Analise de log - Pc abrindo notificações do win com notfreeads.com

[Galles]

# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build:    03-23-2022
# Database: 2022-06-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-07-2022
# Duration: 00:00:00
# OS:       Windows 10 Pro
# Cleaned:  0
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1405 octets] - [25/01/2021 15:02:41]
AdwCleaner[C00].txt - [1595 octets] - [25/01/2021 15:04:39]
AdwCleaner[S01].txt - [1527 octets] - [25/01/2021 15:06:29]
AdwCleaner[C01].txt - [1717 octets] - [25/01/2021 15:06:39]
AdwCleaner[S02].txt - [1710 octets] - [07/08/2022 17:55:14]
AdwCleaner[S03].txt - [1771 octets] - [07/08/2022 17:57:16]
AdwCleaner[C03].txt - [1941 octets] - [07/08/2022 17:57:24]
AdwCleaner[S04].txt - [1832 octets] - [07/08/2022 17:58:08]
AdwCleaner[C04].txt - [2022 octets] - [07/08/2022 17:58:21]
AdwCleaner[S05].txt - [1954 octets] - [07/08/2022 18:01:49]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C05].txt ##########

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 04-08-2022
Executado por marce (administrador) em DESKGALLES (Gigabyte Technology Co., Ltd. H81M-S1) (07-08-2022 18:04:11)
Executando a partir de C:\Users\marce\Desktop
Perfis Carregados: marce
Plataforma: Microsoft Windows 10 Pro Versão 21H2 19044.1826 (X64) Idioma: Português (Brasil)
Navegador padrão: Edge
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCopyAccelerator.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.132\GoogleCrashHandler64.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) D:\Origin\OriginWebHelperService.exe
(services.exe ->) (INTELBRAS S.A. INDUSTRIA DE TELECOM ELETRONICA BRASILEIRA -> ) C:\Program Files\Intelbras\SIMNext\Local Recording Service\SIMNext.LocalRecording.exe
(services.exe ->) (Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_4.67.21001.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_4.67.21001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_9de4645e348173bf\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) C:\Program Files\Topaz OFD\Warsaw\core.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [707768 2022-03-10] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\61.0.3.0\GoogleDriveFS.exe [51041096 2022-07-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\61.0.3.0\GoogleDriveFS.exe [51041096 2022-07-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2640272 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (Nenhum Arquivo)
HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Run: [MicrosoftEdgeAutoLaunch_6A7EFD9FB16063B23C21C72578A008BC] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3827112 2022-08-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\61.0.3.0\GoogleDriveFS.exe [51041096 2022-07-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [146944768 2022-07-27] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (Nenhum Arquivo)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\61.0.3.0\GoogleDriveFS.exe [51041096 2022-07-18] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\103.0.5060.134\Installer\chrmstp.exe [2022-07-22] (Google LLC -> Google LLC)
Startup: C:\Users\marce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2022-02-22]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {02361313-A4FD-4682-8180-9015685CD869} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145312 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {1B088CA9-0A72-4419-811E-622CA52F8696} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {231E2347-6EC3-437E-A4D6-630497A04D4C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {3BB6DB00-2E2B-4620-85CE-B1C06C5ADFD5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-29] (Google LLC -> Google LLC)
Task: {447B6A34-C1C0-461D-A0F4-68D7E0FB53F9} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [64416 2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {5232ABE2-225B-46A6-AB10-2B8140484B77} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-01] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5D36E30B-DB1E-4274-914C-F8BE92593DCF} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646344 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {7123EE62-ECC2-4C00-AE03-243A3358FC3F} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {72E2E9DB-711A-4C51-846E-13EBBE980034} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1602253523-1079814496-1200024627-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4214168 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {72F2396D-C90B-4555-ACA6-A972E85BAC5C} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906752 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {76E4003E-3020-4D8F-B56D-7BAE730E41EA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342080 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {9D8A3A70-96B1-4002-B8B8-DE55901E9963} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A255CC76-4B61-4B35-ACDE-8D0E72D5AF9A} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A7A99C1D-F6CB-44D0-B545-7564C1E6100E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {A7B9E8B3-33B0-4882-87D3-2DA0FBAA0985} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {ABED21B4-E375-4B75-9B0F-C2355AB810BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AC076255-E39A-4EB8-AE52-ACA46940166A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MpCmdRun.exe [993008 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AD4723FC-FAC6-4955-9DF9-52F18413B23A} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145312 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {B3CFBC58-44B3-4E26-9046-2F560E96C09C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)
Task: {B6AC622A-566E-4395-B244-46D7AC264AC2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23378864 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {C9444312-B8E4-4949-B176-8770537CA9DF} - System32\Tasks\CorelUpdateHelperTask-DF8CB56F80FDA803EEC12FAD85F1AEE7 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (Nenhum Arquivo)
Task: {E928970D-1716-45E0-8C17-3764171570E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.)
Task: {EEA5536C-4342-44F2-A408-4AF534E2C350} - System32\Tasks\CorelUpdateHelperTask-F2251323A7EB7D50F4B6576B0063142D => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (Nenhum Arquivo)
Task: {F75FD6AA-6276-4714-8186-3384388F3835} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-29] (Google LLC -> Google LLC)
Task: {F9CEAF6E-FB31-48B7-86B3-7F6EB757C450} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1654272 2022-03-30] (Nvidia Corporation -> NVIDIA Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 181.213.132.6 181.213.132.7
Tcpip\..\Interfaces\{404e491d-3b15-4590-9e1a-9a718da29f73}: [DhcpNameServer] 181.213.132.6 181.213.132.7

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\marce\AppData\Local\Microsoft\Edge\User Data\Default [2022-08-07]
Edge Notifications: Default -> hxxps://cartoes.itau.com.br; hxxps://desktopnotificationshub.com; hxxps://notfreeads.com

