Cooler disparando após minutos de inatividade

tiagodelazari · 12 de março de 2023

Olá à todos.

Desde muito tempo meu note acaba disparando o cooler depois de alguns minutos sem atividade. Cansei de tentar resolver e achei um paliativo ao instalar um programa para simular movimento do mouse de tempos em tempos (Move Mouse).

No task manager não identifico nenhum novo programa quando isso acontece, apenas o "system" que aumenta o consumo de CPU.

Resolveu, mas gostaria de ver se há algo a fazer para resolver em definitivo, por favor.

Addition.txt AdwCleaner[C01].txt FRST.txt

Elias Pereira · 19 de março de 2023

@tiagodelazari

Por favor, atente para o seguinte:

Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento to44ent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Respeite a ordem das instruções passadas;
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Regras da Área de Remoção de Malware << IMPORTANTE A LEITURA

Regras Gerais do Forum Clube do Hardware << IMPORTANTE A LEITURA

Siga os passos abaixo:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

ETAPA 1

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em

Clique em VERIFICAR AGORA/SCAN NOW. Após o termino clique em LIMPAR/CLEAN e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

ETAPA 2

Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.majorgeeks.com/files/details/zhpcleaner.html

Execute o arquivo ZHPCleaner.exe Como Administrador

Clique no botão Scanner.
A ferramenta começara o exame do seu sistema.
Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
Em seguida clique no botão Reparar.
Será gerado um log chamado ZHPCleaner.txt

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

tiagodelazari · 19 de março de 2023

@Elias Pereira obrigado pelo retorno, o ZHP gerou dois logs. seguem os 3 logs abaixo e anexo

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-19-2023
# Duration: 00:00:00
# OS: Windows 10 (Build 19045.2604)
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1422 octets] - [24/12/2021 01:36:17]
AdwCleaner[S01].txt - [1481 octets] - [12/03/2023 07:13:38]
AdwCleaner[C01].txt - [1671 octets] - [12/03/2023 07:13:57]
AdwCleaner[S02].txt - [1603 octets] - [19/03/2023 21:20:11]
AdwCleaner[S03].txt - [1664 octets] - [19/03/2023 21:21:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ##########

~ ZHPCleaner v2023.3.14.13 by Nicolas Coolman (2023/03/14)
~ Run by new (Administrator) (19/03/2023 21:23:29)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Scan
~ Report : C:\Users\new\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\new\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point :
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit (Build 19045)

---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (0)
~ No malicious or unnecessary items found.

---\\ Hosts file (1)
~ The hosts file is legitimate (22)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (2)
FOUND file: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference

---\\ Registry ( Key, Value, Data) (1)
FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX [Adobe Systems Incorporated] =>Riskware.FlashPlayer

---\\ Summary of the elements found (2)
https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference
https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/ =>Riskware.FlashPlayer

---\\ Result of repair
~ Any repair made
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK

---\\ Statistics
~ Items scanned : 101248
~ Items found : 3
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of search in 00h07mn17s

---\\ Reports (3)
ZHPCleaner-[R]-24122021-01_47_18.txt
ZHPCleaner-[S]-24122021-01_46_03.txt
ZHPCleaner-[S]-19032023-21_30_46.txt

~ ZHPCleaner v2023.3.14.13 by Nicolas Coolman (2023/03/14)
~ Run by new (Administrator) (19/03/2023 21:31:43)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Type : Repair
~ Report : C:\Users\new\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\new\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit (Build 19045)

---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (0)
~ No malicious or unnecessary items found.

---\\ Hosts file (1)
~ The hosts file is legitimate (22)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (2)
MOVED file: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium
MOVED file: C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium

---\\ Registry ( Key, Value, Data) (1)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX [Adobe Systems Incorporated] =>Riskware.FlashPlayer

---\\ Summary of the elements found (2)
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium
https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/ =>Riskware.FlashPlayer

---\\ Other deletions. (2)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (2)

---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Mozilla Firefox OK
~ Internet Explorer OK

---\\ Statistics
~ Items scanned : 1401
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of clean in 00h00mn11s

---\\ Reports (2)
ZHPCleaner-[S]-19032023-21_30_46.txt
ZHPCleaner-[R]-19032023-21_31_54.txt

AdwCleaner[C03].txt ZHPCleaner (R).txt ZHPCleaner (S).txt

Elias Pereira · 20 de março de 2023

@tiagodelazari

Rode novamente o FRST .

