Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 20-01-2023 Executado por User (23-01-2023 18:42:37) Executando a partir de C:\Users\User\Desktop Microsoft Windows 10 Pro Versão 21H2 19044.2486 (X64) (2019-12-07 07:05:46) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-1657209916-3698779994-3562846091-500 - Administrator - Disabled) Convidado (S-1-5-21-1657209916-3698779994-3562846091-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1657209916-3698779994-3562846091-503 - Limited - Disabled) User (S-1-5-21-1657209916-3698779994-3562846091-1001 - Administrator - Enabled) => C:\Users\User WDAGUtilityAccount (S-1-5-21-1657209916-3698779994-3562846091-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 22.003.20310 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Amazon Games (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.3.8425.2 - Amazon.com Services, Inc.) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.12.6044 - Avast Software) Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 109.1.47.171 - Autores do Brave) Discord (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\Discord) (Version: 1.0.9007 - Discord Inc.) EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.89.0.5346 - Electronic Arts) Hidden EA app (HKLM-x32\...\{014fa904-eb9d-4318-8434-c40951edfdb8}) (Version: 12.89.0.5346 - Electronic Arts) Epic Games Launcher (HKLM-x32\...\{792AE4CE-8FD8-406B-82D7-4C3374E402F3}) (Version: 1.3.51.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.5 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{DBC38C08-9FB5-43A5-B6BA-EB10AC7DA570}) (Version: 3.11.0053 - Seiko Epson Corporation) EPSON L3250 Series Printer Uninstall (HKLM\...\EPSON L3250 Series) (Version: - Seiko Epson Corporation) Epson Photo+ (HKLM-x32\...\{5DCB4864-C363-4654-89BF-42660B841136}) (Version: 3.7.1.0 - Seiko Epson Corporation) Epson Printer Connection Checker (HKLM-x32\...\{562C1C83-6199-49DD-987B-60D5FF7BC971}) (Version: 3.3.2.0 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.) EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.) Epson ScanSmart (HKLM-x32\...\{948F96A1-DA95-455C-8086-A77CDC184770}) (Version: 3.6.5 - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{26A9B753-4B5D-46D8-A329-5CEF96FC22D2}) (Version: 4.6.5 - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) FormatFactory 5.13.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.13.0.0 - Free Time) Fortrek G Pro K7 PLUS (HKLM-x32\...\{CEC46A8A-2B68-4AE4-871D-59622D67C88F}_is1) (Version: 1.0.4 - Fortrek) GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.75 - Google LLC) Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Java 8 Update 341 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180341F0}) (Version: 8.0.3410.10 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Manual Epson L3250_L3251 (HKLM-x32\...\UsersGuideManual Epson L3250_L3251_is1) (Version: 1.0 - Epson America, Inc.) Microsoft .NET Host - 5.0.10 (x86) (HKLM-x32\...\{EEC610D2-6934-4567-A658-092A1429A21A}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.10 (x86) (HKLM-x32\...\{29F55E7D-9FB8-4F1D-A233-1F5995CB0FF5}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.10 (x86) (HKLM-x32\...\{17675144-2D5B-4BA3-AF21-A65F7D824149}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft 365 Apps para Grandes Empresas - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.15629.20156 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.61 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.61 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{6BBE9278-659F-FA16-E4B8-C2D60DE0DCC7}) (Version: 10.1.22621.1863 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.002.0102.0004 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\Teams) (Version: 1.5.00.8070 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016 (HKLM\...\{F07B1E25-5670-4556-9C7F-5A1966C83269}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016 (HKLM\...\{E493B8F4-E300-43EC-95D0-BDF3711297EA}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016 (HKLM-x32\...\{5CD4E357-9ED6-42AC-B654-F1FC21DD60C9}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016 (HKLM-x32\...\{E2C131AD-D30F-4D67-ACE9-B3D485E84DA8}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{ba8ab6bd-ad21-447e-b617-feee84353247}) (Version: 5.0.10.30418 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{DCE5198A-7449-4F9F-A630-C8363759D0FB}) (Version: 40.40.30418 - Microsoft Corporation) Hidden Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 106.0 (x64 pt-BR)) (Version: 106.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 105.0.3 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20156 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.5.116.52126 - Electronic Arts, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation) TeamViewer (HKLM\...