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.331.2 -> C:\Program Files\Java\jre1.8.0_331\bin\dtplugin\npDeployJava1.dll [2022-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.331.2 -> C:\Program Files\Java\jre1.8.0_331\bin\plugin2\npjp2.dll [2022-04-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-07-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [Arquivo não assinado]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\marce\AppData\Local\Google\Chrome\User Data\Default [2022-08-07]
CHR Notifications: Default -> hxxps://theshafou.com
CHR Extension: (Google Tradutor) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2022-03-10]
CHR Extension: (Panic Button) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2021-07-07]
CHR Extension: (ReclameAqui+) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhamhppabjaafimidmelnmpfangjdnhj [2022-06-30]
CHR Extension: (Botão do Google Acadêmico) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2021-08-30]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Profile: C:\Users\marce\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-09-09]
CHR Profile: C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-01-19]
CHR Extension: (Apresentações) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-09]
CHR Extension: (Safe Torrent Scanner) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-01-19]
CHR Extension: (Documentos) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-09]
CHR Extension: (Google Drive) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-09]
CHR Extension: (YouTube) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-09]
CHR Extension: (Adobe Acrobat) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2021-09-09]
CHR Extension: (Planilhas) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-09]
CHR Extension: (Documentos Google off-line) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-09]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-09]
CHR Extension: (Gmail) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-09]
CHR Profile: C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 2 [2022-06-20]
CHR Extension: (Safe Torrent Scanner) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-06-20]
CHR Extension: (Adobe Acrobat: ferramentas de edição, conversão e assinatura de PDFs) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-20]
CHR Extension: (Documentos Google off-line) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-20]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\marce\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-20]
CHR Profile: C:\Users\marce\AppData\Local\Google\Chrome\User Data\System Profile [2021-09-09]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8906088 2022-04-12] (BattlEye Innovations e.K. -> )
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12111288 2022-07-21] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1135648 2022-08-02] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-12-01] (Epic Games Inc. -> Epic Games, Inc.)
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [17456368 2022-08-07] (EnigmaSoft Limited -> EnigmaSoft Limited)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncHelper.exe [3387808 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
S2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-08-19] (HP Inc. -> HP Inc.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10876672 2022-07-27] (Logitech Inc -> Logitech, Inc.)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.141.0703.0002\OneDriveUpdaterService.exe [3827616 2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2575624 2022-05-27] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; D:\Origin\OriginWebHelperService.exe [3494672 2022-05-27] (Electronic Arts, Inc. -> Electronic Arts)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2020-12-30] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [537840 2022-08-07] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 SIMNextLocalRecording; C:\Program Files\Intelbras\SIMNext\Local Recording Service\SIMNext.LocalRecording.exe [55304 2022-06-02] (INTELBRAS S.A. INDUSTRIA DE TELECOM ELETRONICA BRASILEIRA -> )
R2 Warsaw Technology; C:\Program Files\Topaz OFD\Warsaw\core.exe [1004448 2022-04-12] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\NisSrv.exe [3120992 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe [133544 2022-06-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_9de4645e348173bf\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_9de4645e348173bf\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [287744 2022-05-13] (Microsoft Corporation) [Arquivo não assinado]
S3 fdrawcmd; C:\Windows\system32\drivers\fdrawcmd.sys [33144 2010-04-24] (Simon Owen -> simonowen.com)
R1 googledrivefs3758; C:\Windows\System32\DRIVERS\googledrivefs3758.sys [384584 2022-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2018-10-05] (Logitech -> Logitech Inc.)
R3 logi_generic_hid_filter; C:\Windows\System32\drivers\logi_generic_hid_filter.sys [56368 2022-07-27] (Logitech Inc -> Logitech)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [33528 2022-03-23] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [21704 2022-03-23] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [62904 2022-03-23] (WDKTestCert builder,132743893872553407 -> Logitech)
R3 logi_mouse_hid_filter; C:\Windows\System32\drivers\logi_mouse_hid_filter.sys [55856 2022-07-27] (Logitech Inc -> Logitech)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [48552 2021-11-01] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)
S3 RzCommon; C:\Windows\System32\drivers\RzCommon.sys [54632 2021-03-30] (Razer USA Ltd. -> Razer Inc)
S3 RzDev_006e; C:\Windows\System32\drivers\RzDev_006e.sys [56152 2021-03-22] (Razer USA Ltd. -> Razer Inc)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49576 2022-06-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [452856 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [91384 2022-06-23] (Microsoft Windows -> Microsoft Corporation)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [39488 2022-08-07] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R1 wsddntf; C:\Windows\system32\DRIVERS\wsddntf.sys [51160 2021-02-11] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [34768 2021-02-11] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [36768 2022-02-25] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
S3 xhunter1; C:\Windows\xhunter1.sys [2522256 2022-07-06] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2022-08-07 18:04 - 2022-08-07 18:04 - 000025791 _____ C:\Users\marce\Desktop\FRST.txt
2022-08-07 18:03 - 2022-08-07 18:04 - 000000000 ____D C:\FRST
2022-08-07 18:02 - 2022-08-07 18:02 - 000002144 _____ C:\Users\marce\Desktop\AdwCleaner.txt
2022-08-07 18:00 - 2022-08-07 18:00 - 002370048 _____ (Farbar) C:\Users\marce\Desktop\FRST64.exe
2022-08-07 17:54 - 2022-08-07 17:54 - 008551608 _____ (Malwarebytes) C:\Users\marce\Desktop\adwcleaner.exe
2022-08-07 12:13 - 2022-08-07 12:13 - 000001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
2022-08-07 12:13 - 2022-08-07 12:13 - 000001058 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2022-08-07 12:13 - 2022-08-07 12:13 - 000000000 ____D C:\sh5ldr
2022-08-07 12:13 - 2022-08-07 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2022-08-07 12:13 - 2022-08-07 12:13 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2022-08-07 12:13 - 2022-08-07 12:13 - 000000000 ____D C:\Program Files\EnigmaSoft
2022-08-07 12:11 - 2022-08-07 12:11 - 006705440 _____ (EnigmaSoft Limited) C:\Users\marce\Downloads\SpyHunter-5.12-122-18929-Installer.exe
2022-08-06 08:49 - 2022-08-06 08:49 - 000000000 ____D C:\Users\marce\AppData\LocalLow\Game Labs
2022-08-06 08:40 - 2022-08-06 08:40 - 000000203 _____ C:\Users\marce\Desktop\This Land Is My Land.url
2022-08-05 07:27 - 2022-08-05 07:38 - 000000000 ____D C:\Users\marce\Downloads\A Última Vítima 2022 WEB-DL 1080p DUAL 5.1
2022-08-05 07:05 - 2022-08-05 07:05 - 000000000 ____D C:\Users\marce\Downloads\O Predador - A Caçada 2022 WEB-DL 1080p DUAL 5.1
2022-08-03 19:46 - 2022-08-03 19:46 - 000001164 _____ C:\Users\marce\Desktop\Microsoft Flight Simulator.lnk
2022-08-02 13:14 - 2022-08-02 13:14 - 000000000 ____D C:\Users\marce\AppData\Local\Deadside
2022-08-02 12:57 - 2022-08-02 12:57 - 000000202 _____ C:\Users\marce\Desktop\Deadside.url
2022-07-30 08:34 - 2022-07-29 18:06 - 010171005 _____ C:\Users\marce\Downloads\Vídeo do WhatsApp de 2022-07-29 à(s) 18.06.02.mp4
2022-07-28 10:26 - 2022-07-28 10:26 - 000000000 ____D C:\Users\marce\AppData\LocalLow\1M Bits Horde
2022-07-28 10:11 - 2022-07-28 10:11 - 000000203 _____ C:\Users\marce\Desktop\Spirit Of The Island.url
2022-07-27 12:17 - 2022-07-27 12:17 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2022-07-27 12:17 - 2022-07-27 12:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2022-07-27 12:17 - 2022-07-27 12:17 - 000000000 ____D C:\Program Files\LGHUB
2022-07-27 07:42 - 2022-07-27 07:42 - 000056368 _____ (Logitech) C:\Windows\system32\Drivers\logi_generic_hid_filter.sys
2022-07-27 07:42 - 2022-07-27 07:42 - 000055856 _____ (Logitech) C:\Windows\system32\Drivers\logi_mouse_hid_filter.sys
2022-07-22 16:32 - 2022-07-22 16:42 - 000000000 ____D C:\Users\marce\Downloads\[ACESSE COMANDOTORRENTS.COM] Duro de Matar - A Vingança 1995 [720p] [WEB-DL] [DUAL]
2022-07-19 16:19 - 2022-07-19 16:19 - 000000000 ____D C:\Users\marce\AppData\LocalLow\James Bendon
2022-07-19 16:18 - 2022-07-19 16:18 - 000000203 _____ C:\Users\marce\Desktop\Dinkum.url
2022-07-19 09:45 - 2022-07-19 09:45 - 034064120 _____ C:\Users\marce\Downloads\Resumo - Como anunciar no Google Ads 2022 - Adriano Gianini.pdf
2022-07-17 08:43 - 2022-07-17 08:47 - 000000000 ____D C:\Users\marce\Downloads\Viúva Negra 2021 WEB-DL 1080p DUAL 5.1
2022-07-16 18:15 - 2022-07-16 18:15 - 000508969 _____ C:\Users\marce\Downloads\Calendário Presencial 2020.2 - Aluno UNESA.7.pdf
2022-07-14 19:28 - 2022-07-14 19:28 - 000001346 _____ C:\Users\marce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Games.lnk
2022-07-14 19:28 - 2022-07-14 19:28 - 000001338 _____ C:\Users\marce\Desktop\Amazon Games.lnk
2022-07-14 19:28 - 2022-07-14 19:28 - 000000000 ____D C:\Users\marce\AppData\Roaming\electron-platform
2022-07-14 19:28 - 2022-07-14 19:28 - 000000000 ____D C:\Users\marce\AppData\Local\Amazon Games
2022-07-13 17:16 - 2022-07-13 17:16 - 002260480 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000693248 _____ C:\Windows\system32\FsNVSDeviceSource.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000640512 _____ C:\Windows\system32\SettingSyncDownloadHelper.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000530944 _____ (curl, hxxps://curl.se/) C:\Windows\system32\curl.exe
2022-07-13 17:16 - 2022-07-13 17:16 - 000470528 _____ (curl, hxxps://curl.se/) C:\Windows\SysWOW64\curl.exe
2022-07-13 17:16 - 2022-07-13 17:16 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000270848 _____ C:\Windows\system32\EsclScan.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000152064 _____ C:\Windows\system32\EsclProtocol.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000061952 _____ C:\Windows\system32\printticketvalidation.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000057344 _____ C:\Windows\system32\APMonUI.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000033280 _____ (Microsoft Corporation) C:\Windows\system32\mode.com
2022-07-13 17:16 - 2022-07-13 17:16 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mode.com
2022-07-13 17:16 - 2022-07-13 17:16 - 000024576 _____ C:\Windows\system32\WsdProviderUtil.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000020992 _____ (Microsoft Corporation) C:\Windows\system32\tree.com
2022-07-13 17:16 - 2022-07-13 17:16 - 000018944 _____ C:\Windows\SysWOW64\WsdProviderUtil.dll
2022-07-13 17:16 - 2022-07-13 17:16 - 000017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tree.com
2022-07-13 17:16 - 2022-07-13 17:16 - 000014848 _____ (Microsoft Corporation) C:\Windows\system32\chcp.com
2022-07-13 17:16 - 2022-07-13 17:16 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chcp.com
2022-07-13 17:16 - 2022-07-13 17:16 - 000011811 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-07-13 17:07 - 2022-07-13 17:07 - 000000000 ___HD C:\$WinREAgent

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2022-08-07 18:02 - 2020-12-29 15:29 - 000000000 ____D C:\ProgramData\NVIDIA
2022-08-07 17:57 - 2022-02-21 09:50 - 000000000 ____D C:\Users\marce\AppData\Roaming\LGHUB
2022-08-07 17:57 - 2021-01-25 15:02 - 000000000 ____D C:\AdwCleaner
2022-08-07 17:52 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-08-07 17:46 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-08-07 17:32 - 2020-12-29 15:41 - 000000000 ____D C:\Program Files (x86)\Google
2022-08-07 16:54 - 2020-11-18 23:45 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-08-07 09:08 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-08-07 09:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness
2022-08-07 08:35 - 2020-12-29 15:17 - 001742268 _____ C:\Windows\system32\PerfStringBackup.INI
2022-08-07 08:35 - 2019-12-07 11:53 - 000752540 _____ C:\Windows\system32\prfh0416.dat
2022-08-07 08:35 - 2019-12-07 11:53 - 000148654 _____ C:\Windows\system32\prfc0416.dat
2022-08-07 08:35 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF
2022-08-07 08:33 - 2020-11-18 23:48 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-08-07 08:33 - 2020-11-18 23:48 - 000002279 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-08-07 08:29 - 2022-02-21 09:50 - 000000000 ____D C:\Users\marce\AppData\Local\LGHUB
2022-08-07 08:29 - 2021-09-16 14:56 - 000000000 ____D C:\Users\Public\Logi
2022-08-07 08:29 - 2020-12-29 15:26 - 000000000 ___RD C:\Users\marce\OneDrive
2022-08-07 08:28 - 2022-04-18 13:01 - 000039488 _____ (Topaz OFD) C:\Windows\system32\Drivers\wsddfac.sys
2022-08-07 08:28 - 2020-12-29 15:25 - 000000000 __SHD C:\Users\marce\IntelGraphicsProfiles
2022-08-07 08:28 - 2020-12-29 15:24 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-08-07 08:28 - 2020-12-29 15:11 - 000008192 ___SH C:\DumpStack.log.tmp
2022-08-07 08:28 - 2020-11-18 23:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-08-06 22:56 - 2019-12-07 06:03 - 000786432 _____ C:\Windows\system32\config\BBI
2022-08-06 08:40 - 2021-01-12 07:56 - 000000000 ____D C:\Users\marce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2022-08-05 15:23 - 2021-03-27 11:32 - 000000000 ____D C:\Users\marce\Downloads\Telegram Desktop
2022-08-05 14:51 - 2021-02-09 07:58 - 000000000 ____D C:\Users\marce\AppData\Roaming\Telegram Desktop
2022-08-05 12:57 - 2021-01-17 19:18 - 000000000 ____D C:\Users\marce\AppData\Roaming\discord
2022-08-05 12:11 - 2021-01-17 19:18 - 000000000 ____D C:\Users\marce\AppData\Local\Discord
2022-08-05 07:44 - 2022-06-03 15:38 - 000000000 ____D C:\Users\marce\AppData\Roaming\uTorrent
2022-08-05 07:44 - 2020-12-29 18:16 - 000000000 ____D C:\Users\marce\AppData\Local\BitTorrentHelper
2022-08-05 07:06 - 2020-12-29 17:56 - 000000000 ____D C:\Users\marce\AppData\Local\D3DSCache
2022-08-04 20:15 - 2020-12-29 16:49 - 000000000 ____D C:\Users\marce\AppData\Local\Ubisoft Game Launcher
2022-08-03 19:46 - 2020-12-29 15:25 - 000000000 ____D C:\Users\marce\AppData\Local\Packages
2022-08-02 13:14 - 2022-02-04 19:38 - 000000000 ____D C:\Users\marce\AppData\Roaming\EasyAntiCheat
2022-08-02 13:14 - 2021-01-09 10:01 - 000000000 ____D C:\Users\marce\AppData\Local\UnrealEngine
2022-08-02 09:27 - 2020-12-29 15:27 - 000000000 ____D C:\Users\marce\AppData\Local\PlaceholderTileLogoFolder
2022-08-02 09:27 - 2020-11-18 23:49 - 000000000 ____D C:\ProgramData\Packages
2022-07-30 08:20 - 2020-12-30 08:20 - 002754000 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2022-07-30 08:20 - 2020-12-30 08:20 - 000234960 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy.dll
2022-07-30 08:20 - 2020-12-30 08:20 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2022-07-30 08:19 - 2021-11-18 06:58 - 000144856 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2022-07-30 08:19 - 2020-12-30 08:20 - 000402904 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2022-07-30 08:19 - 2020-12-30 08:20 - 000198096 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2022-07-30 08:19 - 2020-12-30 08:20 - 000067032 _____ (Microsoft Corporation) C:\Windows\system32\gamemodcontrol.exe
2022-07-28 12:12 - 2021-09-21 17:17 - 000002060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2022-07-28 12:12 - 2021-09-21 17:17 - 000001902 _____ C:\Users\Default\Desktop\Google Slides.lnk
2022-07-28 12:12 - 2021-09-21 17:17 - 000001902 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2022-07-28 12:12 - 2021-09-21 17:17 - 000001890 _____ C:\Users\Default\Desktop\Google Docs.lnk
2022-07-28 11:05 - 2020-12-29 15:22 - 000000000 ____D C:\Users\marce
2022-07-27 12:17 - 2021-09-16 14:53 - 000018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2022-07-26 17:48 - 2022-04-10 21:29 - 000000000 ____D C:\Users\marce\AppData\Local\Battle.net
2022-07-23 08:14 - 2021-07-30 10:54 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-07-22 16:51 - 2021-12-11 10:00 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1602253523-1079814496-1200024627-1001
2022-07-22 16:51 - 2021-07-30 10:55 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-07-22 16:51 - 2021-07-30 10:55 - 000002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-07-22 07:11 - 2020-12-29 15:42 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-07-21 09:45 - 2020-12-30 08:30 - 000000000 ____D C:\Program Files\Microsoft Office
2022-07-16 11:05 - 2020-11-18 23:45 - 000525648 _____ C:\Windows\system32\FNTCACHE.DAT
2022-07-16 11:04 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\PrintDialog
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\es-MX
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\DDFs
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellExperiences
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellComponents
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2022-07-16 11:04 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr
2022-07-14 19:47 - 2020-12-29 18:02 - 000000000 ____D C:\Users\marce\AppData\Roaming\Origin
2022-07-14 19:47 - 2020-12-29 18:02 - 000000000 ____D C:\ProgramData\Origin
2022-07-14 19:41 - 2020-12-29 18:02 - 000000000 ____D C:\Users\marce\AppData\Local\Origin
2022-07-14 07:39 - 2020-11-18 23:47 - 000003674 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-07-14 07:39 - 2020-11-18 23:47 - 000003550 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-07-14 06:59 - 2022-06-24 18:58 - 000000000 ____D C:\Program Files\Netmarble
2022-07-13 17:19 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp
2022-07-13 17:16 - 2020-11-18 23:47 - 003010560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2022-07-13 17:16 - 2020-11-18 20:29 - 000415550 __RSH C:\bootmgr
2022-07-13 17:05 - 2021-01-01 16:13 - 000000000 ____D C:\Windows\system32\MRT
2022-07-13 17:03 - 2021-01-01 16:13 - 146546848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-07-13 15:15 - 2021-11-06 09:10 - 000002076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-07-13 15:15 - 2021-11-06 09:10 - 000002064 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2022-07-13 15:15 - 2021-04-28 07:39 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2022-07-11 07:03 - 2021-01-21 19:08 - 000000000 ____D C:\Users\marce\AppData\Roaming\Corel
2022-07-11 07:03 - 2021-01-21 19:07 - 000000000 ____D C:\ProgramData\Corel
2022-07-11 07:03 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-07-10 10:48 - 2022-07-07 08:48 - 000003326 _____ C:\Windows\system32\Tasks\CorelUpdateHelperTask-DF8CB56F80FDA803EEC12FAD85F1AEE7