Abra os logs (FRST.txt e Additions.txt) em separado, copie e cole em seu próximo post.

tiagodelazari · 21 de março de 2023

@Elias Pereira

Segue abaixo e anexo:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-03-2023
Ran by new (administrator) on VAIO-TIAGO (VAIO VJF155F11X-B0311B) (21-03-2023 10:43:01)
Running from C:\Users\new\Desktop
Loaded Profiles: new
Platform: Microsoft Windows 10 Home Single Language Version 22H2 19045.2604 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(explorer.exe ->) (ellabi) C:\Program Files\WindowsApps\1258EllAbi.MoveMouse_4.16.2.0_x64__hjfwaxvfbwh7t\Source\Move Mouse.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) D:\DU Meter\DUMeterSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) D:\AnyDesk\AnyDesk.exe <2>
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) D:\DU Meter\DUMeter.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_none_7e14edbc7c88b7d5\TiWorker.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3326348feda52885\RtkAudUService64.exe [1232240 2021-02-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\itunes\iTunesHelper.exe [366944 2022-12-08] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [EpicPen] => C:\Program Files (x86)\Epic Pen\EpicPen.exe [543120 2023-03-02] (Tank Studios (Tank Studios Limited) -> Tank Studios Limited)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\Run: [DU Meter] => D:\DU Meter\DUMeter.exe [9798824 2018-02-11] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Uninstall 23.043.0226.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\23.043.0226.0001" (No File)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\111.0.5563.65\Installer\chrmstp.exe [2023-03-10] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2021-03-23]
ShortcutTarget: AnyDesk.lnk -> D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01F6E445-4536-4F25-AFE2-6413F0953C48} - System32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC)
Task: {12B9D87A-FC82-4338-8EE1-564393BCE3B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716704 2023-03-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {3F67D174-3127-4E35-8267-C73D69D5E15C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {510F66DA-01C8-4741-81FE-7A48558CBD64} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {6B614712-421A-47AA-9A41-A24434C7A784} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {7FDFA37F-7A63-4818-A8AB-AC4C1750544A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {A7101C17-F1CE-4D4C-9282-FF8E202CF366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {B87CF236-4E63-411D-9F52-5FBDFB51AC8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {C7DD9CDD-CCD4-4564-AA82-9714227A4AAE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD921B18-63BA-48CE-94D9-1C5024308F14} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE6DCEE4-09C3-498C-892A-1F66F36DD355} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {D5BBE5D3-9E2B-440D-A3D7-39E735CADAF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.)
Task: {FFE29333-1F82-4343-8C96-0BA0C8EE4E93} - System32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 213.228.129.69 213.228.129.70
Tcpip\..\Interfaces\{c8384b8e-4dba-4927-be92-e988793dfe81}: [DhcpNameServer] 213.228.129.69 213.228.129.70

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-21]
Edge DownloadDir: Default -> C:\Users\new\Desktop
Edge Extension: (AdBlock — best ad blocker) - C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2023-02-21]

