Desconfiança com possível infecção

Xacamaster · 10 de julho de 2023

Senhores,

Ultimamente tenho notado os seguintes sintomas no meu PC:

-Relativa lentidão na utilização;

-Internet lenta em algumas ocasiões;

-Tela do prompt pipocando na tela e sumindo rapidamente de vez em quando;

-Ao ligar o PC sempre me vem o seguinte bloco de notas e não sei do que se trata.

Citação

------------------------------------start------------------------------------

Disparando 127.0.0.1 com 32 bytes de dados:
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128

Estat¡sticas do Ping para 127.0.0.1:
Pacotes: Enviados = 4, Recebidos = 4, Perdidos = 0 (0% de
perda),
Aproximar um n£mero redondo de vezes em milissegundos:
M¡nimo = 0ms, M ximo = 0ms, M‚dia = 0ms
"D:\Program Files\Nox\"
-------------------------------------end-------------------------------------

Agradeço aos caros colegas que puderem me ajudar.

Addition.txt AdwCleaner[S2].txt FRST.txt

Elias Pereira · 12 de julho de 2023

Por favor, atente para o seguinte:

Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento to44ent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Respeite a ordem das instruções passadas;
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Regras da Área de Remoção de Malware << IMPORTANTE A LEITURA

Regras Gerais do Forum Clube do Hardware << IMPORTANTE A LEITURA

Siga os passos abaixo:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

ETAPA 1

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em

Clique em VERIFICAR AGORA/SCAN NOW. Após o termino clique em LIMPAR/CLEAN e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

ETAPA 2

Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.majorgeeks.com/files/details/zhpcleaner.html

Execute o arquivo ZHPCleaner.exe Como Administrador

Clique no botão Scanner.
A ferramenta começara o exame do seu sistema.
Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
Em seguida clique no botão Reparar.
Será gerado um log chamado ZHPCleaner.txt

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

Xacamaster · 13 de julho de 2023

Olá, Elias Pereira.

Como requerido segue logs, também em anexo.

# AdwCleaner 7.0.3.1 - Logfile created on Thu Jul 13 19:06:04 2023
# Updated on 2017/29/09 by Malwarebytes
# Database: 09-29-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1345 B] - [2021/11/8 18:12:2]
C:/AdwCleaner/AdwCleaner[C1].txt - [1309 B] - [2022/4/21 12:27:12]
C:/AdwCleaner/AdwCleaner[S0].txt - [1200 B] - [2021/11/8 18:10:54]
C:/AdwCleaner/AdwCleaner[S1].txt - [1137 B] - [2022/4/21 12:26:40]
C:/AdwCleaner/AdwCleaner[S2].txt - [1215 B] - [2023/7/10 17:53:0]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

-------------------------------------------------------------------------------------------------------------------------------------------------

~ ZHPCleaner v2023.7.13.32 by Nicolas Coolman (2023/07/13)
~ Run by Angelo (Administrator) (13/07/2023 17:08:14)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : D:\Área de Trabalho\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Angelo Braz\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 19045)

---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (1)
DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;*.local] =>Hijacker.Proxy

---\\ Hosts file (0)
~ No malicious or unnecessary items found.

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (289)
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\024eb950-bd75-4a72-ae7a-cd20a41519f7.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\0ccc7390-1e5f-42c3-b367-73c63b775cb3.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\1194d8eb-cf43-4707-9f02-476686bc5ac5.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\154ed016-8ad2-4407-8953-c917eebdcf83.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\160fbf1b-0924-4fee-aa23-21bc1f9bfa64.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\1b16a52a-57fb-4809-82eb-c399f12e94b2.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\1eb80ae1-3599-4747-a972-b20ceac7f7a2.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\22212a91-458b-4c2e-834b-9a6d30e819d1.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\31a4889b-6a53-4ca2-a346-254c915f192d.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\357573f5-db5e-48d6-91e9-20abd387d1ee.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\40a89361-e348-4d0e-8915-d8cd020f4bc0.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\4e46aca6-d883-4bb3-91b2-9ffef7d629d5.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\5d280eb0-1673-4313-921d-291c9475413b.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\631b6fcc-3fb2-42b6-a03f-e270d751fd50.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\636cafdf-7823-4800-97b2-6800e94c5f27.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\692d0ec3-7432-41de-81ac-1ec48e492e4b.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\6d4711fc-b641-4a22-aecf-eb7a6db4586e.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\7cb424ce-cb98-44b4-bf9b-94191db87d62.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\808b8323-da74-4386-a13c-b004bb095db6.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\82696429-8cbb-46c4-8ae0-41ba81450433.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\881900b9-615a-4bb7-8f1f-056c6e108a6a.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\88a4b54d-ed7b-4a14-b23e-4deb6e4ac3db.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\8e698eab-5255-4212-989d-97a9b08db854.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\8f1586b6-752b-41dc-8d37-c097e91c6c45.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\a17ca52a-07d5-41be-8111-0019fdcbf004.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\a2ef433e-dae8-4ed9-8323-2d05825bbaf9.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\ac293c95-9d5f-4bf0-bb1e-3cc3d0d4d93d.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\ad65cd63-3d57-4e42-b72e-f2bd0676866e.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\b319befe-9273-45b5-9b1e-8333d4949ffe.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\b4bb3575-272a-4959-9895-76c0c89e1d97.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\b7e306ea-91cb-4cd4-8b99-bccde0603e48.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\c01f5efd-ef24-4556-b51c-1cf9b72bcab8.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\c21f51dd-e9a4-485e-b794-9c5ef314f417.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\d5912153-650c-4975-85d7-b674ece38603.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\da5fe1be-1711-4942-8304-bb896ce6b59f.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\e22f7323-d592-455d-8588-f88e8aade361.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\e9c3b750-e1c9-4eac-9dd6-1ce89a9a510b.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wbx7ztempoutput.txt =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct114D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct11CA.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1274.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1400.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct14E6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct15F0.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1645.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct18B1.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct18BF.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1914.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1A75.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1AB3.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1E08.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct24D5.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct24D6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct28A5.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2972.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2982.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2B5C.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2B9D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2DF0.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2F4A.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct313B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3173.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct31AA.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct31FB.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3324.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct339D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3423.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3610.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct36FC.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3A0B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3BD5.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3BD7.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3C53.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3D56.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3FA8.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct418C.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct41DC.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct428.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct473C.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct474B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct492.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4935.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4B1D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4C16.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4CAC.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4E91.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4F1E.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct508C.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5139.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5276.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct533D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct53A6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct547B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct57BA.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct580C.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5AAF.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5AEB.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5DF2.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5E4B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5E4D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5EB5.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5FEE.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct60F3.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct61B6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct61D5.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6344.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct63EE.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6978.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6A0E.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6A49.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6ABC.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6C67.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6D0E.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6D57.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6D6C.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct708F.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7106.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7300.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7301.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct731B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7396.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7397.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct73F7.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7567.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct757E.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct77B2.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct78D8.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct79B0.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7AE4.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7BC1.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7C21.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7E98.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7FDB.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7FF7.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct804A.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct80B2.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8109.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct81CD.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8295.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8297.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct83B4.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct83DB.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8475.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct84C5.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct84D0.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct855A.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct859A.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct85F4.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct872.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct87F7.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8B89.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8B96.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8BE2.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8C1D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8E18.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9195.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9526.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct95A4.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9676.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct96D4.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct97B8.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9893.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9974.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9A91.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9B68.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9BAE.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9BF6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9CF0.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9D49.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA0BE.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA1AE.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA33A.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA41.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA426.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA4AC.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA6F.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA7A6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA95B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctABED.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctAD50.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctADC0.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctAE2F.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB04B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB07B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB0CE.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB210.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB368.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB38F.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB485.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB486.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB4EA.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB57F.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB687.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB6B0.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB8EE.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBCC2.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBDA5.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBE75.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBEB9.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBEBD.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC091.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC0A3.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC155.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC393.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC395.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC4C8.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC4FD.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC877.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC9DC.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCA1C.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCAEF.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCB17.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCCE7.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCFEF.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD029.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD213.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD2D5.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD36.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD58B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD5D8.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD676.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD79B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD84B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD949.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDA7B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDAB6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDB3A.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDB4B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDB78.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDB95.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDC24.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDC4D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDDE.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDE1.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE023.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE035.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE150.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE221.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE2A8.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE41C.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE6F9.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE81A.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE877.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE8CF.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE923.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE960.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEB72.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEBAB.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEBD7.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEBE3.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEC49.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctED6B.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEF30.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF02C.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF056.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF097.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF0BB.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF2AB.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF41.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF5DC.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF6DE.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF7A6.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF9CA.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFA29.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFBC1.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFC4D.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFD18.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFDA8.tmp =>.SUP.Temporary.Office
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{0827A233-217F-45B0-816C-C9B42273B406} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{1F692887-615D-46BC-94D6-BCCD038620D3} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{2DC70F18-8D2B-44D2-A187-8FF26AF279D7} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{35E96602-72AD-4C59-8A83-E77F9B849F95} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{535C4D7C-3A80-4E66-98D7-98BCAF6EEBCF} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{579A5651-38F4-4279-A396-20971BCBD238} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{57CFDB3A-EF55-4581-9C87-36649E47A7C2} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{5EE95DF4-E485-4002-A9D4-F7BDE44E4487} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{6E5231B6-303F-41A9-A2DA-B362D2E50BBC} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{87EE91B0-B099-4D8F-8548-AA0401275EBA} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{A66BCDA3-0CFF-4B7A-A6F9-B31993058545} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{B7934BBB-88AC-41B2-9886-C306A7384DC2} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{D1FD8CFD-5527-4213-A1F5-25531B3185F3} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{EB6417AD-98E2-45E8-BFE5-D9418771AD35} - OProcSessId.dat =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{F6B240FB-C5D1-4C42-BC45-0E4C8C6424C4}.png =>.SUP.Temporary.Picture
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~8627.tmp =>.SUP.Temporary.Empty
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~DF6F4354FF5D0EC2CD.TMP =>.SUP.Temporary.Other
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~DFC5B5412829B61ADD.TMP =>.SUP.Temporary.Other
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~DFCFA2CB0663D1E55E.TMP =>.SUP.Temporary.Other
MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~DFF1AC9DF54B8D8558.TMP =>.SUP.Temporary.Other
MOVED folder: C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome

---\\ Registry ( Key, Value, Data) (45)
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\qBittorrent\qbittorrent.exe.FriendlyAppName [qBittorrent - A Bittorrent Client] =>.SUP.Orphan.MUICache
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\qBittorrent\qbittorrent.exe.ApplicationCompany [The qBittorrent Project] =>.SUP.Orphan.MUICache
DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReader.exe [Foxit PDF Reader 12.1] =>.SUP.Orphan.MUICache
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CNext\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CNext\CNBranding\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CIM\Config\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CIM\Bin64\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CNext\CNext\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\AMD\Chipset_IODrivers\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\cs\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\da\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\de\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\el\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\en-US\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\es\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\fi\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\fr\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\hu\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\it\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\ja\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\ko\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\nl\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\no\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\pl\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\pt-BR\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\ru\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\sv\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\th\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\tr\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\zh_CHS\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\zh_CHT\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\MOM-InstallProxy\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Welcome\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\ATI Technologies\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\ATI Technologies\ATI.ACE\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\images\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\x86\ [No Folder] =>.SUP.Obsolete.NoFolder
DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Kaspersky Lab\KSDE5.13\Bases\Cache\ [No Folder] =>.SUP.Obsolete.NoFolder

---\\ Other deletions. (11)
~ Registry Keys Tracing deleted (11)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Microsoft Edge OK
~ Mozilla Firefox OK
~ Microsoft Internet Explorer OK
~ Thunderbird OK
~ Chromium OK

---\\ Statistics
~ Items scanned : 1716
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 503923982
~ Items options : 16/18

---\\ OPTIONS NOT ACTIVES
~ Start browsers with extensions removed
~ Clearing browser caches and histories

~ End of clean in 00h01mn54s

---\\ Reports (2)
ZHPCleaner-[S]-13072023-16_54_50.txt
ZHPCleaner-[R]-13072023-17_10_08.txt

AdwCleaner.txt ZHPCleaner (R).txt

Elias Pereira · 15 de julho de 2023

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Clique com o direito sobre o arquivo FRST64.EXE, depois clique em http://i.imgur.com/VRIfczU.png .