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 04-08-2022
Executado por marce (07-08-2022 18:05:29)
Executando a partir de C:\Users\marce\Desktop
Microsoft Windows 10 Pro Versão 21H2 19044.1826 (X64) (2020-12-29 18:13:49)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-1602253523-1079814496-1200024627-500 - Administrator - Disabled)
Convidado (S-1-5-21-1602253523-1079814496-1200024627-501 - Limited - Enabled)
DefaultAccount (S-1-5-21-1602253523-1079814496-1200024627-503 - Limited - Disabled)
marce (S-1-5-21-1602253523-1079814496-1200024627-1001 - Administrator - Enabled) => C:\Users\marce
WDAGUtilityAccount (S-1-5-21-1602253523-1079814496-1200024627-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\uTorrent) (Version: 3.5.5.46348 - BitTorrent Inc.)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 22.001.20169 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Amazon Games (HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.2.8063.2 - Amazon.com Services, Inc.)
Amazon Kindle (HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Amazon Kindle) (Version: 1.36.0.65107 - Amazon)
Assassin's Creed Valhalla (HKLM-x32\...\Uplay Install 13504) (Version:  - Ubisoft)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Backup and Sync from Google (HKLM\...\{696895F7-52C7-4C9E-998B-C7E0CC907092}) (Version: 3.57.4256.0809 - Google, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
CurseForge (HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.191.3.2 - Overwolf app)
Discord (HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{734ABDC9-B5B3-486A-8C56-D52FBFA5B08B}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{4B31654B-80C2-405C-91C9-49B14AEB0F42}) (Version: 2.0.32.0 - Epic Games, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fdrawcmd.sys 1.0.1.11 (HKLM-x32\...\fdrawcmd) (Version: 1.0.1.11 - Simon Owen)
Ghost Recon Breakpoint (HKLM-x32\...\Uplay Install 11903) (Version:  - Ubisoft)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.134 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 61.0.3.0 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intelbras SIM Next 1.21.3 (HKLM\...\{9B5AABEE-6576-4D09-9238-D74412C44617}_is1) (Version: 1.21.3 - Intelbras)
Java 8 Update 331 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180331F0}) (Version: 8.0.3310.9 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2022.7.290502 - Logitech)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Microsoft .NET Host - 5.0.6 (x64) (HKLM\...\{0541E599-10CB-44F4-A33A-32FE6DEA2F49}) (Version: 40.24.30020 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.6 (x64) (HKLM\...\{54F41FBB-AB2F-46B5-AA28-3C9492066E9C}) (Version: 40.24.30020 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.6 (x64) (HKLM\...\{DDBF9749-FF6E-419C-BAAD-9F4948B75DDE}) (Version: 40.24.30020 - Microsoft Corporation) Hidden
Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.15330.20264 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 104.0.1293.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.77 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator SimConnect Client v10.0.62615.0 (HKLM-x32\...\{33D89314-361A-4495-A1E1-0ACBCE08F78D}) (Version: 10.0.62615.0 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{A9CFD6A1-C0D3-7F37-C220-8B104867EF15}) (Version: 10.1.22621.1011 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.141.0703.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Teams) (Version: 1.5.00.14473 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29914 (HKLM-x32\...\{BD8C6100-7C7D-48DD-93BA-69F6828213FE}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29914 (HKLM-x32\...\{42365A3A-622A-4EED-A727-FE192A794AFD}) (Version: 14.28.29914 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 (HKLM-x32\...\{1edcd8d2-905a-4e93-bfdf-92ed5601528a}) (Version: 16.0.28801 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support (HKLM\...\{9D6CE289-E12C-38BB-9999-E2377EC118B7}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support (HKLM-x32\...\{7C931D41-F302-3494-868C-320A4F4DD9F9}) (Version: 16.0.28801 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.6 (x64) (HKLM\...\{0F871294-4452-40AB-BAAD-A1D624E7E405}) (Version: 40.24.30021 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.6 (x64) (HKLM-x32\...\{744f4ca7-5613-4d87-8332-b816ecf7dabd}) (Version: 5.0.6.30021 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MPC-HC 1.7.8 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.8 - MPC-HC Team)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Driver de áudio HD 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA Driver de gráficos 512.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.95 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.2.7521.31103277 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7521.31103277 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.25.1.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.1.27 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15330.20230 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.113.50894 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.188.0.22 - Overwolf Ltd.)
Revo Uninstaller 2.2.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.2.5 - VS Revo Group, Ltd.)
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.12.28.283 - EnigmaSoft Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teclado Gamer Fallen Ace v1.6.5 (HKLM-x32\...\{55619403-EE7B-440A-BB68-9763FE6EEFBD}_is1) (Version:  - FallenGear)
Telegram Desktop version 4.0.2 (HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.0.2 - Telegram FZ-LLC)
Tom Clancys Rainbow Six Extraction (HKLM-x32\...\Uplay Install 5271) (Version:  - Ubisoft)
Tom Clancy's The Division 2 (HKLM-x32\...\Uplay Install 4932) (Version:  - Ubisoft)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 117.0.10324 - Ubisoft)
Warsaw 2.31.1.1 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.31.1.1 - Topaz)
WhatsApp (HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\WhatsApp) (Version: 2.2138.13 - WhatsApp)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\ZoomUMX) (Version: 5.7.7 (1105) - Zoom vídeo Communications, Inc.)

Packages:
=========
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-05-17] (Microsoft Corporation)
Deezer Music -> C:\Program Files\WindowsApps\Deezer.62021768415AF_5.30.280.0_x86__q7m17pa7q8kj0 [2022-07-08] (Deezer SA)
HP Scan and Capture -> C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6 [2022-04-16] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_137.1.291.0_x64__v10z8vjag6ke6 [2022-07-12] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa [2022-07-02] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Flight Simulator -> C:\Program Files\WindowsApps\Microsoft.FlightSimulator_1.26.5.0_x64__8wekyb3d8bbwe [2022-08-03] (Microsoft Studios)
Microsoft Flight Simulator Digital Ownership -> C:\Program Files\WindowsApps\Microsoft.DigitalOwnership_1.0.1.0_x64__8wekyb3d8bbwe [2022-08-03] (Microsoft Studios)
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.75.52061.0_x64__8wekyb3d8bbwe [2022-07-26] (Microsoft Corporation) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-05-25] (NVIDIA Corp.)
PhotoScape X Pro -> C:\Program Files\WindowsApps\MooiiTech.PhotoScapeXPro_4.2.1.0_x64__f5eddttrpssna [2022-01-25] (Mooii Tech)
Reader for Adobe Acrobat file (PDF) -> C:\Program Files\WindowsApps\1847LMSoft.ReaderforAdobeAcrobatfilePDF_1.0.3.0_x64__kkc6pgmccym68 [2022-04-16] (LM Soft)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-08-31] (Adobe Systems Incorporated)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0 [2022-08-05] (Spotify AB) [Startup Task]
TranslucentTB -> C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_2021.5.0.0_x64__v826wp6bftszj [2022-08-02] (Charles Milette) [Startup Task]
WhatsApp Beta -> C:\Program Files\WindowsApps\5319275A.51895FA4EA97F_2.2230.4.0_x64__cv1g1gvanyjgm [2022-08-03] (WhatsApp Inc.) [Startup Task]