\TeamViewer) (Version: 15.34.4 - TeamViewer) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 135.0.10753 - Ubisoft) Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) WhatsApp (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\WhatsApp) (Version: 2.2246.10 - WhatsApp) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) ZombsRoyale.io (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\519338998791929866) (Version: - ) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.39.3.0_x64__6rarf9sa4v8jt [2022-10-13] (Disney) Email e Calendário -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad] iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa [2023-01-22] (Apple Inc.) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2022-10-13] (Microsoft Studios) [MS Ad] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.5002.0_x64__8wekyb3d8bbwe [2022-11-30] (Microsoft Studios) Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2022-11-05] (Microsoft Studios) MSN Clima -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2022-10-13] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2022-10-13] (Skype) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0 [2022-10-13] (Spotify AB) [Startup Task] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1657209916-3698779994-3562846091-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22062.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2022-04-19] (Free Time) [Arquivo não assinado] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2022-04-19] (Free Time) [Arquivo não assinado] ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\User\Desktop\Joana - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\J - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ==================== Módulos Carregados (Whitelisted) ============= 2020-02-07 17:20 - 2020-02-07 17:20 - 000132096 _____ (Seiko Epson Corporation) [Arquivo não assinado] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll 2018-03-05 16:41 - 2018-03-05 16:41 - 000057856 _____ (Seiko Epson Corporation) [Arquivo não assinado] C:\Program Files (x86)\Epson Software\Event Manager\EPNWPSHDevFinder.DLL 2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [Arquivo não assinado] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll 2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [Arquivo não assinado] C:\Windows\System32\enppmon.dll 2022-10-22 20:30 - 2022-10-22 20:30 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] C:\Program Files (x86)\Origin\LIBEAY32.dll 2022-10-22 20:30 - 2022-10-22 20:30 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] C:\Program Files (x86)\Origin\ssleay32.dll 2022-10-22 20:30 - 2022-10-22 20:30 - 001611264 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 005487104 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Core.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 005841920 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Gui.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 001179136 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Network.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 000146432 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 005089792 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 000184832 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Xml.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_341\bin\ssv.dll [2022-10-13] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-10-13] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\localhost -> localhost ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-12-07 06:14 - 2023-01-23 17:58 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\ HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "GogGalaxy" HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "Steam" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{E585E003-B514-464C-B67E-9DB70C791CBB}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Seiko Epson Corporation) [Arquivo não assinado] FirewallRules: [UDP Query User{C3FAA1D1-D284-4817-BACB-47DC783DE8DD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Seiko Epson Corporation) [Arquivo não assinado] FirewallRules: [{E8754F2E-3AFF-451B-8A3A-7FF737B29BBA}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Seiko Epson Corporation) [Arquivo não assinado] FirewallRules: [{1A157E51-69DD-410A-A7A9-F7E005A33BFC}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe (Seiko Epson Corporation) [Arquivo não assinado] ==================== Pontos de Restauração ========================= ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (01/23/2023 05:58:26 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina QueryFullProcessImageNameW. hr = 0x8007001f, Um dispositivo conectado ao sistema não está funcionando. . Operação: Executando Operação Assíncrona Contexto: Estado Atual: DoSnapshotSet Error: (01/23/2023 05:58:03 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {9b4a120b-cfbb-4cd3-894e-e877c2ad152a} Error: (01/23/2023 04:11:55 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: ) Description: Event-ID 12007 Error: (01/23/2023 04:11:55 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/22/2023 07:48:54 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: A Central de Segurança não validou o chamador com o erro %1. Error: (01/22/2023 07:40:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa FRST64.exe versão 20.1.2023.