Aceite o contrato e depois clique no botão Scan/Examinar.Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Xacamaster · 16 de julho de 2023

Elias, como pedido:

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-07-2023
Executado por Angelo (administrador) em DESKTOP-T0H8SRB (15-07-2023 20:35:21)
Executando a partir de D:\Área de Trabalho\FRST64.exe
Perfis Carregados: Angelo
Plataforma: Microsoft Windows 10 Pro Versão 22H2 19045.3208 (X64) Idioma: Português (Brasil)
Navegador padrão: Edge
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Banco Bradesco S.A. -> Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avpui.exe
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksdeui.exe
(C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Angelo Braz\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(explorer.exe ->) (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aetcrss1.exe
(explorer.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe
(explorer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(services.exe ->) () [Arquivo não assinado] C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe
(services.exe ->) () [Arquivo não assinado] C:\Windows\SysWOW64\WIN8_MBIM.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Banco Bradesco SA -> Banco Bradesco S.A.) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP) [Arquivo não assinado] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe <2>
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [CertificateRegistration] => C:\WINDOWS\system32\aetcrss1.exe [25088 2017-05-09] (A.E.T. Europe B.V.) [Arquivo não assinado]
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767712 2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) [Arquivo não assinado]
HKLM-x32\...\Run: [Genshin Impact Beta_Launcher] => [X]
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Nenhum Arquivo)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrição <==== ATENÇÃO
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [Arquivo não assinado]
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40496032 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe [8080480 2023-07-03] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CiscoSpark] => C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1523 2023-06-27] () [Arquivo não assinado]
HKLM\...\Windows x64\Print Processors\HP1006PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1006PP.dll [65024 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpfpp70w: C:\Windows\System32\spool\prtprocs\x64\hpfpp70w.dll [249856 2009-04-20] (Hewlett-Packard Corporation) [Arquivo não assinado]
HKLM\...\Print\Monitors\Advanced TCP/IP Port Monitor: C:\WINDOWS\system32\mvtcpmon.dll [541184 2009-06-25] (Marvell Semiconductor, Inc.) [Arquivo não assinado]
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP1006LM: C:\WINDOWS\system32\HP1006LM.DLL [198144 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\novaPDF 7 Monitor: C:\WINDOWS\system32\novamnk7.dll [29008 2011-02-15] (Softland -> Softland)
HKLM\...\Print\Monitors\PCL hpf3l70w.dll: C:\WINDOWS\system32\hpf3l70w.dll [136704 2009-04-20] (Hewlett-Packard Company) [Arquivo não assinado]
HKLM\...\Print\Monitors\Wondershare PDF Converter Monitor: C:\WINDOWS\system32\WSMonitorX64.dll [98152 2016-04-15] (Wondershare Software Co., Ltd. -> Wondershare Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\Installer\chrmstp.exe [2023-06-28] (Google LLC -> Google LLC)
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {E28E667D-AF63-4A37-B5C6-18E7C360FAB2} - System32\Tasks\AdwCleaner_onReboot => D:\Área de Trabalho\adwcleaner_8.0.6.exe /r (Nenhum Arquivo)
Task: {5CE1A06E-9F59-4F0F-83C4-319A08AF1D73} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (Nenhum Arquivo)
Task: {956E5536-0A5D-42FA-BA4B-CDFFE94CF485} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {7BAC3216-7F61-4128-8067-52911C3E37DC} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "7bde81e5-df76-4cdb-b6c4-cb680b94b0fd" --version "6.13.10517" --silent
Task: {AA6F2483-CAE8-44A2-BAE9-D819EBAE96B2} - System32\Tasks\CCleanerSkipUAC - Angelo => C:\Program Files\CCleaner\CCleaner.exe [34304928 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {3BCB82F7-0CA9-4FCA-A130-711B029C3A66} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [5308592 2023-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {7200E7FC-D66A-4C02-8C2E-7491139B5936} - System32\Tasks\Desligar Automático => C:\WINDOWS\system32\shutdown.exe [28160 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> -s -f
Task: {10E8EF05-223F-4D96-85EF-5E789C193EAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.)
Task: {6A0CC6F3-0E12-4400-AE44-42B46EE9CDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.)
Task: {BD80A129-4879-4750-8D5C-40C62FDFF034} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2022-08-08] () [Arquivo não assinado]
Task: {6265A9AA-8097-4539-9FE6-039764D3FF07} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {345B8195-A8C4-49D3-99DF-F598148E1878} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {0AE8D982-82DE-49CA-AC35-953764121BC1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124296 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {40D3AB04-C119-4C03-9DD4-5FF4BDD5FEE9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124296 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {18F0E1B5-30C5-4FC0-B765-10DCB0FCAE08} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [685984 2023-07-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {924E4F75-2F71-411D-B9E4-3B63B911C67B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-07-05] (Mozilla Corporation -> Mozilla Foundation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{81d19a1e-6325-4e6f-b780-655a8085b934}: [NameServer] 198.51.100.1,198.51.100.2
Tcpip\..\Interfaces\{f91de001-c0b5-48b3-94ee-3ccec5151877}: [NameServer] 1.0.0.1,1.1.1.1
Tcpip\..\Interfaces\{f91de001-c0b5-48b3-94ee-3ccec5151877}: [DhcpNameServer] 192.168.1.254

Edge:
=======
DownloadDir: D:\Área de Trabalho
Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)]
Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)]
Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)]
Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-15]
Edge DownloadDir: Default -> D:\Downloads
Edge Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-06-12]
Edge Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2023-07-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-18]
Edge Extension: (TWP - Translate Web Pages) - C:\Tradutor EDGE [2023-06-02] [UpdateUrl:hxxps://raw.githubusercontent.com/FilipePS/Traduzir-paginas-web/master/dist/chromium/updates.xml] <==== ATENÇÃO
Edge HKU\S-1-5-21-467048075-196725563-1868618205-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:
========
FF DefaultProfile: jupdg3yp.default
FF ProfilePath: C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\jupdg3yp.default [2023-05-21]
FF ProfilePath: C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582 [2023-07-13]
FF Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\[email protected] [2023-06-04]
FF Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\[email protected] [2023-06-21]
FF Extension: (TWP - Translate Web Pages) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2023-06-22]
FF Extension: (Gerar DANFe/DACTe) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\{c3e17213-5cba-412d-8e93-a2a83e6640e1}.xpi [2023-06-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [Nenhum Arquivo]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2023-05-21] <==== ATENÇÃO (Aponta para arquivo *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2023-05-21] <==== ATENÇÃO

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default [2023-07-14]
CHR Extension: (Reduza: Testador de cupons para suas compras) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\adblhjgamdlpmikabkcdleflikihalej [2022-07-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2023-06-11]
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-07-03]
CHR Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-06-12]
CHR Extension: (Gerar DANFe/DACTe) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnalonmlenogoaknbeikifdbaokkhmjj [2022-02-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-18]
CHR Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2023-07-14]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AutoRun_MBIM; C:\WINDOWS\SysWOW64\WIN8_MBIM.exe [163840 2014-03-06] () [Arquivo não assinado]
R2 AVP21.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe [32008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 Change Modem Device Service; C:\WINDOWS\SysWOW64\ChgService.exe [135168 2014-02-20] () [Arquivo não assinado]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11851240 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
R2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe [913408 2021-10-26] () [Arquivo não assinado]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-12-01] (Epic Games Inc. -> Epic Games, Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-20] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2348512 2023-03-29] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7178720 2023-03-29] (GOG sp. z o.o -> GOG.com)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Arquivo não assinado]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-07-13] (HP Inc. -> HP Inc.)
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [127800 2010-04-07] (Hewlett-Packard Company -> HP)
S3 klvssbridge64_21.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\vssbridge64.exe [501008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe [32008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7770888 2017-05-09] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-06-24] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-06-24] (Electronic Arts, Inc. -> Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2703192 2022-12-22] (Rockstar Games, Inc. -> Rockstar Games)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] (Realtek Semiconductor Corp -> )
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [2284400 2023-06-07] (Banco Bradesco SA -> Banco Bradesco S.A.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402216 2023-07-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2022-01-05] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 athur; C:\WINDOWS\System32\drivers\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-28] (Bitdefender SRL -> BitDefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [240264 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2015-11-18] (GAS INFORMATICA LTDA -> GAS Tecnologia)
R1 klbackupdisk.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klbackupdisk.sys [112936 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klbackupflt.sys [234216 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\kldisk.sys [125736 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2023-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 KLFLT.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klflt.sys [548072 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klgse.sys [729136 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLHK.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klhk.sys [1822784 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids.Kaspersky4Win-21-13; C:\ProgramData\Kaspersky Lab\AVP21.13\Bases\klids.sys [235704 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klif.sys [1163544 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98552 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klkbdflt.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klkbdflt.sys [115960 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klmouflt.sys [113448 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klpd.sys [80672 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klpnpflt.sys [98040 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 kltun; C:\WINDOWS\system32\DRIVERS\kltun.sys [86776 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_Kaspersky4Win-21-13_arkmon; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_arkmon.sys [368416 2023-06-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_Kaspersky4Win-21-13_klark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_klark.sys [350848 2023-05-22] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_Kaspersky4Win-21-13_klbg; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_klbg.sys [179864 2023-05-22] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_Kaspersky4Win-21-13_mark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_mark.sys [259440 2023-05-16] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klwfp.sys [179960 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klwtp.sys [415480 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\kneps.sys [340208 2023-06-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] (ASUSTeK Computer Inc. -> )
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49608 2023-03-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [495896 2023-03-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-27] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-07-14 08:12 - 2023-07-15 20:00 - 000873472 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-wal
2023-07-14 08:12 - 2023-07-14 08:12 - 000032768 _____ C:\WINDOWS\SysWOW64\DnsStorage-shm
2023-07-14 08:12 - 2023-07-14 08:12 - 000032768 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-shm
2023-07-14 08:12 - 2023-07-14 08:12 - 000000000 _____ C:\WINDOWS\SysWOW64\DnsStorage-wal
2023-07-13 16:09 - 2023-07-13 17:10 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\ZHP
2023-07-13 09:13 - 2023-07-13 09:13 - 000000000 ___HD C:\$WinREAgent
2023-07-10 14:55 - 2023-07-15 20:36 - 000000000 ____D C:\FRST
2023-07-07 20:29 - 2023-07-08 11:48 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-06-27 21:14 - 2023-07-11 22:28 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CiscoSparkLauncher
2023-06-27 21:14 - 2023-07-11 22:28 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CiscoSpark
2023-06-27 19:23 - 2023-06-27 19:23 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex
2023-06-27 18:28 - 2023-06-27 19:21 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\webex
2023-06-27 18:25 - 2023-07-15 13:18 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\WebEx
2023-06-27 18:25 - 2023-06-29 18:56 - 000000000 ____D C:\Users\Angelo Braz\AppData\LocalLow\WebEx