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-1602253523-1079814496-1200024627-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\marce\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22117.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1602253523-1079814496-1200024627-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\marce\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Nenhum Arquivo
ShellIconOverlayIdentifiers: [     OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [     OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\61.0.3.0\drivefsext.dll [2022-07-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\61.0.3.0\drivefsext.dll [2022-07-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\61.0.3.0\drivefsext.dll [2022-07-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\61.0.3.0\drivefsext.dll [2022-07-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2022-02-01] (Google LLC -> Google)
ShellIconOverlayIdentifiers-x32: [     OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [     OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\61.0.3.0\drivefsext.dll [2022-07-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\61.0.3.0\drivefsext.dll [2022-07-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2022-02-01] (Google LLC -> Google)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.141.0703.0002\FileSyncShell64.dll [2022-07-22] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\61.0.3.0\drivefsext.dll [2022-07-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvddi.inf_amd64_9de4645e348173bf\nvshext.dll [2022-05-21] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [Arquivo não assinado]

==================== Atalhos & WMI ========================

==================== Módulos Carregados (Whitelisted) =============

2022-06-27 15:31 - 2021-08-24 00:28 - 004264448 _____ () [Arquivo não assinado] c:\program files\intelbras\simnext\local recording service\avnetsdk.dll
2022-06-27 15:31 - 2021-08-24 00:28 - 004947456 _____ () [Arquivo não assinado] c:\program files\intelbras\simnext\local recording service\dhconfigsdk.dll
2022-06-27 15:31 - 2021-08-24 00:28 - 021352960 _____ () [Arquivo não assinado] C:\Program Files\Intelbras\SIMNext\Local Recording Service\dhnetsdk.dll
2022-06-27 15:31 - 2021-03-12 08:21 - 007651840 _____ () [Arquivo não assinado] C:\Program Files\Intelbras\SIMNext\Local Recording Service\dhplay.dll
2022-06-27 15:31 - 2021-03-12 08:10 - 001336832 _____ () [Arquivo não assinado] C:\Program Files\Intelbras\SIMNext\Local Recording Service\Infra.dll
2022-06-27 15:31 - 2020-05-19 16:35 - 000351232 _____ () [Arquivo não assinado] C:\Program Files\Intelbras\SIMNext\Local Recording Service\libt2u.dll
2022-06-27 15:31 - 2021-06-10 02:38 - 001780736 _____ () [Arquivo não assinado] C:\Program Files\Intelbras\SIMNext\Local Recording Service\NetSdk.dll
2022-06-27 15:31 - 2019-08-15 18:13 - 001265664 _____ () [Arquivo não assinado] C:\Program Files\Intelbras\SIMNext\Local Recording Service\runtimes\win-x64\native\e_sqlite3.dll
2022-06-27 15:31 - 2021-08-24 00:28 - 001965056 _____ () [Arquivo não assinado] c:\program files\intelbras\simnext\local recording service\StreamConvertor.dll
2022-06-27 15:31 - 2021-08-24 00:28 - 002368000 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] c:\program files\intelbras\simnext\local recording service\libeay32.dll
2022-06-27 15:31 - 2021-08-24 00:28 - 000452096 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] c:\program files\intelbras\simnext\local recording service\ssleay32.dll
2021-06-29 14:55 - 2020-12-29 18:03 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] D:\Origin\LIBEAY32.dll
2021-06-29 14:55 - 2020-12-29 18:03 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] D:\Origin\ssleay32.dll
2021-06-29 14:55 - 2020-12-29 18:03 - 001611264 _____ (The Qt Company Ltd) [Arquivo não assinado] D:\Origin\platforms\qwindows.dll
2022-06-09 16:33 - 2020-12-29 18:03 - 005487104 _____ (The Qt Company Ltd) [Arquivo não assinado] D:\Origin\Qt5Core.dll
2022-06-09 16:33 - 2020-12-29 18:03 - 005841920 _____ (The Qt Company Ltd) [Arquivo não assinado] D:\Origin\Qt5Gui.dll
2022-06-09 16:33 - 2020-12-29 18:03 - 001179136 _____ (The Qt Company Ltd) [Arquivo não assinado] D:\Origin\Qt5Network.dll
2022-06-09 16:33 - 2020-12-29 18:03 - 000146432 _____ (The Qt Company Ltd) [Arquivo não assinado] D:\Origin\Qt5WebSockets.dll
2022-06-09 16:33 - 2020-12-29 18:03 - 005089792 _____ (The Qt Company Ltd) [Arquivo não assinado] D:\Origin\Qt5Widgets.dll
2022-06-09 16:33 - 2020-12-29 18:03 - 000184832 _____ (The Qt Company Ltd) [Arquivo não assinado] D:\Origin\Qt5Xml.dll
2022-06-27 15:31 - 2021-06-10 02:38 - 000290816 _____ (XX) [Arquivo não assinado] C:\Program Files\Intelbras\SIMNext\Local Recording Service\StreamReader.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [2034]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aDXs4 [2614]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [2034]
AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [2034]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [2034]
AlternateDataStreams: C:\Users\marce\Dados de Aplicativos:33968ec9ed0abde4ce703a532c809fc9 [394]
AlternateDataStreams: C:\Users\marce\Dados de Aplicativos:955d2a2f697b1c9b40c63a2dd2b7d393 [394]
AlternateDataStreams: C:\Users\marce\AppData\Roaming:33968ec9ed0abde4ce703a532c809fc9 [394]
AlternateDataStreams: C:\Users\marce\AppData\Roaming:955d2a2f697b1c9b40c63a2dd2b7d393 [394]

==================== Modo de Segurança (Whitelisted) ==================

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_331\bin\ssv.dll [2022-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_331\bin\jp2ssv.dll [2022-04-21] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-07-08] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2019-12-07 06:14 - 2019-12-07 06:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\dotnet\
HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\marce\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\WallpaperDog-20464886.jpg
DNS Servers: 181.213.132.6 - 181.213.132.7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall do Windows está habilitado.

Network Binding:
=============
Ethernet: Topaz OFD Network Monitor -> nt_wsddntf (enabled) 