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 1554 Hora de Início: 01d92eb043a78dae Hora de Término: 4294967295 Caminho do Aplicativo: C:\Users\User\Desktop\FRST64.exe ID do Relatório: 2f02113b-64e1-4cb4-90d8-c1c38b006631 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Tipo com falha: Top level window is idle Error: (01/22/2023 07:17:50 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: A Central de Segurança não validou o chamador com o erro %1. Error: (01/21/2023 11:37:31 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Erros de Sistema: ============= Error: (01/23/2023 05:58:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Origin Web Helper Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/23/2023 05:58:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço. Error: (01/23/2023 05:58:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço AltruisticsService foi encerrado inesperadamente. Isso aconteceu 2 vez(es). Error: (01/23/2023 05:58:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Gaming Services foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/23/2023 05:58:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço TeamViewer foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 2000 milissegundos: Reiniciar o serviço. Error: (01/23/2023 05:58:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Gaming Services foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/23/2023 05:58:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço FeelgoodDestroyaWH foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 100 milissegundos: Reiniciar o serviço. Error: (01/23/2023 05:58:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço GameInput Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar o serviço. Windows Defender: ================ Date: 2023-01-18 12:55:35 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Malgent!MSR&threatid=2147742994&enterprise=0 Nome: Trojan:Win32/Malgent!MSR Gravidade: Grave Categoria: Cavalo de Tróia Caminho: file:_C:\Program Files (x86)\Stereotyped Arithmetic Solution\Performance\PerformanceA.exe Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: DESKTOP-8MSIH6J\User Nome do Processo: C:\Program Files (x86)\Stereotyped Arithmetic Solution\pcapd.exe Versão da Inteligência de Segurança: AV: 1.381.2379.0, AS: 1.381.2379.0, NIS: 1.381.2379.0 Versão do Mecanismo: AM: 1.1.19900.2, NIS: 1.1.19900.2 Date: 2023-01-18 12:49:39 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Malgent!MSR&threatid=2147742994&enterprise=0 Nome: Trojan:Win32/Malgent!MSR Gravidade: Grave Categoria: Cavalo de Tróia Caminho: file:_C:\Program Files (x86)\Stereotyped Arithmetic Solution\Performance\PerformanceA.exe Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: DESKTOP-8MSIH6J\User Nome do Processo: C:\Program Files (x86)\Stereotyped Arithmetic Solution\pcapd.exe Versão da Inteligência de Segurança: AV: 1.381.2379.0, AS: 1.381.2379.0, NIS: 1.381.2379.0 Versão do Mecanismo: AM: 1.1.19900.2, NIS: 1.1.19900.2 Date: 2023-01-18 12:38:30 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Malgent!MSR&threatid=2147742994&enterprise=0 Nome: Trojan:Win32/Malgent!MSR Gravidade: Grave Categoria: Cavalo de Tróia Caminho: file:_C:\Program Files (x86)\Stereotyped Arithmetic Solution\Performance\PerformanceA.exe Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: DESKTOP-8MSIH6J\User Nome do Processo: C:\Program Files (x86)\Stereotyped Arithmetic Solution\pcapd.exe Versão da Inteligência de Segurança: AV: 1.381.2366.0, AS: 1.381.2366.0, NIS: 1.381.2366.0 Versão do Mecanismo: AM: 1.1.19900.2, NIS: 1.1.19900.2 Date: 2023-01-18 09:48:09 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {AA8BBEC3-3A9D-456A-9BCD-A3D0B9F534E2} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2023-01-16 22:59:02 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {C35A1BCF-66AC-441D-B259-FB50A4110C57} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA  CodeIntegrity: =============== Date: 2023-01-23 18:38:24 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2023-01-23 18:17:56 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: Award Software International, Inc. F1 12/24/2010 placa-mãe: Gigabyte Technology Co., Ltd. M68MT-S2P Processador: AMD Athlon(tm) II X2 270 Processor Percentagem de memória em uso: 76% RAM física total: 4094.46 MB RAM física disponível: 977.12 MB Virtual Total: 6014.46 MB Virtual disponível: 2611.75 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.57 GB) (Free:326.26 GB) (Model: SanDisk SSD PLUS 480 SCSI Disk Device) NTFS \\?\Volume{5f201af2-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS \\?\Volume{5f201af2-0000-0000-0000-d0a76f000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 5F201AF2) Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=519 MB) - (Type=27) ==================== Fim de Addition.txt =======================