\...\PDFsam Enhanced 7) (Version: 7.0.70.1815 - Sober Lemur S.a.s. di Vacondio Andrea) PDFsam Enhanced 7 Edit Module (HKLM\...\{63380AAA-0783-42BC-B807-471E0BC00907}) (Version: 7.0.70.15196 - Andrea Vacondio) Hidden PDFsam Enhanced 7 View Module (HKLM\...\{A1DD96C4-2ADF-4A7E-AA8B-D9362106B553}) (Version: 7.0.70.15196 - Andrea Vacondio) Hidden PJE (HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\892e6c405c02435d4fe59f2bf94b1708) (Version: 1.0 - Google\Chrome) pje-office versão 1.0.27 (HKLM-x32\...\{C510F90E-98E9-4AE1-A79D-3F3A7DD79356}_is1) (Version: 1.0.27 - Conselho Nacional de Justica - CNJ) RemoteSetup (HKLM-x32\...\{31F3472C-0FD9-4B5E-AFCE-58B843CE8CEE}) (Version: 1.0.29.0 - Brother Industries Ltd.) Hidden SafeNet Authentication Client 10.7 (HKLM\...\{AA0CDE51-AAEA-4B69-8421-47E1867B2DE5}) (Version: 10.7.167.0 - Gemalto) SafeSign 64-bits (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.124 - A.E.T. Europe B.V.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0416-0000-0000000FF1CE}_Office14.SingleImage_{BDE001D0-D85F-4FB5-9C32-9F5A14A03F0C}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0416-0000-0000000FF1CE}_Office14.SingleImage_{BDE001D0-D85F-4FB5-9C32-9F5A14A03F0C}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0416-0000-0000000FF1CE}_Office14.SingleImage_{BDE001D0-D85F-4FB5-9C32-9F5A14A03F0C}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0416-0000-0000000FF1CE}_Office14.SingleImage_{BDE001D0-D85F-4FB5-9C32-9F5A14A03F0C}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0416-0000-0000000FF1CE}_Office14.SingleImage_{BDE001D0-D85F-4FB5-9C32-9F5A14A03F0C}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0416-0000-0000000FF1CE}_Office14.SingleImage_{BDE001D0-D85F-4FB5-9C32-9F5A14A03F0C}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0416-0000-0000000FF1CE}_Office14.SingleImage_{51C5D139-1A25-4F98-880C-9A1619D2882C}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{8C5A05B6-FF56-480F-A0E6-9F4BCA4B4CAC}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0416-1000-0000000FF1CE}_Office14.SingleImage_{0852D5D5-CEE8-4D04-8106-93A6DFB09341}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0416-0000-0000000FF1CE}_Office14.SingleImage_{2F01C7C0-8077-4C14-BC52-0A00190D386D}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0416-0000-0000000FF1CE}_Office14.SingleImage_{E703A730-E5DD-4E57-81E9-C7BF7A89F00E}) (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0416-0000-0000000FF1CE}_Office14.SingleImage_{BDE001D0-D85F-4FB5-9C32-9F5A14A03F0C}) (Version: - Microsoft) Hidden SoftwareUpdateNotification (HKLM-x32\...\{08A438C8-CF6D-4366-A676-A642D973CA66}) (Version: 1.0.12.0 - Brother Industries, Ltd.) Hidden SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk) Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software) Warsaw 2.32.0.13 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.32.0.13 - Topaz) WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH) WinRAR 5.71 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\ZoomUMX) (Version: 5.11.10 (8200) - Zoom Video Communications, Inc.) Packages: ========= Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-17] (Microsoft Studios) [MS Ad] WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2242.6.0_x64__cv1g1gvanyjgm [2022-10-28] (WhatsApp Inc.) [Startup Task] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-3180502729-4026977487-3766181511-1001_Classes\CLSID\{7965D6E0-1A6D-441E-ACDF-7490E6DD337A}\InprocServer32 -> C:\Program Files\Mozilla Firefox\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-28] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-28] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-28] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [PDFsamEnhanced7_ManagerExt] -> {91D6DCFE-A19D-41CC-8940-46C21D26CF83} => Z:\PROGRAMAS\PDFsam Enhanced 7\context-menu.dll [2021-11-03] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => Z:\PROGRAMAS\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => Z:\PROGRAMAS\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-28] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-03-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2022-10-28] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => Z:\PROGRAMAS\rarext64.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => Z:\PROGRAMAS\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\User\Desktop\francelmo - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\User\Desktop\PJE.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mlpngcpaojmfglfaengmnkdlbdgmgfma ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\PJE.