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{C1ACFA3D-E359-4018-B052-654011C63E10}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{C46801B3-549B-4758-9968-87BCAB8B1267}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1C0487D5-B7B8-4487-8B99-94D6D50CA1F2}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Nenhum Arquivo
FirewallRules: [{46F52E89-4A55-4793-BDF6-CE87248D54F2}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Nenhum Arquivo
FirewallRules: [{AA3DD6AD-3AA5-4707-93D2-0505E36F3DEC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{607635BD-70CA-4FCD-8CDF-3C5A0B6E6B21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{E3968608-053B-419E-9F61-797B3259523E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{F5462335-480B-44FB-8FC6-1D7AB68A6F0F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{76FD55EC-7D72-4FA4-B538-9B0D3B9E65F0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{373FD7FE-3AFE-4D58-BD4A-CDB617D8FE82}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{9F56BDD8-E0AE-4EF3-9A36-43B5057F99DA}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [{9D3C3A53-6D9A-44C9-903B-0F35D29969E3}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FirewallRules: [TCP Query User{0A56989C-463F-4CEB-BC13-D9720E73D57C}C:\users\marce\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\marce\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0F96A31A-B076-4EA3-B56E-EDF0F41FB3D9}C:\users\marce\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\marce\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7D46F145-7AA3-4E17-B16A-8E08881A5265}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3F01847C-4FC6-483C-9517-9B62E124E422}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{B075EED4-4018-46EA-A7F2-D816053F5629}D:\Steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\Steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{6775A410-E122-4EAE-B434-F76FF522BE3C}D:\Steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\Steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{133A132D-EDA0-45CF-8C16-ACF70D202042}D:\epic games\alienisolation\ai.exe] => (Allow) D:\epic games\alienisolation\ai.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{952B3034-FD49-4284-A4BA-C4C85AE0D07A}D:\epic games\alienisolation\ai.exe] => (Allow) D:\epic games\alienisolation\ai.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{AD0FF9FD-2F0B-4030-9418-7BC0BB21093E}D:\Steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\Steam\steamapps\common\7 days to die\7daystodie.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{996001DF-F3B5-4F05-AB62-2C14B3D2C63C}D:\Steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\Steam\steamapps\common\7 days to die\7daystodie.exe => Nenhum Arquivo
FirewallRules: [{92A01DA9-62AF-4F09-BFF4-56FBD2B436FE}] => (Allow) D:\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => Nenhum Arquivo
FirewallRules: [{DE7BF1DA-3FD8-4F44-ACAF-0DE0A817FF59}] => (Allow) D:\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{A7BB81D9-87B3-494E-A98A-DB6B1E18E34C}C:\program files\dotnet\dotnet.exe] => (Allow) C:\program files\dotnet\dotnet.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{123A05D7-D122-4A63-8078-1D9F52E4A21A}C:\program files\dotnet\dotnet.exe] => (Allow) C:\program files\dotnet\dotnet.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9D319B2D-2226-43CC-9B00-A80A466E833C}D:\epic games\alienisolation\ai.exe] => (Allow) D:\epic games\alienisolation\ai.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{EE03B7D7-5B2B-409D-9DAF-9179FCE23A96}D:\epic games\alienisolation\ai.exe] => (Allow) D:\epic games\alienisolation\ai.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{03EBE0FE-C4A3-4626-8588-F32FC280232C}C:\users\marce\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\marce\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5FDADF58-9A6C-4CCB-A3D5-0F66F2DA4DB5}C:\users\marce\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\marce\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{4782ADFB-61B6-4FAF-98CC-4018453CA0E1}D:\Steam\steamapps\common\gears5\geargame\binaries\Steam\gears5.exe] => (Allow) D:\Steam\steamapps\common\gears5\geargame\binaries\Steam\gears5.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{5FCB2E1F-5A03-4159-943F-471B7AEA86A1}D:\Steam\steamapps\common\gears5\geargame\binaries\Steam\gears5.exe] => (Allow) D:\Steam\steamapps\common\gears5\geargame\binaries\Steam\gears5.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{8A05BAFC-7A94-47FA-998E-DCE11CDB0EF0}D:\Steam\steamapps\common\conqueror's blade frontier\game\x64\ship\client\cc\ccmini.exe] => (Allow) D:\Steam\steamapps\common\conqueror's blade frontier\game\x64\ship\client\cc\ccmini.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{8377CAD6-01A9-413B-A2F4-C0F0B8EC25A6}D:\Steam\steamapps\common\conqueror's blade frontier\game\x64\ship\client\cc\ccmini.exe] => (Allow) D:\Steam\steamapps\common\conqueror's blade frontier\game\x64\ship\client\cc\ccmini.exe => Nenhum Arquivo
FirewallRules: [{E745E387-5F9B-4C91-BCAF-306779B570FF}] => (Allow) D:\Steam\steamapps\common\Conqueror's Blade Frontier\game\x64\Ship\client\proven_ground_client.exe => Nenhum Arquivo
FirewallRules: [{75A5B346-3D3B-48FF-A237-94AE0989693D}] => (Allow) D:\Steam\steamapps\common\Conqueror's Blade Frontier\game\x64\Ship\client\proven_ground_client.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{08974B1D-6B40-48BD-B8E6-7C671214754E}D:\Steam\steamapps\common\new world closed beta\bin64\newworld.exe] => (Allow) D:\Steam\steamapps\common\new world closed beta\bin64\newworld.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{36F48550-DCD1-4531-94DD-935A6A5FE517}D:\Steam\steamapps\common\new world closed beta\bin64\newworld.exe] => (Allow) D:\Steam\steamapps\common\new world closed beta\bin64\newworld.exe => Nenhum Arquivo
FirewallRules: [{D2199192-BF37-4D49-8176-C1AC03813E93}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => Nenhum Arquivo
FirewallRules: [{CC694FD4-364E-4443-8A8A-FD2739F21359}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => Nenhum Arquivo
FirewallRules: [{78460A39-B818-4206-87BF-14CAC6BA4275}] => (Allow) C:\Users\marce\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom vídeo Communications, Inc. -> Zoom vídeo Communications, Inc.)
FirewallRules: [{B4BD6404-6EE1-4E63-BB72-1C53F2EC86E6}] => (Allow) C:\Users\marce\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{59D84B6D-45F1-4D89-801D-D6F081EA92B3}] => (Allow) C:\Users\marce\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{DC623F75-E421-4B5A-8BE1-8059A9377FB3}D:\Steam\steamapps\common\new world playtest\bin64\newworld.exe] => (Allow) D:\Steam\steamapps\common\new world playtest\bin64\newworld.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{8B4730A9-62E3-4526-A6D0-BE7D8C452AD7}D:\Steam\steamapps\common\new world playtest\bin64\newworld.exe] => (Allow) D:\Steam\steamapps\common\new world playtest\bin64\newworld.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{BB2BCD97-383D-4976-8C04-38E148BFFCAC}D:\ubisoft game launcher\uplaywebcore.exe] => (Allow) D:\ubisoft game launcher\uplaywebcore.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [UDP Query User{BB115EAD-8D88-4E9C-B82E-6DD6DD3F0326}D:\ubisoft game launcher\uplaywebcore.exe] => (Allow) D:\ubisoft game launcher\uplaywebcore.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [TCP Query User{4A529B79-390E-4CFB-964A-AAB28C280A26}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{1F3F0D72-4A79-4A19-9578-D62C6341CD32}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{0FB4E755-8802-4CB4-B7DE-42E4023BF3F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D65DF83A-677E-4044-9EFF-98F95831CA94}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A3088C2F-A9F5-43D9-80EC-248CD14FDFB2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E67CCE0D-AF89-4F30-8ED3-C41B4C76B3BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{DD30BAF3-FEBD-4F51-AE74-54A500118A66}D:\epic games\thehuntercallofthewild\thehuntercotw_f.exe] => (Allow) D:\epic games\thehuntercallofthewild\thehuntercotw_f.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{027D45C5-DDAD-4C24-A9F4-D20A74AC3379}D:\epic games\thehuntercallofthewild\thehuntercotw_f.exe] => (Allow) D:\epic games\thehuntercallofthewild\thehuntercotw_f.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{08BBD437-F337-42CE-8340-ED9750828E01}D:\epic games\neverwinter\neverwinter\live\x64\gameclient.exe] => (Allow) D:\epic games\neverwinter\neverwinter\live\x64\gameclient.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{7903820A-3F9F-4A48-824A-DDCFE91EDEA0}D:\epic games\neverwinter\neverwinter\live\x64\gameclient.exe] => (Allow) D:\epic games\neverwinter\neverwinter\live\x64\gameclient.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{94E178FB-99E4-4982-B0DF-79E4048D0D82}D:\epic games\secondextinction\secondextinctioneos.exe] => (Allow) D:\epic games\secondextinction\secondextinctioneos.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{D720D4D2-5C56-439E-846A-7F5337FE51EB}D:\epic games\secondextinction\secondextinctioneos.exe] => (Allow) D:\epic games\secondextinction\secondextinctioneos.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{1F27CD9E-F583-4163-9CEE-BFF0C8297E94}D:\epic games\pathfinderkingmaker\kingmaker.exe] => (Allow) D:\epic games\pathfinderkingmaker\kingmaker.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{6112338B-4338-4891-A3F7-FBEC16303450}D:\epic games\pathfinderkingmaker\kingmaker.exe] => (Allow) D:\epic games\pathfinderkingmaker\kingmaker.exe => Nenhum Arquivo
FirewallRules: [{7DC33A41-CCCE-4B01-A4CB-E5AE838B98D7}] => (Allow) D:\Steam\steamapps\common\WTLOnline\WTL.exe => Nenhum Arquivo
FirewallRules: [{3B1BC366-FC48-49B6-8DE1-0CA622E7BDD1}] => (Allow) D:\Steam\steamapps\common\WTLOnline\WTL.exe => Nenhum Arquivo
FirewallRules: [{39D3A758-7D99-4CB7-A23F-89A6DE2FCD82}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0AA0E6C9-530B-4650-940C-3AFDB590F0A3}] => (Allow) D:\Steam\steamapps\common\Osiris\OsirisNewDawn.exe => Nenhum Arquivo
FirewallRules: [{3C48E10E-4917-4807-B55A-C682B71FE727}] => (Allow) D:\Steam\steamapps\common\Osiris\OsirisNewDawn.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{450BC247-D1CB-4FAB-854D-DED5DAC21256}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{6653F49A-353B-4ABD-867D-CAF1402AF069}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{2B1D50E2-67D1-4648-A2E5-3E94615460B9}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZLauncher.exe => Nenhum Arquivo
FirewallRules: [{ED7C0185-BDF2-43CA-B5CB-1A872D1FD7EB}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZLauncher.exe => Nenhum Arquivo
FirewallRules: [{061E5032-9A3D-42C3-849E-4D4C5437289A}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe => Nenhum Arquivo
FirewallRules: [{FC55821D-E132-4AED-BD74-410018008F02}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe => Nenhum Arquivo
FirewallRules: [{7EB7CBAB-6B46-425B-B348-D3C14876DA31}] => (Allow) D:\Steam\steamapps\common\Police Simulator Patrol Officers\Boston.exe => Nenhum Arquivo
FirewallRules: [{F06FDFD1-9621-455D-AAC3-277BD59024F9}] => (Allow) D:\Steam\steamapps\common\Police Simulator Patrol Officers\Boston.exe => Nenhum Arquivo
FirewallRules: [{8A7F59C4-F568-4EA8-9C25-0EA3CBBA59D0}] => (Allow) D:\Steam\steamapps\common\New World\NewWorldLauncher.exe => Nenhum Arquivo
FirewallRules: [{82BEB054-ED29-483C-B5FA-6287F6FD6A4F}] => (Allow) D:\Steam\steamapps\common\New World\NewWorldLauncher.exe => Nenhum Arquivo
FirewallRules: [{11F51615-1BC8-4FAB-A714-CC4EABD55995}] => (Allow) D:\Ubisoft Game Launcher\games\Tom Clancy's The Division 2\TheDivision2.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [TCP Query User{9EEF2E42-63AC-44DB-98DD-6E12EA3D626E}D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{880014AA-D8F5-4CAC-BB75-11976F812C8E}D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) D:\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{9188E2AD-3AD4-4F43-B291-8061F9AA1882}] => (Allow) E:\ARK\Server1\ShooterGame\Binaries\Win64\ShooterGameServer.exe => Nenhum Arquivo
FirewallRules: [{8055DF07-264A-40F4-9775-48BB612A90CB}] => (Allow) E:\ARK\Server1\ShooterGame\Binaries\Win64\ShooterGameServer.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{CEC71AC7-CC28-47C3-B869-89608EDA367B}E:\ark\steamcmd\steamcmd\steamcmd.exe] => (Allow) E:\ark\steamcmd\steamcmd\steamcmd.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{AF7EB49E-7574-45E6-9947-CA6937FAB394}E:\ark\steamcmd\steamcmd\steamcmd.exe] => (Allow) E:\ark\steamcmd\steamcmd\steamcmd.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{06C87E3A-27A0-4B6A-8351-F970B78F6DAE}D:\xboxgames\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Allow) D:\xboxgames\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{4FE39548-798F-4368-B1A4-4BEC678516D0}D:\xboxgames\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Allow) D:\xboxgames\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe => Nenhum Arquivo
FirewallRules: [{43459A38-8F5C-4E63-BA04-283E87B72BCE}] => (Allow) D:\Ubisoft Game Launcher\games\Tom Clancy’s Rainbow Six Extraction\R6-Extraction_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{A8468AC5-CEF1-4A92-B908-029BA1F47D8E}] => (Allow) D:\Ubisoft Game Launcher\games\Tom Clancy’s Rainbow Six Extraction\R6-Extraction_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{4ED7BD87-1A05-4A9D-B30F-D301DDD6E8DD}] => (Allow) D:\Ubisoft Game Launcher\games\Tom Clancy’s Rainbow Six Extraction\R6-Extraction.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{183A3FF6-153F-4440-AF30-2D8E9BCF5D3B}] => (Allow) D:\Ubisoft Game Launcher\games\Tom Clancy’s Rainbow Six Extraction\R6-Extraction.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft)
FirewallRules: [{96DB1398-26F3-48DF-B960-5258ADD2C2AB}] => (Allow) D:\Steam\steamapps\common\Call of Duty Modern Warfare Remastered\h1_sp64_ship.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{05A4C6EB-B1DD-48B4-A1E3-7301BE74B464}] => (Allow) D:\Steam\steamapps\common\Call of Duty Modern Warfare Remastered\h1_sp64_ship.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{F34922BB-4D1F-4779-8AA4-875ADA124B04}] => (Allow) D:\Steam\steamapps\common\Call of Duty - Infinite Warfare\iw7_ship.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{8FD2160E-D119-477F-8E6A-5D0AF7218714}] => (Allow) D:\Steam\steamapps\common\Call of Duty - Infinite Warfare\iw7_ship.exe (Activision Publishing Inc -> Activision)
FirewallRules: [{C40A2C2D-0915-44C1-A62B-B22F0D6A52C8}] => (Allow) D:\Ubisoft Game Launcher\games\Ghost Recon Breakpoint\GRB_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [{2AD274B4-1213-4F23-A1A4-26CA22948E41}] => (Allow) D:\Ubisoft Game Launcher\games\Ghost Recon Breakpoint\GRB_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations)
FirewallRules: [TCP Query User{FDD65118-8B40-4DA6-853E-9CA72D6E85A5}D:\xboxgames\microsoft flight simulator\content\flightsimulator.exe] => (Allow) D:\xboxgames\microsoft flight simulator\content\flightsimulator.exe (Acesso Negado)  [Arquivo não assinado]
FirewallRules: [UDP Query User{86969AE7-271D-49F7-93E0-3135821652D9}D:\xboxgames\microsoft flight simulator\content\flightsimulator.exe] => (Allow) D:\xboxgames\microsoft flight simulator\content\flightsimulator.exe (Acesso Negado)  [Arquivo não assinado]
FirewallRules: [{9A1865AF-40E9-4DDF-9736-91DF5E6AAB88}] => (Allow) C:\Program Files\Topaz OFD\Warsaw\core.exe (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD)
FirewallRules: [{A9D6582D-C097-4175-8CB5-C0C4A2F07D45}] => (Allow) D:\Steam\steamapps\common\VRising\VRising.exe (Stunlock Studios AB -> )
FirewallRules: [{5E1B9138-DACB-4EDF-ADD3-9C6006B16E6F}] => (Allow) D:\Steam\steamapps\common\VRising\VRising.exe (Stunlock Studios AB -> )
FirewallRules: [TCP Query User{ADE199E8-A2CD-491A-86A6-3B20B0F7136D}D:\Steam\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) D:\Steam\steamapps\common\vrising\vrising_server\vrisingserver.exe (Stunlock Studios AB -> )
FirewallRules: [UDP Query User{073E30C5-99F8-47FE-BAB1-0C5DBF2A401D}D:\Steam\steamapps\common\vrising\vrising_server\vrisingserver.exe] => (Allow) D:\Steam\steamapps\common\vrising\vrising_server\vrisingserver.exe (Stunlock Studios AB -> )
FirewallRules: [{20F5EF03-621C-4C5B-8F4E-B90F83362229}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{3853AC88-8932-46E7-9279-1EBCD10C2D73}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{06E7ECF9-3A73-434C-9806-918069F3F762}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{115B688D-505E-4695-A064-7E0038A57410}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{C4379DAD-010A-47CC-BB0C-10C9CFEAF902}] => (Allow) C:\Users\marce\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{579339AD-E650-44A2-880B-9BF60B6F5167}] => (Allow) C:\Users\marce\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{EFD46ED0-B01F-4B7B-A70E-159DCE179462}C:\program files\intelbras\simnext\sim next\simnext.exe] => (Allow) C:\program files\intelbras\simnext\sim next\simnext.exe (INTELBRAS S.A. INDUSTRIA DE TELECOM ELETRONICA BRASILEIRA -> )
FirewallRules: [UDP Query User{DE96A770-A243-490D-A2C5-C91A81D37688}C:\program files\intelbras\simnext\sim next\simnext.exe] => (Allow) C:\program files\intelbras\simnext\sim next\simnext.exe (INTELBRAS S.A. INDUSTRIA DE TELECOM ELETRONICA BRASILEIRA -> )
FirewallRules: [{3E07CEE2-4E9B-4AF7-8908-95773B3E99BA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9A843A3E-47EB-43F9-9C38-FAB1D954A85A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AEB002F7-B29F-4329-98A6-22FCBFBD957E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{27E28A2B-0091-44BF-9A93-1F32608605EF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5B403E98-7ACC-4EFC-A77C-95EFD7BD7EDB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F3C26551-7357-461D-A946-822CF8071C82}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DC0F19C1-9AA9-4898-B1D9-E538D50D1F89}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{223DDA2C-9894-49AE-A080-6B2B671EFE33}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12124.1.57017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5C579DA2-28C6-4482-9533-8166CB33A422}] => (Allow) D:\Steam\steamapps\common\Dinkum\Dinkum.exe () [Arquivo não assinado]
FirewallRules: [{3381954A-E1FE-4D16-AF4F-FC74FCB391D1}] => (Allow) D:\Steam\steamapps\common\Dinkum\Dinkum.exe () [Arquivo não assinado]
FirewallRules: [{7B5122A7-AFA4-49CB-BD33-C914BEC9CBFE}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4683B9CF-BD11-447F-AFF0-5B573A6BD8A9}] => (Allow) D:\Steam\steamapps\common\Spirit Of The Island\SOTI.exe () [Arquivo não assinado]
FirewallRules: [{BA8A7EF2-A006-436E-9D3A-43C0B7F6F0D5}] => (Allow) D:\Steam\steamapps\common\Spirit Of The Island\SOTI.exe () [Arquivo não assinado]
FirewallRules: [{C5AD61A3-5706-4AE5-8D5C-56524FCEFCF0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\103.0.1264.77\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{482622BC-C86D-4D41-AE51-3EE551C54AC2}] => (Allow) D:\Ubisoft Game Launcher\games\Assassin's Creed Valhalla\ACValhalla_Plus.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{065B5F7C-97FD-4312-8657-7C7CDB97CDA1}] => (Allow) D:\Steam\steamapps\common\Deadside\Deadside.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{10D42685-8B1F-46E6-B727-38ED1F69AEF7}] => (Allow) D:\Steam\steamapps\common\Deadside\Deadside.exe (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{84BE2D4B-1BCD-44CF-877E-4C3C4B1AEEF3}] => (Allow) D:\Steam\steamapps\common\Deadside\Deadside\Binaries\Win64\Deadside-Win64-Shipping.exe (Epic Games, Inc.) [Arquivo não assinado]
FirewallRules: [{C34EE0A9-116F-45DC-B661-4328773BEEB9}] => (Allow) D:\Steam\steamapps\common\Deadside\Deadside\Binaries\Win64\Deadside-Win64-Shipping.exe (Epic Games, Inc.) [Arquivo não assinado]
FirewallRules: [{20671E0C-F847-4160-93B0-DF1C591DEBE3}] => (Allow) D:\Steam\steamapps\common\Deadside\EasyAntiCheat\EasyAntiCheat_x64.dll (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{209C7B5C-0E34-4140-ADA0-C6E7D361390A}] => (Allow) D:\Steam\steamapps\common\Deadside\EasyAntiCheat\EasyAntiCheat_x64.dll (EasyAntiCheat Oy -> Epic Games, Inc)
FirewallRules: [{8B014E78-37EE-43E4-9E1E-56691E4EA780}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A7CE94B8-BE16-4FDC-88A9-9C493F9893C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8DC9904D-FE62-4600-A4CA-6ECBA19CA493}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{69783B9B-C2ED-47DA-AB9F-04105A3A0635}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2CE8FBA9-CD17-4FBF-B749-0F46334154F9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F88F9A55-3EF4-49CE-B3CA-E8BB870AD7E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{90B07A21-A277-4C27-9842-EE83B301E9F7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D34DE5B8-9A76-445F-83EA-E765CC5D58C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.191.824.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B33A38ED-C14F-4231-BA48-142696B6ECC0}] => (Allow) D:\Steam\steamapps\common\This Land Is My Land\This Land Is My Land.exe () [Arquivo não assinado]
FirewallRules: [{01D2301F-37EA-453F-AA55-BC8C0F765488}] => (Allow) D:\Steam\steamapps\common\This Land Is My Land\This Land Is My Land.exe () [Arquivo não assinado]