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-07-15 20:39 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-15 20:35 - 2020-08-17 17:46 - 000004182 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D560E2BD-2729-4B68-9016-45F841C9ACEA}
2023-07-15 20:04 - 2021-12-16 21:16 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-15 20:04 - 2015-08-11 22:55 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-15 16:02 - 2022-02-09 20:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-07-15 16:01 - 2016-11-18 06:31 - 000000000 ____D C:\Users\Angelo Braz\AppData\LocalLow\Mozilla
2023-07-15 13:37 - 2020-08-17 17:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-15 09:53 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-15 09:53 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-15 09:38 - 2020-04-06 13:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-14 20:54 - 2020-04-19 23:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-07-14 19:25 - 2022-12-18 19:51 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-467048075-196725563-1868618205-1001
2023-07-14 19:25 - 2020-08-17 17:46 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-467048075-196725563-1868618205-1001
2023-07-14 19:25 - 2020-08-17 15:16 - 000002448 _____ C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-14 11:09 - 2019-12-07 06:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2023-07-13 21:22 - 2022-03-22 08:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-07-13 21:22 - 2021-07-27 22:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-07-13 16:40 - 2020-08-17 17:43 - 001749624 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-13 16:40 - 2019-12-07 11:53 - 000755378 _____ C:\WINDOWS\system32\prfh0416.dat
2023-07-13 16:40 - 2019-12-07 11:53 - 000149432 _____ C:\WINDOWS\system32\prfc0416.dat
2023-07-13 16:40 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2023-07-13 16:06 - 2020-07-22 20:42 - 000000000 ____D C:\AdwCleaner
2023-07-13 15:57 - 2023-05-02 15:25 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage
2023-07-13 12:15 - 2023-06-01 12:54 - 000000000 ____D C:\ProgramData\NVIDIA
2023-07-13 12:15 - 2020-08-17 17:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-13 12:15 - 2020-08-17 17:33 - 000008192 ___SH C:\DumpStack.log.tmp
2023-07-13 09:59 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-07-13 09:59 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-13 09:55 - 2020-08-17 17:33 - 000462752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-13 09:54 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-13 09:41 - 2020-08-17 17:36 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-13 09:10 - 2017-08-30 09:34 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-13 09:09 - 2022-09-23 18:37 - 000000000 ____D C:\Program Files (x86)\dotnet
2023-07-13 09:03 - 2015-08-12 12:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-13 08:50 - 2015-08-12 12:56 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-12 23:13 - 2020-08-17 15:16 - 000000000 ____D C:\Users\Angelo Braz
2023-07-12 09:52 - 2015-07-31 15:54 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Excel
2023-07-12 09:49 - 2015-07-31 15:53 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Word
2023-07-11 17:57 - 2020-08-17 17:46 - 000003674 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-11 17:57 - 2020-08-17 17:46 - 000003550 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-08 11:48 - 2023-05-21 18:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-07-08 11:48 - 2015-07-30 14:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-07-08 11:46 - 2023-06-01 14:05 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\ElevatedDiagnostics
2023-07-07 20:31 - 2021-03-09 16:52 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-07-05 12:34 - 2023-05-21 18:18 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-07-03 10:58 - 2017-10-18 01:12 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\Packages
2023-07-02 15:13 - 2023-05-02 14:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\Kaspersky4Win-21-13
2023-06-28 18:51 - 2015-08-11 22:57 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-06-27 19:16 - 2022-10-13 11:25 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-06-27 19:16 - 2015-07-30 13:48 - 000000000 ____D C:\Program Files\CCleaner
2023-06-22 08:09 - 2018-11-29 23:01 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CrashDumps
2023-06-22 08:08 - 2022-10-13 11:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-06-22 08:08 - 2020-08-17 17:46 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-06-15 13:44 - 2020-08-17 17:46 - 000003884 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-06-15 13:44 - 2020-08-17 17:46 - 000003760 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore

==================== Arquivos na raiz de alguns diretórios ========

2016-03-26 12:02 - 2016-03-26 12:02 - 000000001 _____ () C:\Users\Angelo Braz\AppData\Local\llftool.4.40.agreement
2016-03-26 12:03 - 2016-03-26 12:03 - 000000019 _____ () C:\Users\Angelo Braz\AppData\Local\llftool.license
2017-09-04 22:53 - 2017-09-04 22:53 - 000003379 _____ () C:\Users\Angelo Braz\AppData\Local\recently-used.xbel
2015-11-02 21:17 - 2022-11-30 14:48 - 000007610 _____ () C:\Users\Angelo Braz\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 15-07-2023
Executado por Angelo (15-07-2023 20:43:46)
Executando a partir de D:\Área de Trabalho
Microsoft Windows 10 Pro Versão 22H2 19045.3208 (X64) (2020-08-17 20:46:23)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-467048075-196725563-1868618205-500 - Administrator - Disabled)
Angelo (S-1-5-21-467048075-196725563-1868618205-1001 - Administrator - Enabled) => C:\Users\Angelo Braz
Convidado (S-1-5-21-467048075-196725563-1868618205-501 - Limited - Enabled)
DefaultAccount (S-1-5-21-467048075-196725563-1868618205-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-467048075-196725563-1868618205-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-467048075-196725563-1868618205-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{fa489a41-09bb-480e-95ff-0856f05112eb}) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.) Hidden
Anki (HKLM-x32\...\Anki) (Version: 2.1.43 - )
Aplicativo Itaú (HKLM-x32\...\{D0A058D6-4688-4E33-8894-8951D057990E}) (Version: 1.0.182 - Banco Itaú)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.13 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\ActiveTouchMeetingClient) (Version: 43.6.4 - Cisco Webex LLC)
Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.)
Configurações da câmera Logitech (HKLM-x32\...\LogiUCDPP) (Version: 2.12.20.0 - Logitech Europe S.A.)
digiCamControl (HKLM-x32\...\{051b8fc1-d433-4428-bcd1-f90aa50afa23}) (Version: 2.1.4.0 - ) Hidden
ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{59C0032B-88B5-41F3-B8FD-5B3356670B4F}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{4B31654B-80C2-405C-91C9-49B14AEB0F42}) (Version: 2.0.32.0 - Epic Games, Inc.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.2.15332 - Foxit Software Inc.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.61.63 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.199 - Google LLC)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Identiv uTrust Smart Card Reader (HKLM-x32\...\{307F1256-AB13-4987-BAED-104752D425C8}) (Version: 1.17.0 - Identiv)
IRPF 2023 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\6908-8355-8468-2086) (Version: 1.3 - Receita Federal do Brasil)
IRPF2017 (HKLM-x32\...\IRPF2017) (Version: 1.1 - Receita Federal do Brasil)
IRPF2018 (HKLM-x32\...\IRPF2018) (Version: 1.4 - Receita Federal do Brasil)
IRPF2019 (HKLM-x32\...\IRPF2019) (Version: 1.5 - Receita Federal do Brasil)
IRPF2020 (HKLM-x32\...\IRPF2020) (Version: 1.9 - Receita Federal do Brasil)
IRPF2021 (HKLM-x32\...\IRPF2021) (Version: 1.2 - Receita Federal do Brasil)
IRPF2022 (HKLM-x32\...\IRPF2022) (Version: 1.3 - Receita Federal do Brasil)
Kaspersky (HKLM-x32\...\{E396C2E3-5292-33E9-949C-349C23D784D8}) (Version: 21.13.5.506 - Kaspersky) Hidden
Kaspersky (HKLM-x32\...\InstallWIX_{E396C2E3-5292-33E9-949C-349C23D784D8}) (Version: 21.13.5.506 - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{4DC8ED2C-8DA1-3701-A234-66AF6EF1CEFF}) (Version: 21.13.5.506 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{4DC8ED2C-8DA1-3701-A234-66AF6EF1CEFF}) (Version: 21.13.5.506 - Kaspersky)
K-Lite Codec Pack 17.1.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.1.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.20 (x86) (HKLM-x32\...\{82F89EDB-1DF1-402B-BED6-01C736967B6F}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.20 (x86) (HKLM-x32\...\{561137EF-2ECE-48F0-A6D6-6260AC7112A5}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x86) (HKLM-x32\...\{6E4984A9-4321-4D96-861F-D03578E68C8B}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.16529.20182 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.82 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.79 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\OneDriveSetup.exe) (Version: 23.132.0625.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016 (HKLM\...\{F07B1E25-5670-4556-9C7F-5A1966C83269}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016 (HKLM\...\{E493B8F4-E300-43EC-95D0-BDF3711297EA}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016 (HKLM-x32\...\{5CD4E357-9ED6-42AC-B654-F1FC21DD60C9}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016 (HKLM-x32\...\{E2C131AD-D30F-4D67-ACE9-B3D485E84DA8}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{39139702-799e-4843-8d90-cfe9330b285a}) (Version: 6.0.20.32621 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{FC641ACB-FE5E-4F88-B392-9421BDCA1143}) (Version: 48.83.63194 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 115.0 (x64 pt-BR)) (Version: 115.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 113.0.1 - Mozilla)
Mozilla Thunderbird (x64 pt-BR) (HKLM\...\Mozilla Thunderbird 102.13.0 (x64 pt-BR)) (Version: 102.13.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NVIDIA Driver de controle do 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Driver de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.101.48500 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PDFsam Basic (HKLM\...\{24493C22-01EA-4E07-AB21-84910EB826B0}) (Version: 4.3.3.0 - Sober Lemur S.a.s. di Vacondio Andrea)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.64.316.2023 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5880 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.5 - Rockstar Games)
SafeSign 64-bits (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.124 - A.E.T. Europe B.V.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Suporte do iPod (HKLM\...\{713ABB2F-9ACB-4A4A-945A-CEA53C08644C}) (Version: 12.11.3.7 - Apple Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 82.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Webex (HKLM\...\{03482546-35AA-4BEC-A702-8B95FE6F4E02}) (Version: 43.6.0.26407 - Cisco Systems, Inc)