FireFox:
========
FF DefaultProfile: j14ehhyy.default
FF ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\j14ehhyy.default [2023-01-12]
FF ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\u8ugabfx.default-release [2023-03-10]
FF Extension: (Language: Português (BR)) - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\u8ugabfx.default-release\Extensions\[email protected] [2023-03-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> D:\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> D:\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> D:\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default [2023-03-19]
CHR Extension: (Urban VPN Proxy) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppiocemhmnlbhjplcgkofciiegomcon [2023-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-10]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-03-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-10]
CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-03-13]
CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\System Profile [2023-03-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-02-01] (Adobe Inc. -> Adobe Inc.)
R2 AnyDesk; D:\AnyDesk\AnyDesk.exe [3853384 2022-08-17] (philandro Software GmbH -> AnyDesk Software GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103280 2022-09-01] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12512768 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
R2 DUMeterSvc; D:\DU Meter\DUMeterSvc.exe [5836968 2018-02-11] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
S4 FolderSize; D:\folder size\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed]
S4 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-10-09] (HP Inc. -> HP Inc.)
S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2022-05-02] () [File not signed]
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe" [X]
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 DUMeterDrv; D:\DU Meter\DUMETR64.SYS [31312 2018-02-11] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.)
S3 MpKsl2f9a9643; C:\Windows\system32\MpEngineStore\MpKslDrv.sys [134376 2022-01-14] (Microsoft Windows -> Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2022-07-05] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [41008 2021-02-04] (McAfee, LLC. -> The OpenVPN Project)
S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project)
S3 usbscan; C:\Windows\system32\DRIVERS\usbscan.sys [49152 2020-11-19] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2022-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [438520 2022-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-11] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [29592 2022-04-29] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-12] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-21 10:43 - 2023-03-21 10:43 - 000015844 _____ C:\Users\new\Desktop\FRST.txt
2023-03-21 10:41 - 2023-03-21 10:41 - 002378752 _____ (Farbar) C:\Users\new\Desktop\FRST64.exe
2023-03-16 20:00 - 2023-03-16 20:00 - 000000000 ____D C:\Users\new\AppData\Local\Psiphon3
2023-03-12 07:15 - 2023-03-21 10:43 - 000000000 ____D C:\FRST
2023-03-10 23:34 - 2023-03-10 23:34 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2023-03-10 23:33 - 2023-03-10 23:33 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1}
2023-03-10 23:33 - 2023-03-10 23:33 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468}
2023-03-10 23:33 - 2023-03-10 23:33 - 000002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-03-10 23:24 - 2023-03-10 23:24 - 000000000 ____D C:\KVRT2020_Data
2023-03-10 23:22 - 2023-03-10 23:22 - 000000000 ____D C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-03-10 23:22 - 2023-03-10 23:22 - 000000000 ____D C:\Users\new\AppData\Local\Zoom
2023-03-10 23:19 - 2023-03-10 23:19 - 000000000 ____D C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-03-10 23:19 - 2023-03-10 23:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-03-10 23:16 - 2023-03-10 23:35 - 000000000 ____D C:\SecurityCheck
2023-03-10 22:19 - 2023-03-10 22:19 - 000001389 _____ C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2023-03-10 22:19 - 2023-03-10 22:19 - 000000000 ____D C:\Users\new\AppData\Local\ESET
2023-03-07 18:17 - 2023-03-19 16:17 - 000000124 _____ C:\Users\new\Desktop\netempregos.txt
2023-03-04 16:37 - 2023-03-05 21:05 - 000000000 ____D C:\Users\new\AppData\Roaming\Epic Pen
2023-03-04 16:37 - 2023-03-04 16:38 - 000000000 ____D C:\Program Files (x86)\Epic Pen
2023-03-04 16:37 - 2023-03-04 16:37 - 000000000 ____D C:\Users\new\AppData\Local\BrightData
2023-03-04 16:37 - 2023-03-04 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Pen
2023-03-04 16:37 - 2023-03-04 16:37 - 000000000 ____D C:\ProgramData\BrightData
2023-03-02 18:14 - 2023-03-02 18:14 - 000002367 _____ C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2023-03-02 18:13 - 2023-03-02 18:15 - 000000000 ____D C:\Users\new\AppData\Local\SquirrelTemp
2023-03-01 21:15 - 2023-03-01 21:15 - 000000000 ___HD C:\$WinREAgent
2023-02-23 20:44 - 2023-02-23 20:44 - 000166900 _____ C:\Users\new\Desktop\CV Tiago Delazari - EN.pdf
2023-02-23 20:43 - 2023-02-23 20:43 - 000167431 _____ C:\Users\new\Desktop\CV Tiago Delazari - PT.pdf
2023-02-20 19:11 - 2023-03-18 11:19 - 000000091 _____ C:\Users\new\Desktop\datas.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2023-03-21 10:42 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness
2023-03-21 10:41 - 2021-03-23 10:55 - 000000000 ____D C:\Program Files (x86)\Google
2023-03-21 10:39 - 2021-12-12 17:27 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1842628812-1090097327-1321332273-1002
2023-03-21 10:39 - 2021-05-04 11:12 - 000003366 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1842628812-1090097327-1321332273-1002
2023-03-21 10:39 - 2021-05-04 11:12 - 000002386 _____ C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-21 10:39 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-03-19 21:58 - 2021-03-22 19:35 - 000841010 _____ C:\Windows\system32\PerfStringBackup.INI
2023-03-19 21:58 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF
2023-03-19 21:54 - 2021-03-22 19:28 - 000008192 ___SH C:\DumpStack.log.tmp
2023-03-19 21:54 - 2020-11-18 23:29 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-03-19 21:54 - 2019-12-07 09:03 - 000786432 _____ C:\Windows\system32\config\BBI
2023-03-19 21:31 - 2021-12-24 01:38 - 000000000 ____D C:\Users\new\AppData\Roaming\ZHP
2023-03-19 18:28 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-03-19 15:26 - 2020-11-18 23:31 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-18 12:59 - 2023-01-12 14:08 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-03-18 12:59 - 2023-01-12 14:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-03-18 12:59 - 2021-04-05 00:14 - 000000000 ____D C:\Program Files\WinRAR
2023-03-16 18:49 - 2021-04-27 13:28 - 000000000 ____D C:\Program Files\Microsoft Office
2023-03-12 09:26 - 2020-11-18 23:28 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-03-12 07:11 - 2022-03-27 16:11 - 000000000 ____D C:\ProgramData\Package Cache
2023-03-11 00:22 - 2021-06-09 01:39 - 000007624 _____ C:\Users\new\AppData\Local\Resmon.ResmonCfg
2023-03-11 00:16 - 2019-12-07 09:03 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-03-10 23:34 - 2023-01-12 14:08 - 000001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-03-10 23:34 - 2023-01-12 14:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-03-10 23:34 - 2021-09-13 16:35 - 000000000 ____D C:\Users\new\AppData\LocalLow\Mozilla
2023-03-10 23:33 - 2021-04-27 19:17 - 000000000 ____D C:\Users\new\AppData\Local\Google
2023-03-10 23:31 - 2023-02-10 13:09 - 000000000 ____D C:\Users\new\AppData\Local\Lacuna Software
2023-03-10 23:31 - 2022-05-03 20:28 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2023-03-10 23:26 - 2021-03-23 16:42 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2023-03-10 23:25 - 2022-10-17 20:38 - 000002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-03-10 23:22 - 2021-04-30 12:56 - 000000000 ____D C:\Users\new\AppData\Roaming\Zoom
2023-03-10 23:21 - 2021-04-27 20:32 - 000000000 ____D C:\Users\new\AppData\Roaming\vlc
2023-03-08 00:00 - 2021-04-27 19:17 - 000000000 ____D C:\Users\new\AppData\Local\PlaceholderTileLogoFolder
2023-03-08 00:00 - 2021-04-27 19:17 - 000000000 ____D C:\Users\new\AppData\Local\Packages
2023-03-08 00:00 - 2020-11-18 23:32 - 000000000 ____D C:\ProgramData\Packages
2023-03-06 20:25 - 2020-11-18 23:31 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-03-06 20:25 - 2020-11-18 23:31 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-03-05 16:03 - 2021-04-27 20:02 - 000000000 ____D C:\Users\new\AppData\Roaming\obs-studio
2023-03-04 16:44 - 2021-04-28 15:53 - 000000000 ____D C:\Users\new\AppData\Local\D3DSCache
2023-03-02 11:13 - 2020-11-18 23:28 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SystemResources
2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\setup
2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ServiceState
2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\bcastdvr
2023-03-01 21:21 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp
2023-03-01 21:20 - 2020-11-18 23:31 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-03-01 18:48 - 2021-03-22 23:25 - 000000000 ____D C:\Windows\system32\MRT
2023-03-01 18:46 - 2021-03-22 23:25 - 149955784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-02-28 21:40 - 2020-11-18 23:32 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-02-19 18:48 - 2023-02-15 19:08 - 000000052 _____ C:\Users\new\Desktop\linkedin link.txt