==================== Pontos de Restauração =========================

21-07-2022 12:14:06 Ponto de Verificação Agendado
31-07-2022 20:10:17 Ponto de Verificação Agendado
07-08-2022 17:51:29 Revo Uninstaller's restore point - Malwarebytes version 4.4.11.149

==================== Dispositivos Apresentando Falhas No Gerenciador ============

Name: Controlador de barramento SM
Description: Controlador de barramento SM
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (08/07/2022 05:51:49 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: A Central de Segurança não validou o chamador com o erro %1.

Error: (08/07/2022 05:51:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback.  hr =  0x80070005, Acesso negado.
.
Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante.

Operação:
   Obtendo Dados do Gravador

Contexto:
   Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220}
   Nome do Gravador: System Writer
   ID de Instância de Gravador: {6e53c2f9-77fb-4d8a-b280-44e4f31aa285}

Error: (08/07/2022 05:45:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: mbamtray.exe, versão: 4.0.0.1170, carimbo de data/hora: 0x618d79a6
Nome do módulo com falha: Qt5Core.dll, versão: 5.14.1.0, carimbo de data/hora: 0x603971ce
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000000000219dc5
ID do processo com falha: 0x1170
Hora de início do aplicativo com falha: 0x01d8aa9e5eaf6b54
Caminho do aplicativo com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID do Relatório: 5f7d3c8e-0780-4b46-aa6e-cc9574f82e4a
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (08/07/2022 11:32:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: mbamtray.exe, versão: 4.0.0.1170, carimbo de data/hora: 0x618d79a6
Nome do módulo com falha: Qt5Core.dll, versão: 5.14.1.0, carimbo de data/hora: 0x603971ce
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000000000219dc5
ID do processo com falha: 0x2910
Hora de início do aplicativo com falha: 0x01d8aa6a671b95c0
Caminho do aplicativo com falha: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Caminho do módulo com falha: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
ID do Relatório: 0f19c535-5aaf-4099-83c5-d8c6754694e1
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Error: (08/06/2022 07:54:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: O programa Microsoft.Notes.exe versão 4.5.5.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção.

ID do Processo: 24c0

Hora de Início: 01d8a982958d1823

Hora de Término: 4294967295

Caminho do Aplicativo: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.5.5.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe

ID do Relatório: 772df27b-01a0-4322-b930-dca7297d3d77

Nome completo do pacote com falha: Microsoft.MicrosoftStickyNotes_4.5.5.0_x64__8wekyb3d8bbwe

ID do aplicativo relativo ao pacote com falha: App

Tipo com falha: Quiesce

Error: (08/04/2022 07:18:47 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em Backup Two (E:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (08/04/2022 07:17:42 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em Backup one (D:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (07/30/2022 08:20:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: svchost.exe, versão: 10.0.19041.1806, carimbo de data/hora: 0x7dcad237
Nome do módulo com falha: ntdll.dll, versão: 10.0.19041.1806, carimbo de data/hora: 0x1000a5b9
Código de exceção: 0xc0000409
Deslocamento da falha: 0x00000000000a4e38
ID do processo com falha: 0x4910
Hora de início do aplicativo com falha: 0x01d8a4063f493448
Caminho do aplicativo com falha: C:\Windows\System32\svchost.exe
Caminho do módulo com falha: C:\Windows\SYSTEM32\ntdll.dll
ID do Relatório: abf6b48a-c08b-490e-8f35-54a27b5d8dd4
Nome completo do pacote com falha: 
ID do aplicativo relativo ao pacote com falha:

Erros de Sistema:
=============
Error: (08/07/2022 06:02:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço SIM Next Local Recording Service foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 120000 milissegundos: Reiniciar o serviço.

Error: (08/07/2022 06:02:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço NVIDIA LocalSystem Container foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 6000 milissegundos: Reiniciar o serviço.

Error: (08/07/2022 06:02:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Serviço Clique para Executar do Microsoft Office foi encerrado inesperadamente.  Isso aconteceu 3 vez(es).

Error: (08/07/2022 06:02:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço NVIDIA Display Container LS foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 6000 milissegundos: Reiniciar o serviço.

Error: (08/07/2022 06:02:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço LGHUB Updater Service foi finalizado inesperadamente. Isto aconteceu 3 vez(es). A seguinte ação corretiva será tomada em 5000 milissegundos: Reiniciar o serviço.