Packages:
=========
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-08-14] (Microsoft Corporation)
HP Scan and Capture -> C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6 [2020-05-08] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-13] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-06-13] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14002.0_x64__8wekyb3d8bbwe [2023-05-31] (Microsoft Corporation) [Startup Task]
RecForth -> C:\Program Files\WindowsApps\IOForth.Screenrecord-screenrecorder_1.1.11.0_x64__pxs7cjhtcq1xt [2023-06-21] (IOForth)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-467048075-196725563-1868618205-1001_Classes\CLSID\{DDC34D5E-7D6D-E686-AB5A-C82D0DE991A3}\InprocServer32 -> não caminho do arquivo
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Nenhum Arquivo
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Nenhum Arquivo
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll -> Nenhum Arquivo
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers1_S-1-5-21-467048075-196725563-1868618205-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo
ContextMenuHandlers1_S-1-5-21-467048075-196725563-1868618205-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => -> Nenhum Arquivo
ContextMenuHandlers4_S-1-5-21-467048075-196725563-1868618205-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [Arquivo não assinado]

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Módulos Carregados (Whitelisted) =============

2017-05-09 09:27 - 2017-05-09 09:27 - 003067904 _____ (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aetpkss1.dll
2017-05-09 09:27 - 2017-05-09 09:27 - 000040960 _____ (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aettask.dll
2016-07-19 20:59 - 2009-04-20 12:29 - 000136704 _____ (Hewlett-Packard Company) [Arquivo não assinado] C:\WINDOWS\System32\hpf3l70w.dll
2016-07-19 21:03 - 2009-04-20 11:29 - 000249856 _____ (Hewlett-Packard Corporation) [Arquivo não assinado] C:\WINDOWS\system32\spool\PRTPROCS\x64\hpfpp70w.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000029696 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\DebugLogger.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000032768 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000031744 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
2015-08-23 23:42 - 2022-07-15 11:00 - 000094720 _____ (Igor Pavlov) [Arquivo não assinado] C:\Program Files\7-Zip\7-zip.dll
2009-06-25 09:27 - 2009-06-25 09:27 - 000541184 _____ (Marvell Semiconductor, Inc.) [Arquivo não assinado] C:\WINDOWS\System32\mvtcpmon.dll
2023-06-01 14:01 - 2016-11-14 09:30 - 001300688 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2009-06-25 09:25 - 2009-06-25 09:25 - 000144896 _____ (OpenSLP) [Arquivo não assinado] C:\WINDOWS\System32\slp64.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [254]
AlternateDataStreams: C:\ProgramData\TEMP:D061F04D [184]

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\google.com -> www.google.com
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\google.com.br -> www.google.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.b.br -> www.itau.b.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2022-06-10 19:36 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-10-01 16:12 - 2021-10-01 16:13 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-467048075-196725563-1868618205-1001\Control Panel\Desktop\\Wallpaper -> D:\Área de Trabalho\838293.jpg
DNS Servers: 1.0.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AutoRun_MBIM => 2
MSCONFIG\Services: Change Modem Device Service => 2
MSCONFIG\Services: DevMgmtService => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: ProductAgentService => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "VIVO INTERNET 4G"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "VIVO INTERNET 4G"
HKLM\...\StartupApproved\Run32: => "Genshin Impact_Launcher"
HKLM\...\StartupApproved\Run32: => "Genshin Impact Beta_Launcher"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{9704DFD4-4832-4BA2-AD86-B1FA9825F1F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B8524ED1-C8B3-42D3-8377-9007CD2EAA50}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2FA0FB6A-3668-45DF-BB38-CA9816E4F7CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{60982F0A-8A31-47A3-B257-549FBC515CA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9DE48766-BD8F-4E57-9A48-50B2D7A9F735}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{0EAAE5A9-8970-47BB-A4F2-6A1742F28E41}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{C69FB424-B5AD-4AD0-BD4C-43D5DE3B800A}] => (Allow) D:\Games Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe () [Arquivo não assinado]
FirewallRules: [{D9B48F0D-AE4E-4B45-80AD-9881E874D23B}] => (Allow) D:\Games Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe () [Arquivo não assinado]
FirewallRules: [{7F4F876F-6B2E-463B-B1C0-4F8D31B6DE0E}] => (Allow) LPort=57209
FirewallRules: [{B6E1770B-8CAD-4D20-A5EF-AA5E16123919}] => (Allow) LPort=57209
FirewallRules: [{ECF732B5-EE5C-4091-9D65-5E8D0926D921}] => (Allow) LPort=9100
FirewallRules: [{21270FD4-3BF9-4EAC-9CFE-E71669980D50}] => (Allow) LPort=427
FirewallRules: [{04EB6426-E32A-44E6-AF67-70FFED25D5F8}] => (Allow) LPort=161
FirewallRules: [TCP Query User{9DB0A4D1-CBE4-464B-94F0-F3C42A376D1D}C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe] => (Allow) C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe (ITAU UNIBANCO S.A. -> Banco Itaú)
FirewallRules: [UDP Query User{04E3C43F-4BF3-485C-9E90-F35D803C4123}C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe] => (Allow) C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe (ITAU UNIBANCO S.A. -> Banco Itaú)
FirewallRules: [{112F261F-4506-4B4E-BC4F-A32D6499DFDB}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [{29EB09DF-8EE5-4FE0-B8F2-7713B4BA3E85}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [{756953E8-A221-4F00-AEEB-038FDAECCBFB}] => (Allow) LPort=9100
FirewallRules: [{79FFF101-D1B6-4085-97B3-E76F504E1D4D}] => (Allow) LPort=427
FirewallRules: [{A0BB0B35-3961-4770-985C-F673DACB5911}] => (Allow) LPort=161
FirewallRules: [{0C508160-3801-4AB0-940C-D97A9E5C9820}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett-Packard Company -> Hewlett Packard)
FirewallRules: [{955D43DB-DDAA-41E9-8C4A-B581CCCC7559}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett-Packard Company -> Hewlett Packard)
FirewallRules: [{1AA059A1-5AB1-4335-B21F-CA0DD4C3CC27}] => (Allow) LPort=57209
FirewallRules: [{D7659CAC-C449-438C-9994-F84DD097CE69}] => (Allow) LPort=57210
FirewallRules: [{AF1355A8-C405-4208-AB10-33ED0A67F073}] => (Allow) LPort=57211
FirewallRules: [{45962D66-4A6B-45DD-BF35-E761F56AD9B2}] => (Allow) LPort=57212
FirewallRules: [{B5CCDEE1-DC04-41A0-9361-45381456A761}] => (Allow) LPort=57213
FirewallRules: [{61ACAA29-9085-4F20-B5E8-57AC45E3870A}] => (Allow) LPort=57214
FirewallRules: [{F9770054-8423-418C-B688-C5C9B3963DFE}] => (Allow) LPort=57215
FirewallRules: [{8C2914B5-15B3-4C48-AA82-78DEA6F2D379}] => (Allow) LPort=57216
FirewallRules: [{810BAA4E-1B8B-4FDA-8B72-CD45A01BE72F}] => (Allow) LPort=57217
FirewallRules: [{58F42371-9689-4D51-89AB-606D1A001BAD}] => (Allow) LPort=57218
FirewallRules: [{527DD172-FEEF-4424-84CB-9E49472E4D7F}] => (Allow) LPort=57209
FirewallRules: [{7234C66E-E760-47B9-9218-588B0194ACEE}] => (Allow) LPort=57210
FirewallRules: [{89C4D8BE-B71A-4BF3-B61E-B8169AD76902}] => (Allow) LPort=57211
FirewallRules: [{7B303FB5-0AF9-4AD1-9423-FECC397BD8A4}] => (Allow) LPort=57212
FirewallRules: [{FD6CE65C-1A77-4D7A-B1BE-3CA958B6704F}] => (Allow) LPort=57213
FirewallRules: [{CB0FB2C6-32D5-4167-A20B-63975E68D2D5}] => (Allow) LPort=57214
FirewallRules: [{00FA6BF7-B5A6-4804-B943-117AB3F24EC2}] => (Allow) LPort=57215
FirewallRules: [{9A46CF73-52B0-4155-8D32-3AC1D3DBDDD9}] => (Allow) LPort=57216
FirewallRules: [{1BFD7944-E93E-4D03-8342-7397C837FC1D}] => (Allow) LPort=57217
FirewallRules: [{07D1F187-4D33-4E9F-AABF-D958A367E8F2}] => (Allow) LPort=57218
FirewallRules: [{115E9E6E-EEEC-4B8E-877C-85F97D65B924}] => (Allow) LPort=23007
FirewallRules: [{5D10575B-15A2-47EB-A5E3-52C0030B676D}] => (Allow) LPort=23008
FirewallRules: [{88908B64-7FB1-4D51-B4FF-E7374FF75DB2}] => (Allow) LPort=33009
FirewallRules: [{0D97A74D-EF16-44D3-B3C9-A3F9AE2E9F1C}] => (Allow) LPort=33010
FirewallRules: [{51FB394C-330C-4FFB-BE85-B266C3868486}] => (Allow) LPort=33011
FirewallRules: [{50E3A043-B0B1-49D2-AABF-83F624CE67D4}] => (Allow) LPort=43012
FirewallRules: [{2AFF7942-479D-436D-B639-6E13C1F82ACC}] => (Allow) LPort=43013
FirewallRules: [{2D9EE3AE-5FEF-465D-A998-D55D06D59387}] => (Allow) LPort=53014
FirewallRules: [{FBCDA599-CAA8-4C13-A217-5A0E8D854BA9}] => (Allow) LPort=53015
FirewallRules: [{8D5B5EA6-E8AA-484A-BBA0-5D24BB080E72}] => (Allow) LPort=53016
FirewallRules: [{BFE86399-281C-4061-B880-5DC1EDB87DF1}] => (Allow) LPort=23007
FirewallRules: [{9A4B665D-B1F9-4C2F-B541-8517A8E16C98}] => (Allow) LPort=23008
FirewallRules: [{073E55E9-3949-42EB-8F95-DFF6B37A8945}] => (Allow) LPort=33009
FirewallRules: [{D631D813-84EE-4E2D-868E-F080A7DBE7AC}] => (Allow) LPort=33010
FirewallRules: [{759E29DB-3902-4EBF-B109-32E4341B5907}] => (Allow) LPort=33011
FirewallRules: [{116E6146-CB2E-4BDC-90A4-F00EA1AD4377}] => (Allow) LPort=43012
FirewallRules: [{32C1D800-6BDE-42C1-8E03-04A7ED274A83}] => (Allow) LPort=43013
FirewallRules: [{7838B0FE-A664-40F5-BF45-AC25607BD7F0}] => (Allow) LPort=53014
FirewallRules: [{29E4851B-E360-4337-93E3-EFE1331587FB}] => (Allow) LPort=53015
FirewallRules: [{36B1C54D-C58D-4F1A-AB42-333D338B7A00}] => (Allow) LPort=53016
FirewallRules: [{E4F0A1DA-EF72-4E1C-A87E-1B71F971477F}] => (Allow) LPort=50053
FirewallRules: [{02A83C19-C6C1-45F4-9B50-1C73B1EDC322}] => (Allow) LPort=50053
FirewallRules: [{322A0D8E-AA8D-4A50-B4A3-A8E3EA7B838A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0D0E2360-084D-47AC-BC5B-0F52F486118E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59F3EB46-7110-4BD6-A6A0-32841E67EE07}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D26BDEAB-488A-4ABA-A3E1-782D4249B379}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E797C231-379C-4588-A66A-E8C48FAF680D}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [{2C17A881-B1FF-47EE-BD1F-957AE7B9C3A2}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [TCP Query User{AE1F08BC-BA00-4214-B1D0-4E1098B05D36}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{19694063-9D68-4774-8786-24271BA34A28}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{02FA6EC5-5843-47B0-9579-517E8C1D7A59}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Nenhum Arquivo
FirewallRules: [{47A1D1A1-4C71-4545-A814-F6B7F7314D44}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Nenhum Arquivo
FirewallRules: [{A96CFB8E-99A5-4DD9-B7C5-67B3FA7A102D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB2E303-7F11-4581-B66F-2D32FDD47735}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7A86D96F-8823-48BD-8969-184FE89706BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D08F0EB9-1FCA-4F89-BF4D-822CA7622AD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{ADD6CED8-054F-4731-ADAE-BD0240723ACB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{57B7D3F7-0D1B-421D-AAEF-29AA187E39F6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1F9E6F74-E687-4100-842D-5AEF0E6E932E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{EA0740D0-B82D-479B-9FAA-62CAE172F128}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8AC3F5F4-018A-4A03-A891-31F876C6444C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2E719CE5-4254-457E-9649-F342B9BB05DE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E0BD1869-4663-4D21-8ABA-877D1E0158D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{026D2377-C507-44E3-9A36-C54137B7F563}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{47501A06-826E-41C0-93ED-B77E57A3BE5B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Pontos de Restauração =========================