==================== Files in the root of some directories ========

2021-06-09 01:39 - 2023-03-11 00:22 - 000007624 _____ () C:\Users\new\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-03-2023
Ran by new (21-03-2023 10:43:45)
Running from C:\Users\new\Desktop
Microsoft Windows 10 Home Single Language Version 22H2 19045.2604 (X64) (2021-03-22 19:30:50)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1842628812-1090097327-1321332273-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1842628812-1090097327-1321332273-503 - Limited - Disabled)
Guest (S-1-5-21-1842628812-1090097327-1321332273-501 - Limited - Disabled)
humbe (S-1-5-21-1842628812-1090097327-1321332273-1003 - Limited - Disabled)
new (S-1-5-21-1842628812-1090097327-1321332273-1002 - Administrator - Enabled) => C:\Users\new
tiago (S-1-5-21-1842628812-1090097327-1321332273-1004 - Administrator - Disabled)
WDAGUtilityAccount (S-1-5-21-1842628812-1090097327-1321332273-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 23.001.20064 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601042}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.0.14 - philandro Software GmbH)
Aplicativo Itaú (HKLM-x32\...\{215CACF7-0910-4B53-83BE-B54A2C9BD0B7}) (Version: 1.0.179 - Banco Itaú)
Aplicativo Itaú (HKLM-x32\...\{4B6778AC-BABE-44D4-BDF3-1BA382F7D580}) (Version: 1.0.162 - Banco Itaú)
Apple Mobile Device Support (HKLM\...\{065D0CC8-C382-48AF-8A88-0DD3366EB26C}) (Version: 16.0.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Coldmind Aplicativo para windows (HKLM-x32\...\{695AFF57-2B8F-4764-BDA6-73A57BAA6F32}) (Version: 2.001 - Coldmind)
DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 7.30 - Hagel Technologies Ltd.)
Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: v3.11.50.0 - Tank Studios ltd)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 111.0.5563.65 - Google LLC)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6518 - Intel Corporation)
iTunes (HKLM\...\{D309D5F1-21A1-4DB3-BDFF-A60E40ABC1F6}) (Version: 12.12.7.1 - Apple Inc.)
Microsoft 365 - en-gb (HKLM\...\O365HomePremRetail - en-gb) (Version: 16.0.16130.20306 - Microsoft Corporation)
Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.16130.20306 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.44 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 111.0.1661.44 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\OneDriveSetup.exe) (Version: 23.048.0305.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\Teams) (Version: 1.6.00.1381 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 110.0.1 (x64 en-US)) (Version: 110.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 108.0.2 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
plugin Autenticação.Gov (HKLM-x32\...\{53B4E1E3-E963-4B23-9AE8-D7F5D5871CBE}) (Version: 2.0.63 - Agência para a Modernização Administrativa)
TurboTop 2.8 (HKLM-x32\...\TurboTop_is1) (Version: 2.8.0.21 - Savard Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN)
WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom vídeo Communications, Inc.)