Error: (08/07/2022 06:02:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço HP Print Scan Doctor Service foi encerrado inesperadamente.  Isso aconteceu 3 vez(es).

Error: (08/07/2022 05:58:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço NVIDIA LocalSystem Container foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 6000 milissegundos: Reiniciar o serviço.

Error: (08/07/2022 05:58:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Windows Defender:
================
Date: 2022-08-01 06:51:39
Description: 
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {ADC4F439-063E-46E6-BDA8-198533E495F5}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2022-07-27 07:59:02
Description: 
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {FA1AF4D4-8F66-4781-8062-EDC1041B36FE}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2022-07-17 09:08:47
Description: 
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {CC045817-9B1D-4DBC-8BA6-E40A9F567373}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2022-07-15 10:22:03
Description: 
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {A446DB0D-A311-4079-BCCD-4B83A0C5498E}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

CodeIntegrity:
===============
Date: 2022-08-07 17:51:55
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\Edge\Application\msedge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Topaz OFD\Warsaw\wslbdhm64.dll that did not meet the Microsoft signing level requirements.

Date: 2022-08-07 08:39:03
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Informações da Memória =========================== 

BIOS: American Megatrends Inc. FF 06/20/2014
placa-mãe: Gigabyte Technology Co., Ltd. H81M-S1
Processador: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentagem de memória em uso: 31%
RAM física total: 16271.85 MB
RAM física disponível: 11093.98 MB
Virtual Total: 18703.85 MB
Virtual disponível: 13090.5 MB

==================== Drives ================================

Drive (SSD) (Fixed) (Total:223.57 GB) (Free:89.18 GB) (Model: KINGSTON SA400S37240G) NTFS ==>[drive com componentes de inicialização (obtido através de BCD)]
Drive d: (Backup one) (Fixed) (Total:929.83 GB) (Free:435.31 GB) (Model: ST1000DM003-1ER162) NTFS
Drive e: (Backup Two) (Fixed) (Total:931.51 GB) (Free:468.64 GB) (Model: ST1000DM010-2EP102) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A88CA256)
Partition 1: (Not Active) - (Size=929.8 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 1313D7F4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: E92F8DD4)
Partition 1: (Active) - (Size=223.6 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt =======================

[Lusitano]

@GallesOlá, por gentileza anexe os logs para me facilitar a análise.

 

1. Digite na barra de endereço chrome://extensions e pressione Enter.
Clique em Eliminar na extensão que você não conheça e que você deseja remover completamente.
Irá surgir uma caixa de diálogo com a confirmação, clique em Eliminar

 

2. Pressione as teclas win + R e digite appwiz.cpl

Desinstale os programas, caso eles existam:

• SpyHunter5

3. Execução FRST:

• Clique direito do mouse no icone do FRST e selecione executar como administrador
• Selecione TODO o conteúdo da caixa abaixo e pressione ao mesmo tempo as teclas Ctrl + C, para que tudo seja copiado. Não é necessário colar a informação. A ferramenta FRST fará isso automaticamente.

Citação

Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1602253523-1079814496-1200024627-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (Nenhum Arquivo)
HKU\S-1-5-18\...\Run: [Synapse3] => C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (Nenhum Arquivo)
Task: {C9444312-B8E4-4949-B176-8770537CA9DF} - System32\Tasks\CorelUpdateHelperTask-DF8CB56F80FDA803EEC12FAD85F1AEE7 => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (Nenhum Arquivo)
Task: {EEA5536C-4342-44F2-A408-4AF534E2C350} - System32\Tasks\CorelUpdateHelperTask-F2251323A7EB7D50F4B6576B0063142D => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe -resume (Nenhum Arquivo)
CHR Notifications: Default -> hxxps://theshafou.com
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [17456368 2022-08-07] (EnigmaSoft Limited -> EnigmaSoft Limited)
2022-08-07 12:13 - 2022-08-07 12:13 - 000001058 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2022-08-07 12:13 - 2022-08-07 12:13 - 000000000 ____D C:\sh5ldr
2022-08-07 12:13 - 2022-08-07 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2022-08-07 12:13 - 2022-08-07 12:13 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2022-08-07 12:13 - 2022-08-07 12:13 - 000000000 ____D C:\Program Files\EnigmaSoft
2022-08-07 12:11 - 2022-08-07 12:11 - 006705440 _____ (EnigmaSoft Limited) C:\Users\marce\Downloads\SpyHunter-5.12-122-18929-Installer.exe
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Nenhum Arquivo
FirewallRules: [{1C0487D5-B7B8-4487-8B99-94D6D50CA1F2}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Nenhum Arquivo
FirewallRules: [{46F52E89-4A55-4793-BDF6-CE87248D54F2}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{B075EED4-4018-46EA-A7F2-D816053F5629}D:\Steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\Steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{6775A410-E122-4EAE-B434-F76FF522BE3C}D:\Steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe] => (Allow) D:\Steam\steamapps\common\astroneer\astro\binaries\win64\astro-win64-shipping.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{133A132D-EDA0-45CF-8C16-ACF70D202042}D:\epic games\alienisolation\ai.exe] => (Allow) D:\epic games\alienisolation\ai.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{952B3034-FD49-4284-A4BA-C4C85AE0D07A}D:\epic games\alienisolation\ai.exe] => (Allow) D:\epic games\alienisolation\ai.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{AD0FF9FD-2F0B-4030-9418-7BC0BB21093E}D:\Steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\Steam\steamapps\common\7 days to die\7daystodie.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{996001DF-F3B5-4F05-AB62-2C14B3D2C63C}D:\Steam\steamapps\common\7 days to die\7daystodie.exe] => (Allow) D:\Steam\steamapps\common\7 days to die\7daystodie.exe => Nenhum Arquivo
FirewallRules: [{92A01DA9-62AF-4F09-BFF4-56FBD2B436FE}] => (Allow) D:\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => Nenhum Arquivo
FirewallRules: [{DE7BF1DA-3FD8-4F44-ACAF-0DE0A817FF59}] => (Allow) D:\Steam\steamapps\common\CryoFall\Binaries\Client\CryoFall_Client.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{9D319B2D-2226-43CC-9B00-A80A466E833C}D:\epic games\alienisolation\ai.exe] => (Allow) D:\epic games\alienisolation\ai.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{EE03B7D7-5B2B-409D-9DAF-9179FCE23A96}D:\epic games\alienisolation\ai.exe] => (Allow) D:\epic games\alienisolation\ai.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{4782ADFB-61B6-4FAF-98CC-4018453CA0E1}D:\Steam\steamapps\common\gears5\geargame\binaries\Steam\gears5.exe] => (Allow) D:\Steam\steamapps\common\gears5\geargame\binaries\Steam\gears5.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{5FCB2E1F-5A03-4159-943F-471B7AEA86A1}D:\Steam\steamapps\common\gears5\geargame\binaries\Steam\gears5.exe] => (Allow) D:\Steam\steamapps\common\gears5\geargame\binaries\Steam\gears5.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{8A05BAFC-7A94-47FA-998E-DCE11CDB0EF0}D:\Steam\steamapps\common\conqueror's blade frontier\game\x64\ship\client\cc\ccmini.exe] => (Allow) D:\Steam\steamapps\common\conqueror's blade frontier\game\x64\ship\client\cc\ccmini.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{8377CAD6-01A9-413B-A2F4-C0F0B8EC25A6}D:\Steam\steamapps\common\conqueror's blade frontier\game\x64\ship\client\cc\ccmini.exe] => (Allow) D:\Steam\steamapps\common\conqueror's blade frontier\game\x64\ship\client\cc\ccmini.exe => Nenhum Arquivo
FirewallRules: [{E745E387-5F9B-4C91-BCAF-306779B570FF}] => (Allow) D:\Steam\steamapps\common\Conqueror's Blade Frontier\game\x64\Ship\client\proven_ground_client.exe => Nenhum Arquivo
FirewallRules: [{75A5B346-3D3B-48FF-A237-94AE0989693D}] => (Allow) D:\Steam\steamapps\common\Conqueror's Blade Frontier\game\x64\Ship\client\proven_ground_client.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{08974B1D-6B40-48BD-B8E6-7C671214754E}D:\Steam\steamapps\common\new world closed beta\bin64\newworld.exe] => (Allow) D:\Steam\steamapps\common\new world closed beta\bin64\newworld.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{36F48550-DCD1-4531-94DD-935A6A5FE517}D:\Steam\steamapps\common\new world closed beta\bin64\newworld.exe] => (Allow) D:\Steam\steamapps\common\new world closed beta\bin64\newworld.exe => Nenhum Arquivo
FirewallRules: [{D2199192-BF37-4D49-8176-C1AC03813E93}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => Nenhum Arquivo
FirewallRules: [{CC694FD4-364E-4443-8A8A-FD2739F21359}] => (Allow) D:\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe => Nenhum Arquivo
FirewallRules: [{B4BD6404-6EE1-4E63-BB72-1C53F2EC86E6}] => (Allow) C:\Users\marce\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{59D84B6D-45F1-4D89-801D-D6F081EA92B3}] => (Allow) C:\Users\marce\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{DC623F75-E421-4B5A-8BE1-8059A9377FB3}D:\Steam\steamapps\common\new world playtest\bin64\newworld.exe] => (Allow) D:\Steam\steamapps\common\new world playtest\bin64\newworld.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{8B4730A9-62E3-4526-A6D0-BE7D8C452AD7}D:\Steam\steamapps\common\new world playtest\bin64\newworld.exe] => (Allow) D:\Steam\steamapps\common\new world playtest\bin64\newworld.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{DD30BAF3-FEBD-4F51-AE74-54A500118A66}D:\epic games\thehuntercallofthewild\thehuntercotw_f.exe] => (Allow) D:\epic games\thehuntercallofthewild\thehuntercotw_f.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{027D45C5-DDAD-4C24-A9F4-D20A74AC3379}D:\epic games\thehuntercallofthewild\thehuntercotw_f.exe] => (Allow) D:\epic games\thehuntercallofthewild\thehuntercotw_f.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{08BBD437-F337-42CE-8340-ED9750828E01}D:\epic games\neverwinter\neverwinter\live\x64\gameclient.exe] => (Allow) D:\epic games\neverwinter\neverwinter\live\x64\gameclient.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{7903820A-3F9F-4A48-824A-DDCFE91EDEA0}D:\epic games\neverwinter\neverwinter\live\x64\gameclient.exe] => (Allow) D:\epic games\neverwinter\neverwinter\live\x64\gameclient.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{94E178FB-99E4-4982-B0DF-79E4048D0D82}D:\epic games\secondextinction\secondextinctioneos.exe] => (Allow) D:\epic games\secondextinction\secondextinctioneos.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{D720D4D2-5C56-439E-846A-7F5337FE51EB}D:\epic games\secondextinction\secondextinctioneos.exe] => (Allow) D:\epic games\secondextinction\secondextinctioneos.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{1F27CD9E-F583-4163-9CEE-BFF0C8297E94}D:\epic games\pathfinderkingmaker\kingmaker.exe] => (Allow) D:\epic games\pathfinderkingmaker\kingmaker.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{6112338B-4338-4891-A3F7-FBEC16303450}D:\epic games\pathfinderkingmaker\kingmaker.exe] => (Allow) D:\epic games\pathfinderkingmaker\kingmaker.exe => Nenhum Arquivo
FirewallRules: [{7DC33A41-CCCE-4B01-A4CB-E5AE838B98D7}] => (Allow) D:\Steam\steamapps\common\WTLOnline\WTL.exe => Nenhum Arquivo
FirewallRules: [{3B1BC366-FC48-49B6-8DE1-0CA622E7BDD1}] => (Allow) D:\Steam\steamapps\common\WTLOnline\WTL.exe => Nenhum Arquivo
FirewallRules: [{0AA0E6C9-530B-4650-940C-3AFDB590F0A3}] => (Allow) D:\Steam\steamapps\common\Osiris\OsirisNewDawn.exe => Nenhum Arquivo
FirewallRules: [{3C48E10E-4917-4807-B55A-C682B71FE727}] => (Allow) D:\Steam\steamapps\common\Osiris\OsirisNewDawn.exe => Nenhum Arquivo
FirewallRules: [{2B1D50E2-67D1-4648-A2E5-3E94615460B9}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZLauncher.exe => Nenhum Arquivo
FirewallRules: [{ED7C0185-BDF2-43CA-B5CB-1A872D1FD7EB}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZLauncher.exe => Nenhum Arquivo
FirewallRules: [{061E5032-9A3D-42C3-849E-4D4C5437289A}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe => Nenhum Arquivo
FirewallRules: [{FC55821D-E132-4AED-BD74-410018008F02}] => (Allow) D:\Steam\steamapps\common\DayZ\DayZ_BE.exe => Nenhum Arquivo
FirewallRules: [{7EB7CBAB-6B46-425B-B348-D3C14876DA31}] => (Allow) D:\Steam\steamapps\common\Police Simulator Patrol Officers\Boston.exe => Nenhum Arquivo
FirewallRules: [{F06FDFD1-9621-455D-AAC3-277BD59024F9}] => (Allow) D:\Steam\steamapps\common\Police Simulator Patrol Officers\Boston.exe => Nenhum Arquivo
FirewallRules: [{8A7F59C4-F568-4EA8-9C25-0EA3CBBA59D0}] => (Allow) D:\Steam\steamapps\common\New World\NewWorldLauncher.exe => Nenhum Arquivo
FirewallRules: [{82BEB054-ED29-483C-B5FA-6287F6FD6A4F}] => (Allow) D:\Steam\steamapps\common\New World\NewWorldLauncher.exe => Nenhum Arquivo
FirewallRules: [{9188E2AD-3AD4-4F43-B291-8061F9AA1882}] => (Allow) E:\ARK\Server1\ShooterGame\Binaries\Win64\ShooterGameServer.exe => Nenhum Arquivo
FirewallRules: [{8055DF07-264A-40F4-9775-48BB612A90CB}] => (Allow) E:\ARK\Server1\ShooterGame\Binaries\Win64\ShooterGameServer.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{CEC71AC7-CC28-47C3-B869-89608EDA367B}E:\ark\steamcmd\steamcmd\steamcmd.exe] => (Allow) E:\ark\steamcmd\steamcmd\steamcmd.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{AF7EB49E-7574-45E6-9947-CA6937FAB394}E:\ark\steamcmd\steamcmd\steamcmd.exe] => (Allow) E:\ark\steamcmd\steamcmd\steamcmd.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{06C87E3A-27A0-4B6A-8351-F970B78F6DAE}D:\xboxgames\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Allow) D:\xboxgames\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{4FE39548-798F-4368-B1A4-4BEC678516D0}D:\xboxgames\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe] => (Allow) D:\xboxgames\halo- the master chief collection\content\mcc\binaries\win64\mccwinstore-win64-shipping.exe => Nenhum Arquivo
CMD: sfc /scannow
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository
CMD: Winmgmt /resetrepository
CMD: winmgmt /resyncperf
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
C:\WINDOWS\SysWOW64\*.tmp
C:\WINDOWS\System32\*.tmp
C:\Windows\SystemTemp\*.tmp
EmptyEventlogs:
EmptyTemp:
End::