13-07-2023 17:04:45 ZHPcleaner

==================== Dispositivos Apresentando Falhas No Gerenciador ============

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (07/13/2023 09:44:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: wuauclt.exe, versão: 10.0.19041.3031, carimbo de data/hora: 0x35946a52
Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.19041.3086, carimbo de data/hora: 0xe1ac3f79
Código de exceção: 0xc0000409
Deslocamento da falha: 0x000000000012d8b2
ID do processo com falha: 0x2a94
Hora de início do aplicativo com falha: 0x01d9b583486b4bdf
Caminho do aplicativo com falha: C:\WINDOWS\system32\wuauclt.exe
Caminho do módulo com falha: C:\WINDOWS\System32\KERNELBASE.dll
ID do Relatório: 709e54b5-ea80-49b0-b66b-86cb12a3188f
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (07/01/2023 08:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-T0H8SRB.local already in use; will try DESKTOP-T0H8SRB-2.local instead

Error: (07/01/2023 08:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 DESKTOP-T0H8SRB.local. Addr 192.168.1.5

Error: (07/01/2023 08:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 16 DESKTOP-T0H8SRB.local. AAAA 2804:0D41:A226:D600:B64C:22FF:8C4C:ABAA

Error: (06/30/2023 12:54:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-T0H8SRB.local already in use; will try DESKTOP-T0H8SRB-2.local instead

Error: (06/30/2023 12:54:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-T0H8SRB.local. Addr 192.168.1.5

Error: (06/30/2023 12:54:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 16 DESKTOP-T0H8SRB.local. AAAA 2804:0D41:A226:D600:B64C:22FF:8C4C:ABAA

Error: (06/30/2023 07:43:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-T0H8SRB.local already in use; will try DESKTOP-T0H8SRB-2.local instead

Erros de Sistema:
=============
Error: (07/14/2023 08:10:16 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB)
Description: O servidor {94269C4E-071A-4116-90E6-52E557067E4E} não se registrou no DCOM dentro do tempo limite necessário.

Error: (07/13/2023 10:26:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.

Error: (07/13/2023 10:26:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB)
Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário.

Windows Defender:
================
Date: 2023-03-28 10:27:25
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {33B9A05B-B9F9-466D-ACB9-3B59DDE6C71B}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 10:22:34
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {C889AA89-6F2A-43ED-981E-7AE295922696}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 09:56:14
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {5EDCBF41-C554-420E-AFB2-B5AB38A29F92}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 09:21:13
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {2E00FDA6-61BE-4E36-A497-DC9117BECA80}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 09:10:33
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {349F2248-1234-4A31-950F-AC518C2008D8}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA
Event[0]:

Date: 2022-05-22 23:54:51
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.283.1164.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.15500.2
Código de Erro: 0x8024001e
Descrição do Erro: Erro inesperado ao verificar atualizações. Para obter informações sobre como instalar ou solucionar problemas de atualizações, consulte Ajuda e Suporte.

CodeIntegrity:
===============
Date: 2023-07-15 20:45:41
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2023-07-15 20:45:15
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-07-15 20:41:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\com_antivirus.dll that did not meet the Windows signing level requirements.

==================== Informações da Memória ===========================

BIOS: American Megatrends Inc. 2105 07/23/2010
placa-mãe: ASUSTeK Computer INC. M4A785TD-V EVO
Processador: AMD Phenom(tm) II X6 1055T Processor
Percentagem de memória em uso: 34%
RAM física total: 9982.18 MB
RAM física disponível: 6552.67 MB
Virtual Total: 10622.18 MB
Virtual disponível: 7044.58 MB

==================== Drives ================================

Drive () (Fixed) (Total:110.78 GB) (Free:28.03 GB) (Model: KINGSTON SV300S37A120G ATA Device) NTFS
Drive d: (Anjo) (Fixed) (Total:931.51 GB) (Free:385.86 GB) (Model: SAMSUNG HD103SI ATA Device) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]

\\?\Volume{70b2a5bd-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{70b2a5bd-0000-0000-0000-90d11b000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 70B2A5BD)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=526 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6BF97209)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt =======================

Elias Pereira · 18 de julho de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Genshin Impact Beta_Launcher] => [X]
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Nenhum Arquivo)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrição <==== ATENÇÃO
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
Task: {E28E667D-AF63-4A37-B5C6-18E7C360FAB2} - System32\Tasks\AdwCleaner_onReboot => D:\Área de Trabalho\adwcleaner_8.0.6.exe  /r (Nenhum Arquivo)
Task: {5CE1A06E-9F59-4F0F-83C4-319A08AF1D73} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe  (Nenhum Arquivo)
Task: {956E5536-0A5D-42FA-BA4B-CDFFE94CF485} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {7BAC3216-7F61-4128-8067-52911C3E37DC} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "7bde81e5-df76-4cdb-b6c4-cb680b94b0fd" --version "6.13.10517" --silent
Task: {AA6F2483-CAE8-44A2-BAE9-D819EBAE96B2} - System32\Tasks\CCleanerSkipUAC - Angelo => C:\Program Files\CCleaner\CCleaner.exe [34304928 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {3BCB82F7-0CA9-4FCA-A130-711B029C3A66} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [5308592 2023-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {7200E7FC-D66A-4C02-8C2E-7491139B5936} - System32\Tasks\Desligar Automático => C:\WINDOWS\system32\shutdown.exe [28160 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> -s -f
Task: {10E8EF05-223F-4D96-85EF-5E789C193EAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.)
Task: {6A0CC6F3-0E12-4400-AE44-42B46EE9CDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.)
Task: {BD80A129-4879-4750-8D5C-40C62FDFF034} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2022-08-08] () [Arquivo não assinado]
Task: {6265A9AA-8097-4539-9FE6-039764D3FF07} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {345B8195-A8C4-49D3-99DF-F598148E1878} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {0AE8D982-82DE-49CA-AC35-953764121BC1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124296 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {40D3AB04-C119-4C03-9DD4-5FF4BDD5FEE9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124296 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {18F0E1B5-30C5-4FC0-B765-10DCB0FCAE08} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [685984 2023-07-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {924E4F75-2F71-411D-B9E4-3B63B911C67B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-07-05] (Mozilla Corporation -> Mozilla Foundation)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
CustomCLSID: HKU\S-1-5-21-467048075-196725563-1868618205-1001_Classes\CLSID\{DDC34D5E-7D6D-E686-AB5A-C82D0DE991A3}\InprocServer32 -> não caminho do arquivo
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Nenhum Arquivo
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> Nenhum Arquivo
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll -> Nenhum Arquivo
ContextMenuHandlers1_S-1-5-21-467048075-196725563-1868618205-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} =>  -> Nenhum Arquivo
ContextMenuHandlers1_S-1-5-21-467048075-196725563-1868618205-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} =>  -> Nenhum Arquivo
ContextMenuHandlers4_S-1-5-21-467048075-196725563-1868618205-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} =>  -> Nenhum Arquivo
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [254]
AlternateDataStreams: C:\ProgramData\TEMP:D061F04D [184]

StartBatch:
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig" /s
reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s
EndBatch:

File:  C:\Windows\SysWOW64\frapsvid.dll
File: C:\WINDOWS\SysWOW64\WIN8_MBIM.exe
File: C:\Windows\System32\aetcrss1.exe
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

Clique no botão

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Xacamaster · 18 de julho de 2023

Elias, conforme pedido:

Citação

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 18-07-2023
Executado por Angelo (18-07-2023 14:27:17) Run:1
Executando a partir de D:\Área de Trabalho
Perfis Carregados: Angelo
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Genshin Impact Beta_Launcher] => [X]
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Nenhum Arquivo)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrição <==== ATENÇÃO
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [GalaxyClient] => [X]
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO
Task: {E28E667D-AF63-4A37-B5C6-18E7C360FAB2} - System32\Tasks\AdwCleaner_onReboot => D:\Área de Trabalho\adwcleaner_8.0.6.exe /r (Nenhum Arquivo)
Task: {5CE1A06E-9F59-4F0F-83C4-319A08AF1D73} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (Nenhum Arquivo)
Task: {956E5536-0A5D-42FA-BA4B-CDFFE94CF485} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {7BAC3216-7F61-4128-8067-52911C3E37DC} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "7bde81e5-df76-4cdb-b6c4-cb680b94b0fd" --version "6.13.10517" --silent
Task: {AA6F2483-CAE8-44A2-BAE9-D819EBAE96B2} - System32\Tasks\CCleanerSkipUAC - Angelo => C:\Program Files\CCleaner\CCleaner.exe [34304928 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {3BCB82F7-0CA9-4FCA-A130-711B029C3A66} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [5308592 2023-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {7200E7FC-D66A-4C02-8C2E-7491139B5936} - System32\Tasks\Desligar Automático => C:\WINDOWS\system32\shutdown.exe [28160 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> -s -f
Task: {10E8EF05-223F-4D96-85EF-5E789C193EAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.)
Task: {6A0CC6F3-0E12-4400-AE44-42B46EE9CDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.)
Task: {BD80A129-4879-4750-8D5C-40C62FDFF034} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2022-08-08] () [Arquivo não assinado]
Task: {6265A9AA-8097-4539-9FE6-039764D3FF07} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {345B8195-A8C4-49D3-99DF-F598148E1878} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {0AE8D982-82DE-49CA-AC35-953764121BC1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124296 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {40D3AB04-C119-4C03-9DD4-5FF4BDD5FEE9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124296 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {18F0E1B5-30C5-4FC0-B765-10DCB0FCAE08} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [685984 2023-07-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {924E4F75-2F71-411D-B9E4-3B63B911C67B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-07-05] (Mozilla Corporation -> Mozilla Foundation)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
CustomCLSID: HKU\S-1-5-21-467048075-196725563-1868618205-1001_Classes\CLSID\{DDC34D5E-7D6D-E686-AB5A-C82D0DE991A3}\InprocServer32 -> não caminho do arquivo
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Nenhum Arquivo
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Nenhum Arquivo
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll -> Nenhum Arquivo
ContextMenuHandlers1_S-1-5-21-467048075-196725563-1868618205-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo
ContextMenuHandlers1_S-1-5-21-467048075-196725563-1868618205-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => -> Nenhum Arquivo
ContextMenuHandlers4_S-1-5-21-467048075-196725563-1868618205-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [254]
AlternateDataStreams: C:\ProgramData\TEMP:D061F04D [184]

StartBatch:
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig" /s
reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s
EndBatch:

File: C:\Windows\SysWOW64\frapsvid.dll
File: C:\WINDOWS\SysWOW64\WIN8_MBIM.exe
File: C:\Windows\System32\aetcrss1.exe
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Genshin Impact Beta_Launcher" => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Genshin Impact_Launcher" => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\StartCCC" => removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => valor restaurado com sucesso
"HKU\S-1-5-21-467048075-196725563-1868618205-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removido (a) com sucesso.
C:\WINDOWS\system32\GroupPolicy\Machine => movido com sucesso
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido com sucesso
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => movido com sucesso
C:\ProgramData\NTUSER.pol => movido com sucesso
HKLM\SOFTWARE\Policies\Google => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E28E667D-AF63-4A37-B5C6-18E7C360FAB2}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E28E667D-AF63-4A37-B5C6-18E7C360FAB2}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\AdwCleaner_onReboot => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdwCleaner_onReboot" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5CE1A06E-9F59-4F0F-83C4-319A08AF1D73}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5CE1A06E-9F59-4F0F-83C4-319A08AF1D73}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Apple Diagnostics => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple Diagnostics" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{956E5536-0A5D-42FA-BA4B-CDFFE94CF485}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{956E5536-0A5D-42FA-BA4B-CDFFE94CF485}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleaner Update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BAC3216-7F61-4128-8067-52911C3E37DC}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BAC3216-7F61-4128-8067-52911C3E37DC}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleanerCrashReporting => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerCrashReporting" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA6F2483-CAE8-44A2-BAE9-D819EBAE96B2}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA6F2483-CAE8-44A2-BAE9-D819EBAE96B2}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC - Angelo => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC - Angelo" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCB82F7-0CA9-4FCA-A130-711B029C3A66}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCB82F7-0CA9-4FCA-A130-711B029C3A66}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateExplorerShellUnelevatedTask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7200E7FC-D66A-4C02-8C2E-7491139B5936}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7200E7FC-D66A-4C02-8C2E-7491139B5936}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Desligar Automático => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desligar Automático" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10E8EF05-223F-4D96-85EF-5E789C193EAA}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10E8EF05-223F-4D96-85EF-5E789C193EAA}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A0CC6F3-0E12-4400-AE44-42B46EE9CDFC}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0CC6F3-0E12-4400-AE44-42B46EE9CDFC}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD80A129-4879-4750-8D5C-40C62FDFF034}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD80A129-4879-4750-8D5C-40C62FDFF034}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\klcp_update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6265A9AA-8097-4539-9FE6-039764D3FF07}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6265A9AA-8097-4539-9FE6-039764D3FF07}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{345B8195-A8C4-49D3-99DF-F598148E1878}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{345B8195-A8C4-49D3-99DF-F598148E1878}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AE8D982-82DE-49CA-AC35-953764121BC1}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AE8D982-82DE-49CA-AC35-953764121BC1}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Feature Updates => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40D3AB04-C119-4C03-9DD4-5FF4BDD5FEE9}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40D3AB04-C119-4C03-9DD4-5FF4BDD5FEE9}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{18F0E1B5-30C5-4FC0-B765-10DCB0FCAE08}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18F0E1B5-30C5-4FC0-B765-10DCB0FCAE08}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Background Update 308046B0AF4A39CB" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{924E4F75-2F71-411D-B9E4-3B63B911C67B}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{924E4F75-2F71-411D-B9E4-3B63B911C67B}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => removido (a) com sucesso.
C:\WINDOWS\Tasks\CCleanerCrashReporting.job => movido com sucesso
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => movido com sucesso
HKU\S-1-5-21-467048075-196725563-1868618205-1001_Classes\CLSID\{DDC34D5E-7D6D-E686-AB5A-C82D0DE991A3} => removido (a) com sucesso.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removido (a) com sucesso.
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removido (a) com sucesso.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\ACE => removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000} => removido (a) com sucesso.
HKU\S-1-5-21-467048075-196725563-1868618205-1001\Software\Classes\*\ShellEx\ContextMenuHandlers\ kwpsshellext => removido (a) com sucesso.
HKU\S-1-5-21-467048075-196725563-1868618205-1001\Software\Classes\*\ShellEx\ContextMenuHandlers\kpdf2wordshellext => removido (a) com sucesso.
HKU\S-1-5-21-467048075-196725563-1868618205-1001\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ kwpsshellext => removido (a) com sucesso.
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":r0d3jo5" ADS removido (a) com sucesso.
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":X5ZN8aGvT4" ADS removido (a) com sucesso.
C:\ProgramData\TEMP => ":D061F04D" ADS removido (a) com sucesso.

========= Batch: =========

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ISUSPM Startup REG_SZ C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe -startup
CCleaner Smart Cleaning REG_SZ "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
OneDrive REG_SZ "C:\Users\Angelo Braz\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
CiscoMeetingDaemon REG_SZ "C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe" /daemon /runFrom=autorun
CiscoSpark REG_SZ C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk /minimized /autostartedWithWindows=true

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\AdobeARMservice
AdobeARMservice REG_DWORD 0x2
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\AMD External Events Utility
AMD External Events Utility REG_DWORD 0x2
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\AutoRun_MBIM
AutoRun_MBIM REG_DWORD 0x2
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\Change Modem Device Service
Change Modem Device Service REG_DWORD 0x2
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\DevMgmtService
DevMgmtService REG_DWORD 0x2
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\GalaxyClientService
GalaxyClientService REG_DWORD 0x3
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\GalaxyCommunication
GalaxyCommunication REG_DWORD 0x3
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\gupdate
gupdate REG_DWORD 0x2
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\gupdatem
gupdatem REG_DWORD 0x3
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\HPSIService
HPSIService REG_DWORD 0x2
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\MozillaMaintenance
MozillaMaintenance REG_DWORD 0x3
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\Origin Client Service
Origin Client Service REG_DWORD 0x3
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\Origin Web Helper Service
Origin Web Helper Service REG_DWORD 0x2
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\ProductAgentService
ProductAgentService REG_DWORD 0x2
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services\Steam Client Service
Steam Client Service REG_DWORD 0x3
YEAR REG_DWORD 0x7e2
MONTH REG_DWORD 0xc
DAY REG_DWORD 0x1
HOUR REG_DWORD 0x11
MINUTE REG_DWORD 0x2c
SECOND REG_DWORD 0x39

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\state
services REG_DWORD 0x2
bootini REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CertificateRegistration REG_SZ aetcrss1.exe
NvBackend REG_SZ "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
ShadowPlay REG_SZ "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
ISUSScheduler REG_SZ "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
HPUsageTrackingLEDM REG_SZ "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"

ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.

========= Fim de Batch: =========

========================= File: C:\Windows\SysWOW64\frapsvid.dll ========================

C:\Windows\SysWOW64\frapsvid.dll
Arquivo não assinado
MD5: E3E8F33F23C9847148DC6B7DA12D9240
Data de criação e modificação: 2015-09-05 05:09 - 2015-09-05 05:09
Tamanho: 000094208
Atributos: ----A
Nome Da Empresa: Beepa P/L
Interno Nome: Fraps
Original Nome:
Produto: FRAPS
Descrição: Fraps
Arquivo Versão: 3, 5, 99, 15623
Produto Versão: 3, 5, 99, 15623
Copyright: Copyright © Beepa P/L 2013
VirusTotal: https://www.virustotal.com/gui/file/058c0332b47e92859e43714d59576420458b447474f35eeacb7fa467b4fb0ac2/detection/f-058c0332b47e92859e43714d59576420458b447474f35eeacb7fa467b4fb0ac2-1676101807

====== Fim de File: ======

========================= File: C:\WINDOWS\SysWOW64\WIN8_MBIM.exe ========================

C:\WINDOWS\SysWOW64\WIN8_MBIM.exe
Arquivo não assinado
MD5: 3FB8DBD32821E6D6E218EB375B8DD442
Data de criação e modificação: 2016-12-13 21:44 - 2014-03-06 23:23
Tamanho: 000163840
Atributos: ----A
Nome Da Empresa:
Interno Nome:
Original Nome:
Produto:
Descrição:
Arquivo Versão:
Produto Versão:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/9110d0c72033efed88d7a4a116c8b8f2642b561f895077bfbcfb80221a4720e1/detection/f-9110d0c72033efed88d7a4a116c8b8f2642b561f895077bfbcfb80221a4720e1-1676642347

====== Fim de File: ======

========================= File: C:\Windows\System32\aetcrss1.exe ========================

C:\Windows\System32\aetcrss1.exe
Arquivo não assinado
MD5: 7FECD1948D727C7B7A4A5F7D2A8037BE
Data de criação e modificação: 2017-05-09 09:27 - 2017-05-09 09:27
Tamanho: 000025088
Atributos: ----A
Nome Da Empresa: A.E.T. Europe B.V.
Interno Nome: Certificate Expiration Check Utility
Original Nome: aetcrss1.exe
Produto: SafeSign, AETSign, AETeSign, StarSign Token, RaakSign
Descrição: Certificate Expiration Check Utility
Arquivo Versão: 3.0.0.3747
Produto Versão: 3.0.0.0
Copyright: Copyright © 1997-2014 A.E.T. Europe B.V.
VirusTotal: https://www.virustotal.com/gui/file/c686852199c8ac3f8d2715334e7eb4fc3a0fada8a99a08c3147dd31a3f79719d/detection/f-c686852199c8ac3f8d2715334e7eb4fc3a0fada8a99a08c3147dd31a3f79719d-1689252635

====== Fim de File: ======

========= ipconfig /flushdns =========

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========

========= RemoveProxy: =========

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-467048075-196725563-1868618205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-467048075-196725563-1868618205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.