Packages:
=========
AV1 vídeo Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2023-03-03] (Microsoft Corporation)
Move Mouse -> C:\Program Files\WindowsApps\1258EllAbi.MoveMouse_4.16.2.0_x64__hjfwaxvfbwh7t [2023-03-08] (ellabi) [Startup Task]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.23.242.0_x64__dt26b99r8h8gj [2021-04-27] (Realtek Semiconductor Corp)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-22] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-27] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-27] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1842628812-1090097327-1321332273-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\new\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22349.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1842628812-1090097327-1321332273-1002_Classes\CLSID\{272D2E65-05FB-4500-BD7B-5905D5B0A1B8}\localserver32 -> C:\Users\new\AppData\Roaming\Nelogica\Profit\profitchart.exe => No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\shellext.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\shellext.dll -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\shellext.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_23508498288091ea\igfxDTCM.dll [2019-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2021-04-27 19:44 - 2018-02-11 18:16 - 000578216 _____ (Hagel Technologies Ltd. -> SQLite Development Team) [File not signed] D:\DU Meter\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:chnpbmzkyg [370]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [2834]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [370]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [2834]
AlternateDataStreams: C:\ProgramData\Application Data:chnpbmzkyg [370]
AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [2834]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 09:14 - 2021-03-23 16:49 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\Control Panel\Desktop\\Wallpaper -> D:\OneDrive\Viagens\2021-11 - Austria\20211128_112234968_iOS.jpg
DNS Servers: 213.228.129.69 - 213.228.129.70
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows Security Health\State => (AppAndBrowser_StoreAppsSmartScreenOff: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: cplspcon => 2
MSCONFIG\Services: edgeupdate => 2
MSCONFIG\Services: edgeupdatem => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FolderSize => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPPrintScanDoctorService => 2
MSCONFIG\Services: ibtsiva => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: lfsvc => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MapsBroker => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: NordUpdaterService => 2
MSCONFIG\Services: nordvpn-service => 2
MSCONFIG\Services: Pml Driver HPZ12 => 2
MSCONFIG\Services: RtkAudioUniversalService => 2
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: SetupARService => 2
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: WpcMonSvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "EpicPen"
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\StartupApproved\StartupFolder: => "Valid Agent Server - Cliente.lnk"
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_16B04F625458F19E7BAFDD89867ECCBC"
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\StartupApproved\Run: => "NordVPN"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D5B220B8-B787-4F57-A348-122432CCCBDE}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{C9FD64B3-8E96-44AF-9900-6090D8676B4F}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{7F175414-8172-4882-8DA9-72C59E905C9B}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{5B6AD09D-3F33-4F31-A566-9704FBE01F37}D:\tryd\jre\bin\javaw.exe] => (Allow) D:\tryd\jre\bin\javaw.exe
FirewallRules: [UDP Query User{DCEA9890-A2A3-4BD7-AE2E-BE028E54B5F5}D:\tryd\jre\bin\javaw.exe] => (Allow) D:\tryd\jre\bin\javaw.exe
FirewallRules: [TCP Query User{2A14A24E-C029-49EE-A5FB-2F33B138DE92}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2FA23ABA-D31E-4243-8879-890A97F36419}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File
FirewallRules: [{26A76D04-999E-4F7B-827E-A2FD536C2D4B}] => (Allow) C:\Users\new\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom vídeo Communications, Inc. -> Zoom vídeo Communications, Inc.)
FirewallRules: [{CF2C59E7-9453-4391-9D71-FFFE2789879B}] => (Allow) C:\Users\new\AppData\Roaming\Zoom\bin\airhost.exe (Zoom vídeo Communications, Inc. -> Zoom vídeo Communications, Inc.)
FirewallRules: [{21E54F97-DF44-48B2-87B6-FCD7AEB2A3D1}] => (Allow) C:\Users\new\AppData\Roaming\Zoom\bin\airhost.exe (Zoom vídeo Communications, Inc. -> Zoom vídeo Communications, Inc.)
FirewallRules: [TCP Query User{D4D68022-A4DF-46C1-91D5-D06F8B51CAF0}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DC3F6576-167E-4A9C-8556-20C7CDEFD8F7}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File
FirewallRules: [{7CB32806-A2EF-4D71-A28B-444C2557E301}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F2C844AB-B469-4C1C-8256-842306D42DDC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4C1961E6-DE63-4BCC-932B-D48C8DEB44E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ADC2D47E-F7F0-40CF-947F-F8552FC2C08A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{BDBAAC99-65E4-4706-9409-B90FE598DB48}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [UDP Query User{7D89EA86-9274-4AB6-B922-84CF0B569BBD}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [TCP Query User{6CAF497F-E00D-4012-841B-D885DF5387C2}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [UDP Query User{CB7AAAEA-79FE-441F-9177-7CC0C137A14C}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [TCP Query User{E05E512B-5894-46D9-BCFF-13C3A624D402}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F296CCC1-A120-49CC-90EA-642295EF3737}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C512A18E-A5F3-42F7-88FF-BF11747B5C1D}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [UDP Query User{25D45B14-4E62-46AF-9269-8E1230B5309C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [TCP Query User{8031F840-5C09-4FCE-AFCF-8052B79BF03C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [UDP Query User{5885233D-76D7-44B7-805D-B1D8D656FF30}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [{AFD3AAF7-DFC3-4F4A-8A91-655F8CEF5F08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{72D27552-E169-41F4-B4AA-EA5DB56081D2}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{C82283E1-F033-4F2D-8E63-BAF5DFDBBBD0}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{ABDF6C39-F96A-4F49-AE7F-B620D06D93DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{12373063-44B1-4EE9-B42E-C53AF66D4BF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3B6EF6EA-D5CF-4940-90EB-66F57F498623}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CD8E1674-B3A4-4C8D-9E0D-67D30EC778B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{98996901-111B-448B-8E80-10999744DB78}] => (Allow) D:\itunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B969E85-D2E8-4E44-B636-EBD1246C2BE1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D4982ED5-49CE-45D9-B56C-1E39A4B9B333}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BF1637E5-3144-4844-B739-9FBFE966E9FA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{75D3BB61-54F5-4909-A3FE-805A66EACF2A}] => (Allow) C:\Users\new\AppData\Local\Temp\utorrent\utorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{204CB1E2-F054-44CE-A577-293BA13D3AF4}] => (Allow) C:\Users\new\AppData\Local\Temp\utorrent\utorrent.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{8AC32740-DE7C-44D0-A410-17D301896DD6}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0D32948B-3DEC-4AA1-B91B-F5AECAB804A5}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{3DBEC96B-7F0A-4173-8961-9D8E9931400A}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{B9819D22-D4B1-4360-8F58-B9751D6A2E0B}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{3CD4B02A-85C6-4EBE-8BC4-E6A9FE093218}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{65362C77-3BD8-4C0E-BFDC-D8D59D4EDA14}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{52BEDD8C-B2B2-4B4B-80E5-A424F6367D18}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)