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mlpngcpaojmfglfaengmnkdlbdgmgfma ==================== Módulos Carregados (Whitelisted) ============= 2022-08-31 23:14 - 2018-05-02 15:25 - 000091648 _____ () [Arquivo não assinado] C:\Windows\system32\BrNetSti.dll 2022-08-31 23:14 - 2005-04-22 13:36 - 000143360 _____ () [Arquivo não assinado] C:\Windows\system32\BrSNMP64.dll ==================== Alternate Data Streams (Whitelisted) ======== (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274] AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [2834] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aDXs4 [2614] AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274] AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [2834] AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274] AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [2834] AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274] AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [2834] AlternateDataStreams: C:\ProgramData\TEMP:A6A6AC42 [350] ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_341\bin\ssv.dll [2022-08-31] (Oracle America, Inc. -> Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-08-31] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLE DB\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [Arquivo não assinado] Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLE DB\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [Arquivo não assinado] Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLE DB\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [Arquivo não assinado] Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLE DB\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [Arquivo não assinado] Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLE DB\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [Arquivo não assinado] Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLE DB\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [Arquivo não assinado] Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLE DB\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) [Arquivo não assinado] (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br IE trusted site: HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\bb.com.br -> aapj.bb.com.br IE trusted site: HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\gastecnologia.com.br -> cloud.gastecnologia.com.br ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-12-07 06:14 - 2019-12-07 06:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;Z:\PROGRAMAS\;C:\Program Files\SafeNet\Authentication\SAC\x64;C:\Program Files\SafeNet\Authentication\SAC\x32 HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 177.104.209.38 - 177.104.209.46 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. Network Binding: ============= Ethernet: Topaz OFD Network Monitor -> nt_wsddntf (enabled) ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: PDFsam Enhanced 7 => 3 MSCONFIG\Services: PDFsam Enhanced 7 Creator => 3 MSCONFIG\Services: PDFsam Enhanced 7 Update Service => 3 MSCONFIG\Services: SACSrv => 2 HKLM\...\StartupApproved\StartupFolder: => "pje-office.lnk" HKLM\...\StartupApproved\StartupFolder: => "Microsoft Office.lnk" HKLM\...\StartupApproved\Run: => "CertificateRegistration" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "pje-office" HKLM\...\StartupApproved\Run32: => "Kofax Power PDF Standard-reminder" HKLM\...\StartupApproved\Run32: => "PowerPDF Registry Controller" HKLM\...\StartupApproved\Run32: => "BrotherSoftwareUpdateNotification" HKLM\...\StartupApproved\Run32: => "S17A" HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\StartupApproved\Run: => "CanvaAutoLaunchAvailabilityCheckAgent" HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\StartupApproved\Run: => "Discord" HKU\S-1-5-21-3180502729-4026977487-3766181511-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{4D500821-7784-42F0-B13C-CDBABD33000D}C:\program files (x86)\pje-office\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\pje-office\jre\bin\javaw.exe FirewallRules: [UDP Query User{223E4CC6-E1A3-421B-B890-24DB4E716883}C:\program files (x86)\pje-office\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\pje-office\jre\bin\javaw.exe FirewallRules: [TCP Query User{62E537FB-00B5-4720-923E-42872E953DA0}C:\program files (x86)\pje-office\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\pje-office\jre\bin\javaw.exe FirewallRules: [UDP Query User{5F8FE535-3B75-4CC2-9DC7-7EB973D1C242}C:\program files (x86)\pje-office\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\pje-office\jre\bin\javaw.exe FirewallRules: [TCP Query User{052C945A-22DA-49D7-9DA1-573CDB6921E2}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [UDP Query User{902ACA03-A98C-485A-8536-C3C54122D87A}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{F0E8C19F-3B96-47F7-95B3-4B7930C803F2}] => (Allow) LPort=54925 FirewallRules: [{AE4A432A-EDA8-490B-B813-344C2DA0A8A9}] => (Allow) LPort=54950 FirewallRules: [{32E6F95B-FBDD-4D6D-B22C-D0B008AF266E}] => (Allow) LPort=54955 FirewallRules: [{42A223D1-B0BE-4909-9D6C-54B014F8F914}] => (Allow) C:\Program Files (x86)\Brother\RemoteSetup\S17A\RemoteSetup.exe (Brother Industries) [Arquivo não assinado] FirewallRules: [{8C93122A-E136-4085-A0EA-943A5F0917C2}] => (Allow) C:\Program Files (x86)\Brother\RemoteSetup\S17A\RemoteSetup.exe (Brother Industries) [Arquivo não assinado] FirewallRules: [{2DEA08C1-0B37-49C7-B73B-F4349F767B85}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{D9AF8022-C8D7-4880-9005-474F737784EA}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo FirewallRules: [{CE04758F-7766-4851-8D4E-11C551A468EB}] => (Allow) C:\Users\User\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo FirewallRules: [{F4D72CE3-090F-4484-97B6-F9D9DB2231B0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{F58FAB1B-A985-4543-B2CD-AC1B37062E5D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{0FE0FB48-FBD6-4559-B89D-68B9D1705474}] => (Allow) C:\Program Files\Topaz OFD\Warsaw\core.exe (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) FirewallRules: [{35887038-4DBD-41E0-8C46-ED9C36925732}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{2BC1F5A5-051B-41C8-8EEF-43CA8B6B4895}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{773EB875-9965-4B14-B277-CCEDEC86390C}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{2760A749-718A-4FC2-9C85-862328F17F17}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{9BC12D2A-1C86-4C97-AC47-F71936195D80}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe (Avast Software s.r.o. -> AVAST Software) ==================== Pontos de Restauração ========================= 13-10-2022 08:35:40 Instalador de Módulos do Windows 21-10-2022 16:32:57 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============ Name: Controlador de High Definition Audio Description: Controlador de High Definition Audio Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (10/29/2022 07:28:03 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Start Broadcast Receiver Server... Error: (10/29/2022 07:28:03 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Wait Workflow Commands request from device. Error: (10/29/2022 07:28:03 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Start Server... Error: (10/29/2022 07:28:03 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Start Server... Error: (10/29/2022 07:28:03 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList[1]: 169.254.121.71 Error: (10/29/2022 07:28:03 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList[0]: fe80::c5d2:886e:1f41:7947%9 Error: (10/29/2022 07:28:03 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList.Length: 2 Error: (10/29/2022 07:28:03 AM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Valor não pode ser nulo. Nome do parâmetro: ipString Erros de Sistema: ============= Error: (10/29/2022 04:44:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Brother Workflow Application Controller foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (10/29/2022 04:44:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Brother USB Application Controller foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (10/29/2022 07:27:59 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento do sistema que ocorreu às 05:50:21 do dia ‎29/‎10/‎2022 não era esperado. Error: (10/29/2022 03:16:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200b: Intel - System - 7/18/2017 12:00:00 AM - 11.7.0.1040. Error: (10/29/2022 03:16:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200b: Intel Corporation driver update for Intel(R) HD Graphics 4600. Error: (10/29/2022 03:16:26 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200b: Brother - Printer - 4/22/2009 12:00:00 AM - 10.0.17119.1. Error: (10/28/2022 06:37:35 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200b: Intel - System - 7/18/2017 12:00:00 AM - 11.7.0.1040. Error: (10/28/2022 06:37:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x8024200b: Intel Corporation driver update for Intel(R) HD Graphics 4600. Windows Defender: ================ Date: 2022-10-27 22:55:28 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {9D98BD79-C614-46FE-A6C6-F3B7E53CADD5} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-10-27 09:17:00 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {9FB4523F-A180-43B5-973D-4B909FFD5DCE} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-10-25 22:53:54 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {C5E0D212-0601-4091-A952-01D044FF34FE} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-10-25 07:50:46 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {DE12699B-F1C5-4CE1-AD3B-A62B9543F3F5} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-10-24 09:30:43 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {9ABDD911-90BD-46AC-A1B1-526A30C675A7} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA  CodeIntegrity: =============== Date: 2022-10-29 15:57:31 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2022-10-29 15:34:51 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: American Megatrends Inc. F5 01/20/2014 placa-mãe: Gigabyte Technology Co., Ltd. H81M-H Processador: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz Percentagem de memória em uso: 23% RAM física total: 16270.8 MB RAM física disponível: 12396.63 MB Virtual Total: 18702.8 MB Virtual disponível: 15030.6 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:111.17 GB) (Free:42.07 GB) (Model: KINGSTON SV300S37A120G) NTFS Drive z: (Disco Local) (Fixed) (Total:465.76 GB) (Free:180.68 GB) (Model: StoreJet Transcend USB Device) NTFS \\?\Volume{319848c5-55e8-4ba2-916e-50b7467918f8}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS \\?\Volume{ffff87c3-2025-4ba7-bbad-05431fb493b7}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: 08DDE0F9) Partition: GPT. ========================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: B8140510) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt =======================