========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 92351555 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 515731436 B
Windows/system/drivers => 8245517 B
Edge => 68096 B
Chrome => 542072092 B
Firefox => 363243356 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7168 B
ProgramData => 7168 B
Public => 7168 B
systemprofile => 7168 B
systemprofile32 => 7210 B
LocalService => 242542 B
NetworkService => 256060 B
Angelo Braz => 4349162136 B

RecycleBin => 442212 B
EmptyTemp: => 5.5 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 14:31:37 ====

Elias Pereira · 19 de julho de 2023

Em relação aos problemas iniciais, como está o computador?

Xacamaster · 20 de julho de 2023

Em 19/07/2023 às 11:17, Elias Pereira disse:

Em relação aos problemas iniciais, como está o computador?

Elias, notei uma melhora na utilização do PC e na navegação; quanto as telas do prompt pipocando, até agora, não surgiram mais. O único problema restante é que ao ligar o PC surge o bloco de nota com o seguinte log :

Citação

------------------------------------start------------------------------------

Disparando 127.0.0.1 com 32 bytes de dados:
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo<1ms TTL=128

Estat¡sticas do Ping para 127.0.0.1:
Pacotes: Enviados = 4, Recebidos = 4, Perdidos = 0 (0% de
perda),
Aproximar um n£mero redondo de vezes em milissegundos:
M¡nimo = 0ms, M ximo = 0ms, M‚dia = 0ms
"D:\Program Files\Nox\"
-------------------------------------end-------------------------------------

Elias Pereira · 21 de julho de 2023

A principio são pings para o localhost.

O que tem dentro da pasta D:\Program Files\Nox?

Xacamaster · 21 de julho de 2023

1 minuto atrás, Elias Pereira disse:

A principio são pings para o localhost.

O que tem dentro da pasta D:\Program Files\Nox?

Não há nada, está em branco.

Elias Pereira · 23 de julho de 2023

A principio o arquivo é inofensivo.

Apague a pasta e verifique se no próximo boot ela é criada novamente.

Xacamaster · 27 de julho de 2023

Elias, peço desculpas pela demora.

Apaguei a pasta, mas após o boot ela não é criada novamente. Contudo, o log ainda continua aparecendo.

Fora isso o PC está ótimo!

Elias Pereira · 27 de julho de 2023

Execute novamente o FRST.exe. Abra cada log em separado, copie e cole na sua proxima resposta.

Xacamaster · 29 de julho de 2023

Como pedido, Elias.

Citação

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 27-07-2023
Executado por Angelo (administrador) em DESKTOP-T0H8SRB (29-07-2023 12:29:19)
Executando a partir de D:\Área de Trabalho\FRST64.exe
Perfis Carregados: Angelo
Plataforma: Microsoft Windows 10 Pro Versão 22H2 19045.3208 (X64) Idioma: Português (Brasil)
Navegador padrão: Edge
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Banco Bradesco S.A. -> Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avpui.exe
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksdeui.exe
(C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Angelo Braz\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(explorer.exe ->) (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aetcrss1.exe
(explorer.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(services.exe ->) () [Arquivo não assinado] C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe
(services.exe ->) () [Arquivo não assinado] C:\Windows\SysWOW64\WIN8_MBIM.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Banco Bradesco SA -> Banco Bradesco S.A.) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP) [Arquivo não assinado] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [CertificateRegistration] => C:\WINDOWS\system32\aetcrss1.exe [25088 2017-05-09] (A.E.T. Europe B.V.) [Arquivo não assinado]
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767712 2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) [Arquivo não assinado]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [Arquivo não assinado]
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40496032 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe [8080480 2023-07-13] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CiscoSpark] => C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1523 2023-06-27] () [Arquivo não assinado]
HKLM\...\Windows x64\Print Processors\HP1006PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1006PP.dll [65024 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpfpp70w: C:\Windows\System32\spool\prtprocs\x64\hpfpp70w.dll [249856 2009-04-20] (Hewlett-Packard Corporation) [Arquivo não assinado]
HKLM\...\Print\Monitors\Advanced TCP/IP Port Monitor: C:\WINDOWS\system32\mvtcpmon.dll [541184 2009-06-25] (Marvell Semiconductor, Inc.) [Arquivo não assinado]
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP1006LM: C:\WINDOWS\system32\HP1006LM.DLL [198144 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\novaPDF 7 Monitor: C:\WINDOWS\system32\novamnk7.dll [29008 2011-02-15] (Softland -> Softland)
HKLM\...\Print\Monitors\PCL hpf3l70w.dll: C:\WINDOWS\system32\hpf3l70w.dll [136704 2009-04-20] (Hewlett-Packard Company) [Arquivo não assinado]
HKLM\...\Print\Monitors\Wondershare PDF Converter Monitor: C:\WINDOWS\system32\WSMonitorX64.dll [98152 2016-04-15] (Wondershare Software Co., Ltd. -> Wondershare Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\115.0.5790.110\Installer\chrmstp.exe [2023-07-27] (Google LLC -> Google LLC)

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {E537C65A-46DD-4592-93F6-72299E410F52} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [685984 2023-07-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{81d19a1e-6325-4e6f-b780-655a8085b934}: [NameServer] 198.51.100.1,198.51.100.2
Tcpip\..\Interfaces\{f91de001-c0b5-48b3-94ee-3ccec5151877}: [NameServer] 1.0.0.1,1.1.1.1
Tcpip\..\Interfaces\{f91de001-c0b5-48b3-94ee-3ccec5151877}: [DhcpNameServer] 192.168.1.254

Edge:
=======
DownloadDir: D:\Área de Trabalho
Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)]
Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)]
Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)]
Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-29]
Edge DownloadDir: Default -> D:\Downloads
Edge Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-07-22]
Edge Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2023-07-14]
Edge Extension: (Edge relevant text changes) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-07-25]
Edge Extension: (TWP - Translate Web Pages) - C:\Tradutor EDGE [2023-06-02] [UpdateUrl:hxxps://raw.githubusercontent.com/FilipePS/Traduzir-paginas-web/master/dist/chromium/updates.xml] <==== ATENÇÃO
Edge HKU\S-1-5-21-467048075-196725563-1868618205-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:
========
FF DefaultProfile: jupdg3yp.default
FF ProfilePath: C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\jupdg3yp.default [2023-07-18]
FF ProfilePath: C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582 [2023-07-28]
FF Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\[email protected] [2023-06-04]
FF Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\[email protected] [2023-06-21]
FF Extension: (TWP - Translate Web Pages) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2023-06-22]
FF Extension: (Gerar DANFe/DACTe) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\{c3e17213-5cba-412d-8e93-a2a83e6640e1}.xpi [2023-06-07]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [Nenhum Arquivo]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2023-05-21] <==== ATENÇÃO (Aponta para arquivo *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2023-05-21] <==== ATENÇÃO

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default [2023-07-28]
CHR Extension: (Reduza: Testador de cupons para suas compras) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\adblhjgamdlpmikabkcdleflikihalej [2022-07-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2023-06-11]
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-07-03]
CHR Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-07-28]
CHR Extension: (Gerar DANFe/DACTe) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnalonmlenogoaknbeikifdbaokkhmjj [2022-02-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-20]
CHR Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2023-07-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AutoRun_MBIM; C:\WINDOWS\SysWOW64\WIN8_MBIM.exe [163840 2014-03-06] () [Arquivo não assinado]
R2 AVP21.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe [32008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 Change Modem Device Service; C:\WINDOWS\SysWOW64\ChgService.exe [135168 2014-02-20] () [Arquivo não assinado]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11851240 2023-07-14] (Microsoft Corporation -> Microsoft Corporation)
R2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe [913408 2021-10-26] () [Arquivo não assinado]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-12-01] (Epic Games Inc. -> Epic Games, Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-20] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2348512 2023-03-29] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7178720 2023-03-29] (GOG sp. z o.o -> GOG.com)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Arquivo não assinado]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-07-13] (HP Inc. -> HP Inc.)
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [127800 2010-04-07] (Hewlett-Packard Company -> HP)
S3 klvssbridge64_21.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\vssbridge64.exe [501008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe [32008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7770888 2017-05-09] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-06-24] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-06-24] (Electronic Arts, Inc. -> Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2703192 2022-12-22] (Rockstar Games, Inc. -> Rockstar Games)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] (Realtek Semiconductor Corp -> )
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [2284400 2023-06-07] (Banco Bradesco SA -> Banco Bradesco S.A.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402216 2023-07-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2022-01-05] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 athur; C:\WINDOWS\System32\drivers\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-28] (Bitdefender SRL -> BitDefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [240264 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2023-07-27] (GAS INFORMATICA LTDA -> GAS Tecnologia)
R1 klbackupdisk.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klbackupdisk.sys [112936 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klbackupflt.sys [234216 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\kldisk.sys [125736 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2023-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 KLFLT.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klflt.sys [548072 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klgse.sys [729136 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLHK.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klhk.sys [1822784 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klids.Kaspersky4Win-21-13; C:\ProgramData\Kaspersky Lab\AVP21.13\Bases\klids.sys [235704 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klif.sys [1163544 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98552 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klkbdflt.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klkbdflt.sys [115960 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klmouflt.sys [113448 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klpd.sys [80672 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klpnpflt.sys [98040 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 kltun; C:\WINDOWS\system32\DRIVERS\kltun.sys [86776 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_Kaspersky4Win-21-13_arkmon; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_arkmon.sys [369432 2023-07-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_Kaspersky4Win-21-13_klark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_klark.sys [351912 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_Kaspersky4Win-21-13_klbg; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_klbg.sys [179816 2023-07-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_Kaspersky4Win-21-13_mark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_mark.sys [260512 2023-07-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klwfp.sys [179960 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klwtp.sys [415480 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\kneps.sys [340208 2023-06-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] (ASUSTeK Computer Inc. -> )
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49608 2023-03-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [495896 2023-03-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-27] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-07-18 14:32 - 2023-07-18 14:32 - 000000008 _____ C:\ProgramData\ntuser.pol
2023-07-13 16:09 - 2023-07-13 17:10 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\ZHP
2023-07-13 09:13 - 2023-07-13 09:13 - 000000000 ___HD C:\$WinREAgent
2023-07-10 14:55 - 2023-07-29 12:30 - 000000000 ____D C:\FRST
2023-07-07 20:29 - 2023-07-08 11:48 - 000000000 ____D C:\Program Files\Mozilla Thunderbird