==================== Restore Points =========================

16-03-2023 19:39:14 MS
19-03-2023 21:31:29 ZHPcleaner

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/16/2023 10:32:08 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0

Error: (03/16/2023 10:32:07 AM) (Source: AnyDesk) (EventID: 0) (User: )
Description: Event-ID 0

System errors:
=============
Error: (03/19/2023 09:54:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/19/2023 09:21:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DU Meter Service service terminated unexpectedly. It has done this 1 time(s).

Error: (03/19/2023 09:21:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Serviço Clique para Executar do Microsoft Office service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (03/19/2023 09:21:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/19/2023 09:21:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Serviço do Bonjour service terminated unexpectedly. It has done this 1 time(s).

Error: (03/18/2023 10:09:37 PM) (Source: Netwtw04) (EventID: 5010) (User: )
Description: Intel(R) Dual Band Wireless-AC 3165 : The network adapter has returned an invalid value to the driver.
5010 - Driver DBG_ASSERT - instead of BSOD

Error: (03/18/2023 01:03:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
The system cannot find the file specified.

Error: (03/18/2023 12:59:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinDefend service failed to start due to the following error:
The system cannot find the file specified.

Windows Defender:
================
Date: 2022-03-08 17:43:42
Description:
The window cannot act on the sent message.

Date: 2022-03-07 19:56:17
Description:
The window cannot act on the sent message.

Date: 2022-02-22 18:37:34
Description:
The window cannot act on the sent message.

Date: 2022-02-15 15:53:43
Description:
The window cannot act on the sent message.

Date: 2022-02-07 19:27:43
Description:
The window cannot act on the sent message.
Event[0]:

Date: 2022-02-02 08:38:57
Description:
The specified driver is invalid.

CodeIntegrity:
===============
Date: 2023-03-21 10:42:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: Positivo Informatica SA 1.07.09X 06/13/2018
Motherboard: Positivo Informatica SA N250JU
Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 43%
Total physical RAM: 8081.73 MB
Available physical RAM: 4583.19 MB
Total Virtual: 9361.73 MB
Available Virtual: 6140.78 MB

==================== Drives ================================

Drive (SSD 120Gb) (Fixed) (Total:111.18 GB) (Free:61.19 GB) (Model: KINGSTON SA400M8120G) NTFS
Drive d: (SATA 1Tb) (Fixed) (Total:930.88 GB) (Free:746.74 GB) (Model: WDC WD10SPZX-00Z10T0) NTFS

\\?\Volume{a538e4a4-2cb0-414f-be1d-3f4932b4f711}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS
\\?\Volume{719602c9-de27-4ce1-9e4f-e938067adffa}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
\\?\Volume{226041bf-672f-4d6e-b1e4-02eb14e33fc4}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32
\\?\Volume{d39a4b69-93bf-404f-b14e-29e153748236}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3B76CB12)

Partition: GPT.

==========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 41BBEF3E)

Partition: GPT.

==================== End of Addition.txt =======================

Addition.txt FRST.txt

Elias Pereira · 26 de março de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Uninstall 23.043.0226.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\23.043.0226.0001" (No File)
Task: {01F6E445-4536-4F25-AFE2-6413F0953C48} - System32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC)
Task: {12B9D87A-FC82-4338-8EE1-564393BCE3B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716704 2023-03-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {3F67D174-3127-4E35-8267-C73D69D5E15C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {510F66DA-01C8-4741-81FE-7A48558CBD64} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {6B614712-421A-47AA-9A41-A24434C7A784} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {7FDFA37F-7A63-4818-A8AB-AC4C1750544A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {A7101C17-F1CE-4D4C-9282-FF8E202CF366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {B87CF236-4E63-411D-9F52-5FBDFB51AC8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {C7DD9CDD-CCD4-4564-AA82-9714227A4AAE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD921B18-63BA-48CE-94D9-1C5024308F14} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE6DCEE4-09C3-498C-892A-1F66F36DD355} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {D5BBE5D3-9E2B-440D-A3D7-39E735CADAF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.)
Task: {FFE29333-1F82-4343-8C96-0BA0C8EE4E93} - System32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC)
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe" [X]
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe" [X]
FirewallRules: [{D5B220B8-B787-4F57-A348-122432CCCBDE}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{C9FD64B3-8E96-44AF-9900-6090D8676B4F}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{7F175414-8172-4882-8DA9-72C59E905C9B}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{2A14A24E-C029-49EE-A5FB-2F33B138DE92}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2FA23ABA-D31E-4243-8879-890A97F36419}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D4D68022-A4DF-46C1-91D5-D06F8B51CAF0}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DC3F6576-167E-4A9C-8556-20C7CDEFD8F7}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{BDBAAC99-65E4-4706-9409-B90FE598DB48}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [UDP Query User{7D89EA86-9274-4AB6-B922-84CF0B569BBD}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [TCP Query User{6CAF497F-E00D-4012-841B-D885DF5387C2}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [UDP Query User{CB7AAAEA-79FE-441F-9177-7CC0C137A14C}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [TCP Query User{E05E512B-5894-46D9-BCFF-13C3A624D402}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F296CCC1-A120-49CC-90EA-642295EF3737}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C512A18E-A5F3-42F7-88FF-BF11747B5C1D}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [UDP Query User{25D45B14-4E62-46AF-9269-8E1230B5309C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [TCP Query User{8031F840-5C09-4FCE-AFCF-8052B79BF03C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [UDP Query User{5885233D-76D7-44B7-805D-B1D8D656FF30}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