• Clique em Corrigir.
• Quando a ferramenta terminar, irá gerar um arquivo com o nome Fixlog.txt. Anexe na sua próxima resposta e por gentileza me informe se tem notado mais esse sintoma relatado anteriormente.
• Nota: Um dos comandos acima, irá remover cookies e com isso pode resultar em dificuldades em aceder a algumas páginas web (nomeadamente bancos) e poderá ser necessário reaplicar o código verificação da própria instituição. Os procedimentos acima poderão ser demorados. Por gentileza seja paciente e aguarde. Serão removidos os arquivos temporários.

 

 

 

 

[Galles]

11 horas atrás, Lusitano disse:

@GallesOlá, por gentileza anexe os logs para me facilitar a análise.

 

1. Digite na barra de endereço chrome://extensions e pressione Enter.
Clique em Eliminar na extensão que você não conheça e que você deseja remover completamente.
Irá surgir uma caixa de diálogo com a confirmação, clique em Eliminar

 

2. Pressione as teclas win + R e digite appwiz.cpl

Desinstale os programas, caso eles existam:

• SpyHunter5

3. Execução FRST:

• Clique direito do mouse no icone do FRST e selecione executar como administrador
• Selecione TODO o conteúdo da caixa abaixo e pressione ao mesmo tempo as teclas Ctrl + C, para que tudo seja copiado. Não é necessário colar a informação. A ferramenta FRST fará isso automaticamente.

• Clique em Corrigir.
• Quando a ferramenta terminar, irá gerar um arquivo com o nome Fixlog.txt. Anexe na sua próxima resposta e por gentileza me informe se tem notado mais esse sintoma relatado anteriormente.
• Nota: Um dos comandos acima, irá remover cookies e com isso pode resultar em dificuldades em aceder a algumas páginas web (nomeadamente bancos) e poderá ser necessário reaplicar o código verificação da própria instituição. Os procedimentos acima poderão ser demorados. Por gentileza seja paciente e aguarde. Serão removidos os arquivos temporários.

 

 

 

 

Ola, após ter seguidos todos os passos informados, o FRST não gerou nenhum  Fixlog.txt ao clicar em corrigir o programa exibe a seguinte mensagem:  "Nenhuma fixlist.txt foi encontrada".

Os unicos arquivos gerados foram anexados nessa resposta.

Obs. O problema persiste, ainda recebo notificações do notfreeads.com dizendo que estou infectado e fica oferecendo supostos antivirus para compra.

FRST.txt Addition.txt

[Lusitano]

1 hora atrás, Galles disse:

FRST não gerou nenhum  Fixlog.txt

Um dos passos não foi seguido corretamente. Não tem problema, vamos fazer doutra forma:

 

• Faça o download do arquivo Fixlist.txt e salve-o no seu desktop (C:\Users\marce\Desktop);
• Clique direito do mouse no ícone do FRST que está no seu desktop e escolha executar como administrador;
• Na janela que abrir da ferramenta FRST, clique em Corrigir;
• Por gentileza seja paciente e aguarde que a ferramenta seja executada;
• Quando a ferramenta terminar, irá gerar um arquivo com o nome Fixlog.txt. Anexe na sua próxima resposta e por gentileza me informe se tem notado mais esse sintoma relatado anteriormente.

 

Fixlist.txt

[Galles]

@Lusitano  Bom dia, apos ter realisado o que me foi instruido verifiquei que o problema persiste

Fixlog.txt

[Lusitano]

@Galles

1 hora atrás, Galles disse:

verifiquei que o problema persiste

sim, tranquilo quanto a isso. Estamos fazendo por etapas para deixar tudo "direitinho"

Citação

A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito.

Optámos por primeiramente limpar e deixar o SO de forma mais correta para devidamente dar continuidade ao processo.

 

Baixe esta ferramenta e salve-a no seu desktop.

Pressione simultaneamente a tecla windows + R

Arraste para esta janela o arquivo KVRT.exe que está no seu desktop

Adicione -dontencrypt   Certifique-se que fica um espaço entre KVRT.exe e -dontencrypt 
Deverá ficar nessa caixa: C:\Users\marce\Desktop\KVRT.exe -dontencrypt

Selecione "start" e "OK" para a ferramenta ser iniciada aceitando o acordo legal

Na próxima janela, selecione: "Change Parameters" e na nova janela, certifique-se que todas as seguintes opções estão selecionadas:

Clique em "OK" para a ferramenta iniciar a análise.

Quando a análise estiver concluída e no caso de serem encontrados malwares, selecione a opção "Cure" se ela estiver disponível. Caso contrário, escolha "Delete" e clique em "Continue". (conforme exemplificado na próxima imagem)

 

Quanto a ferramenta terminar, ou se nada tiver sido encontrado, selecione "Close" e anexe o resultado que estará em C:\KVRT2020_Data\Reports. Esse arquivo deverá ser por exemplo: report_20220809_150422.klr e para conseguir ler e poder me passar o resultado, deverá fazer clique direito do mouse nesse arquivo (.klr) -> abrir com -> Notepad (bloco de notas) e salvar esse arquivo com o nome que desejar (em formato .txt) e será este o arquivo a anexar na sua próxima resposta.

 

 

[Galles]

@Lusitano  Seguido os passos, KVRT gerou dois arquivos .txt que estão anexados a esta resposta. que ate o momento ja fazendo mais de 30 min. de obeservação não apresentando qualquer sinal do problema antes relatado.

KVRT log 1.txt KVRT log 2.txt

[Lusitano]

@Galles Mais algum problema que ainda note no seu pc?

 

[Galles]

@Lusitano Até o momento não, gostaria de parabenizar pelo excelente trabalho e agradecer.

[Lusitano]

@Galles

 

Vamos finalizar, removendo algumas das coisas que utilizámos durante o processo e as quais você não irá necessitar no uso regular do PC e garantir que esse pc fica com um ponto de restauração que pode ser muito útil caso venha a ter algum problema.

 

• Faça o download de KpRm e salve no seu desktop.
• Clique direito em kprm_(versão).exe e selecione executar como Administrador.
• Leia e aceite o Aviso Legal.
• Quando a ferramenta abrir, assegure-se que todas as caixas por baixo de "Actions" estão marcadas.
• Debaixo de "Quarantines", escolha "Delete Now" e clique em "Run".
• Quando completar, clique em OK
• Um documento será aberto no seu Bloco de Notas (arquivo: kprm-(data).txt). Verifique se foi criado um novo ponto de restauro e pode eliminar também esta ferramenta.

 

Mantenha seus programas atualizados, faça uma utilização responsável do seu computador e faça backups regulares salvando-os em diferentes locais. Caso venha a necessitar no futuro, cá estaremos para tentar ajudar.

 

Abraço

 

[Lusitano]

Problema resolvido!

 

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.