Clique no botão

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

tiagodelazari · 26 de março de 2023

@Elias Pereira, feito:

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-03-2023
Ran by new (26-03-2023 22:11:09) Run:1
Running from C:\Users\new\Desktop
Loaded Profiles: new
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File)
HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Uninstall 23.043.0226.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\23.043.0226.0001" (No File)
Task: {01F6E445-4536-4F25-AFE2-6413F0953C48} - System32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC)
Task: {12B9D87A-FC82-4338-8EE1-564393BCE3B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716704 2023-03-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {3F67D174-3127-4E35-8267-C73D69D5E15C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {510F66DA-01C8-4741-81FE-7A48558CBD64} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {6B614712-421A-47AA-9A41-A24434C7A784} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File)
Task: {7FDFA37F-7A63-4818-A8AB-AC4C1750544A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File)
Task: {A7101C17-F1CE-4D4C-9282-FF8E202CF366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File)
Task: {B87CF236-4E63-411D-9F52-5FBDFB51AC8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File)
Task: {B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {C7DD9CDD-CCD4-4564-AA82-9714227A4AAE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {CD921B18-63BA-48CE-94D9-1C5024308F14} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE6DCEE4-09C3-498C-892A-1F66F36DD355} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {D5BBE5D3-9E2B-440D-A3D7-39E735CADAF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.)
Task: {FFE29333-1F82-4343-8C96-0BA0C8EE4E93} - System32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC)
S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe" [X]
S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe" [X]
FirewallRules: [{D5B220B8-B787-4F57-A348-122432CCCBDE}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [{C9FD64B3-8E96-44AF-9900-6090D8676B4F}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{7F175414-8172-4882-8DA9-72C59E905C9B}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{2A14A24E-C029-49EE-A5FB-2F33B138DE92}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{2FA23ABA-D31E-4243-8879-890A97F36419}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D4D68022-A4DF-46C1-91D5-D06F8B51CAF0}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{DC3F6576-167E-4A9C-8556-20C7CDEFD8F7}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{BDBAAC99-65E4-4706-9409-B90FE598DB48}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [UDP Query User{7D89EA86-9274-4AB6-B922-84CF0B569BBD}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [TCP Query User{6CAF497F-E00D-4012-841B-D885DF5387C2}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [UDP Query User{CB7AAAEA-79FE-441F-9177-7CC0C137A14C}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File
FirewallRules: [TCP Query User{E05E512B-5894-46D9-BCFF-13C3A624D402}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{F296CCC1-A120-49CC-90EA-642295EF3737}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{C512A18E-A5F3-42F7-88FF-BF11747B5C1D}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [UDP Query User{25D45B14-4E62-46AF-9269-8E1230B5309C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [TCP Query User{8031F840-5C09-4FCE-AFCF-8052B79BF03C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
FirewallRules: [UDP Query User{5885233D-76D7-44B7-805D-B1D8D656FF30}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => not found
"HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found
"HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 23.043.0226.0001" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01F6E445-4536-4F25-AFE2-6413F0953C48}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F6E445-4536-4F25-AFE2-6413F0953C48}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12B9D87A-FC82-4338-8EE1-564393BCE3B6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12B9D87A-FC82-4338-8EE1-564393BCE3B6}" => removed successfully
C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F67D174-3127-4E35-8267-C73D69D5E15C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F67D174-3127-4E35-8267-C73D69D5E15C}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{510F66DA-01C8-4741-81FE-7A48558CBD64}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510F66DA-01C8-4741-81FE-7A48558CBD64}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B614712-421A-47AA-9A41-A24434C7A784}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B614712-421A-47AA-9A41-A24434C7A784}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Verification" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FDFA37F-7A63-4818-A8AB-AC4C1750544A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FDFA37F-7A63-4818-A8AB-AC4C1750544A}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7101C17-F1CE-4D4C-9282-FF8E202CF366}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7101C17-F1CE-4D4C-9282-FF8E202CF366}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B87CF236-4E63-411D-9F52-5FBDFB51AC8A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B87CF236-4E63-411D-9F52-5FBDFB51AC8A}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F}" => removed successfully
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7DD9CDD-CCD4-4564-AA82-9714227A4AAE}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7DD9CDD-CCD4-4564-AA82-9714227A4AAE}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD921B18-63BA-48CE-94D9-1C5024308F14}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD921B18-63BA-48CE-94D9-1C5024308F14}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office Performance Monitor => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Performance Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE6DCEE4-09C3-498C-892A-1F66F36DD355}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE6DCEE4-09C3-498C-892A-1F66F36DD355}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5BBE5D3-9E2B-440D-A3D7-39E735CADAF2}" => not found
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFE29333-1F82-4343-8C96-0BA0C8EE4E93}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFE29333-1F82-4343-8C96-0BA0C8EE4E93}" => removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1}" => removed successfully
HKLM\System\CurrentControlSet\Services\WdNisSvc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\WinDefend => could not remove, key could be protected
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5B220B8-B787-4F57-A348-122432CCCBDE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9FD64B3-8E96-44AF-9900-6090D8676B4F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F175414-8172-4882-8DA9-72C59E905C9B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A14A24E-C029-49EE-A5FB-2F33B138DE92}D:\tryd6\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2FA23ABA-D31E-4243-8879-890A97F36419}D:\tryd6\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4D68022-A4DF-46C1-91D5-D06F8B51CAF0}D:\tryd_novo\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DC3F6576-167E-4A9C-8556-20C7CDEFD8F7}D:\tryd_novo\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BDBAAC99-65E4-4706-9409-B90FE598DB48}D:\pppoker\database\pppoker.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7D89EA86-9274-4AB6-B922-84CF0B569BBD}D:\pppoker\database\pppoker.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6CAF497F-E00D-4012-841B-D885DF5387C2}D:\pppoker\database\pppoker.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CB7AAAEA-79FE-441F-9177-7CC0C137A14C}D:\pppoker\database\pppoker.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E05E512B-5894-46D9-BCFF-13C3A624D402}D:\tryd_btg\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F296CCC1-A120-49CC-90EA-642295EF3737}D:\tryd_btg\jre\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C512A18E-A5F3-42F7-88FF-BF11747B5C1D}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{25D45B14-4E62-46AF-9269-8E1230B5309C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8031F840-5C09-4FCE-AFCF-8052B79BF03C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5885233D-76D7-44B7-805D-B1D8D656FF30}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe" => removed successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully

========= End of RemoveProxy: =========

Restore point was successfully created.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 299835708 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 43242127 B
Edge => 0 B
Chrome => 361037015 B
Firefox => 88022548 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 867112 B
new => 388159697 B

RecycleBin => 25115777 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-03-2023 22:15:16)

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\WdNisSvc => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\WinDefend => could not remove, key could be protected

==== End of Fixlog 22:15:16 ====

Elias Pereira · 1 de abril de 2023

@tiagodelazari

Em relação a malwares, tudo ok. Nada referente a isso em relação ao teu problema inicial.

Como está o notebook?

tiagodelazari · 1 de abril de 2023

@Elias Pereira

Muito obrigado pela atenção.

A situação está como antes, desativei o simulador de mouse e o cooler dispara da mesma forma.

Não sendo problema de malware, você tem alguma ideia do que pode ser? Eu já removi todos os programas possíveis da inicialização e não tem nada que aparente ser a causa

Elias Pereira · 1 de abril de 2023

@tiagodelazari

Baixe o Process Explorer

http://live.sysinternals.com/procexp.exe

Salve no seu Desktop e execute-o (Clique botão direito e selecione a opção Executar como Administrador).

Clique no menu View > Select Columms > marque Verified Signer e pressione <OK>
Clique no menu Options e logo em seguida em Verify Image Signatures
Clique duas vezes na coluna CPU (possivelmente na cor verde) para colocar os processos com maior utilzação de CPU no topo.
Depois que o cooler disparar, aguarde uns 5 minutos e então:

Tire uma printscreen da tela e poste em sua próxima resposta.

tiagodelazari · 1 de abril de 2023

@Elias Pereira

Fiz 3 prints.

O interessante é que quando o processo SYSTEM apareceu na lista, o cooler disparou e permaneceu disparado por vários minutos. No mesmo instante que eu acionei o mouse enquanto o cooler estava disparado, o processo SYSTEM sumiu da listagem.

ANTES: o cooler não estava disparado

DURANTE: depois de alguns instantes que o cooler começou a funcionar à toda velocidade

DEPOIS: após eu acionar o mouse, o cooler para. fiz o print nesse momento

Elias Pereira · 2 de abril de 2023

@tiagodelazari

O processo System Idle indica a percentagem do tempo em que a CPU está inativa.

- Quando a CPU está em full loading, o processo System Idle fica quase 0.

- Quando a CPU não tem nada para fazer, o processo System Idle está perto dos 100%.

Em relação a malwares, não temos mais problemas.

Se não tiver mais problema em relação a malwares, clique em Denunciar Post localizado no topo da pagina e diga que seu topico está RESOLVIDO. Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do CdH.

Elias Pereira · 3 de abril de 2023

Problema resolvido!

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.