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-07-29 12:27 - 2020-08-17 17:46 - 000004182 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D560E2BD-2729-4B68-9016-45F841C9ACEA}
2023-07-29 12:26 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-07-29 12:26 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-07-29 12:26 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-07-29 12:25 - 2016-11-18 06:31 - 000000000 ____D C:\Users\Angelo Braz\AppData\LocalLow\Mozilla
2023-07-29 12:17 - 2022-02-09 20:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-07-29 12:02 - 2021-12-16 21:16 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-07-29 12:02 - 2015-08-11 22:55 - 000000000 ____D C:\Program Files (x86)\Google
2023-07-29 11:41 - 2017-10-18 01:12 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\Packages
2023-07-29 11:41 - 2015-07-31 15:53 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Word
2023-07-29 11:12 - 2020-08-17 17:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-07-29 09:34 - 2020-04-06 13:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-07-29 09:32 - 2023-06-27 18:25 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\WebEx
2023-07-28 23:09 - 2022-12-18 19:51 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-467048075-196725563-1868618205-1001
2023-07-28 23:09 - 2020-08-17 17:46 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-467048075-196725563-1868618205-1001
2023-07-28 23:09 - 2020-08-17 15:16 - 000002448 _____ C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-07-28 21:41 - 2019-12-07 06:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2023-07-28 21:33 - 2020-08-17 17:43 - 001749624 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-07-28 21:33 - 2019-12-07 11:53 - 000755378 _____ C:\WINDOWS\system32\prfh0416.dat
2023-07-28 21:33 - 2019-12-07 11:53 - 000149432 _____ C:\WINDOWS\system32\prfc0416.dat
2023-07-28 21:33 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2023-07-28 21:26 - 2023-06-01 12:54 - 000000000 ____D C:\ProgramData\NVIDIA
2023-07-28 21:26 - 2020-08-17 17:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-07-28 21:26 - 2020-08-17 17:33 - 000008192 ___SH C:\DumpStack.log.tmp
2023-07-28 20:43 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-07-28 20:35 - 2018-11-29 23:01 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CrashDumps
2023-07-27 21:22 - 2015-08-04 17:13 - 000028888 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddfac64.sys
2023-07-27 18:44 - 2015-08-11 22:57 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-07-27 14:12 - 2015-07-31 15:54 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Excel
2023-07-20 10:47 - 2023-05-02 15:25 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage
2023-07-18 14:33 - 2023-05-21 18:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-07-18 14:30 - 2015-07-31 16:02 - 000000000 ____D C:\Users\Angelo Braz\AppData\LocalLow\Temp
2023-07-18 14:28 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2023-07-18 14:28 - 2017-09-29 10:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2023-07-14 20:54 - 2020-04-19 23:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-07-13 21:22 - 2022-03-22 08:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-07-13 21:22 - 2021-07-27 22:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-07-13 16:06 - 2020-07-22 20:42 - 000000000 ____D C:\AdwCleaner
2023-07-13 09:59 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-07-13 09:55 - 2020-08-17 17:33 - 000462752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-07-13 09:54 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-07-13 09:41 - 2020-08-17 17:36 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-07-13 09:10 - 2017-08-30 09:34 - 000000000 ____D C:\ProgramData\Package Cache
2023-07-13 09:09 - 2022-09-23 18:37 - 000000000 ____D C:\Program Files (x86)\dotnet
2023-07-13 09:03 - 2015-08-12 12:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-07-13 08:50 - 2015-08-12 12:56 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-07-12 23:13 - 2020-08-17 15:16 - 000000000 ____D C:\Users\Angelo Braz
2023-07-11 22:28 - 2023-06-27 21:14 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CiscoSparkLauncher
2023-07-11 22:28 - 2023-06-27 21:14 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CiscoSpark
2023-07-11 17:57 - 2020-08-17 17:46 - 000003674 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-07-11 17:57 - 2020-08-17 17:46 - 000003550 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-07-08 11:48 - 2023-05-21 18:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-07-08 11:48 - 2015-07-30 14:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-07-08 11:46 - 2023-06-01 14:05 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\ElevatedDiagnostics
2023-07-07 20:31 - 2021-03-09 16:52 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-07-05 12:34 - 2023-05-21 18:18 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-07-02 15:13 - 2023-05-02 14:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\Kaspersky4Win-21-13
2023-06-29 18:56 - 2023-06-27 18:25 - 000000000 ____D C:\Users\Angelo Braz\AppData\LocalLow\WebEx

==================== Arquivos na raiz de alguns diretórios ========

2016-03-26 12:02 - 2016-03-26 12:02 - 000000001 _____ () C:\Users\Angelo Braz\AppData\Local\llftool.4.40.agreement
2016-03-26 12:03 - 2016-03-26 12:03 - 000000019 _____ () C:\Users\Angelo Braz\AppData\Local\llftool.license
2017-09-04 22:53 - 2017-09-04 22:53 - 000003379 _____ () C:\Users\Angelo Braz\AppData\Local\recently-used.xbel
2015-11-02 21:17 - 2022-11-30 14:48 - 000007610 _____ () C:\Users\Angelo Braz\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Citação

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 27-07-2023
Executado por Angelo (29-07-2023 12:38:27)
Executando a partir de D:\Área de Trabalho
Microsoft Windows 10 Pro Versão 22H2 19045.3208 (X64) (2020-08-17 20:46:23)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-467048075-196725563-1868618205-500 - Administrator - Disabled)
Angelo (S-1-5-21-467048075-196725563-1868618205-1001 - Administrator - Enabled) => C:\Users\Angelo Braz
Convidado (S-1-5-21-467048075-196725563-1868618205-501 - Limited - Enabled)
DefaultAccount (S-1-5-21-467048075-196725563-1868618205-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-467048075-196725563-1868618205-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-467048075-196725563-1868618205-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{fa489a41-09bb-480e-95ff-0856f05112eb}) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.) Hidden
Anki (HKLM-x32\...\Anki) (Version: 2.1.43 - )
Aplicativo Itaú (HKLM-x32\...\{D0A058D6-4688-4E33-8894-8951D057990E}) (Version: 1.0.182 - Banco Itaú)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.13 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\ActiveTouchMeetingClient) (Version: 43.6.4 - Cisco Webex LLC)
Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.)
Configurações da câmera Logitech (HKLM-x32\...\LogiUCDPP) (Version: 2.12.20.0 - Logitech Europe S.A.)
digiCamControl (HKLM-x32\...\{051b8fc1-d433-4428-bcd1-f90aa50afa23}) (Version: 2.1.4.0 - ) Hidden
ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{59C0032B-88B5-41F3-B8FD-5B3356670B4F}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{4B31654B-80C2-405C-91C9-49B14AEB0F42}) (Version: 2.0.32.0 - Epic Games, Inc.)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.2.15332 - Foxit Software Inc.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.61.63 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.110 - Google LLC)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Identiv uTrust Smart Card Reader (HKLM-x32\...\{307F1256-AB13-4987-BAED-104752D425C8}) (Version: 1.17.0 - Identiv)
IRPF 2023 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\6908-8355-8468-2086) (Version: 1.3 - Receita Federal do Brasil)
IRPF2017 (HKLM-x32\...\IRPF2017) (Version: 1.1 - Receita Federal do Brasil)
IRPF2018 (HKLM-x32\...\IRPF2018) (Version: 1.4 - Receita Federal do Brasil)
IRPF2019 (HKLM-x32\...\IRPF2019) (Version: 1.5 - Receita Federal do Brasil)
IRPF2020 (HKLM-x32\...\IRPF2020) (Version: 1.9 - Receita Federal do Brasil)
IRPF2021 (HKLM-x32\...\IRPF2021) (Version: 1.2 - Receita Federal do Brasil)
IRPF2022 (HKLM-x32\...\IRPF2022) (Version: 1.3 - Receita Federal do Brasil)
Kaspersky (HKLM-x32\...\{E396C2E3-5292-33E9-949C-349C23D784D8}) (Version: 21.13.5.506 - Kaspersky) Hidden
Kaspersky (HKLM-x32\...\InstallWIX_{E396C2E3-5292-33E9-949C-349C23D784D8}) (Version: 21.13.5.506 - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{4DC8ED2C-8DA1-3701-A234-66AF6EF1CEFF}) (Version: 21.13.5.506 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{4DC8ED2C-8DA1-3701-A234-66AF6EF1CEFF}) (Version: 21.13.5.506 - Kaspersky)
K-Lite Codec Pack 17.1.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.1.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.20 (x86) (HKLM-x32\...\{82F89EDB-1DF1-402B-BED6-01C736967B6F}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.20 (x86) (HKLM-x32\...\{561137EF-2ECE-48F0-A6D6-6260AC7112A5}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.20 (x86) (HKLM-x32\...\{6E4984A9-4321-4D96-861F-D03578E68C8B}) (Version: 48.83.63169 - Microsoft Corporation) Hidden
Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.16529.20182 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.188 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.183 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\OneDriveSetup.exe) (Version: 23.142.0709.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016 (HKLM\...\{F07B1E25-5670-4556-9C7F-5A1966C83269}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016 (HKLM\...\{E493B8F4-E300-43EC-95D0-BDF3711297EA}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016 (HKLM-x32\...\{5CD4E357-9ED6-42AC-B654-F1FC21DD60C9}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016 (HKLM-x32\...\{E2C131AD-D30F-4D67-ACE9-B3D485E84DA8}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{39139702-799e-4843-8d90-cfe9330b285a}) (Version: 6.0.20.32621 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{FC641ACB-FE5E-4F88-B392-9421BDCA1143}) (Version: 48.83.63194 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 115.0 (x64 pt-BR)) (Version: 115.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 113.0.1 - Mozilla)
Mozilla Thunderbird (x64 pt-BR) (HKLM\...\Mozilla Thunderbird 102.13.0 (x64 pt-BR)) (Version: 102.13.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NVIDIA Driver de controle do 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Driver de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.101.48500 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PDFsam Basic (HKLM\...\{24493C22-01EA-4E07-AB21-84910EB826B0}) (Version: 4.3.3.0 - Sober Lemur S.a.s. di Vacondio Andrea)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.64.316.2023 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5880 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.5 - Rockstar Games)
SafeSign 64-bits (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.124 - A.E.T. Europe B.V.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Suporte do iPod (HKLM\...\{713ABB2F-9ACB-4A4A-945A-CEA53C08644C}) (Version: 12.11.3.7 - Apple Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 82.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Webex (HKLM\...\{03482546-35AA-4BEC-A702-8B95FE6F4E02}) (Version: 43.6.0.26407 - Cisco Systems, Inc)

Packages:
=========
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-08-14] (Microsoft Corporation)
HP Scan and Capture -> C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6 [2020-05-08] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-13] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-06-13] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14002.0_x64__8wekyb3d8bbwe [2023-05-31] (Microsoft Corporation) [Startup Task]
RecForth -> C:\Program Files\WindowsApps\IOForth.Screenrecord-screenrecorder_1.1.11.0_x64__pxs7cjhtcq1xt [2023-06-21] (IOForth)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [Arquivo não assinado]

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Módulos Carregados (Whitelisted) =============

2017-05-09 09:27 - 2017-05-09 09:27 - 003067904 _____ (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aetpkss1.dll
2017-05-09 09:27 - 2017-05-09 09:27 - 000040960 _____ (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aettask.dll
2016-07-19 20:59 - 2009-04-20 12:29 - 000136704 _____ (Hewlett-Packard Company) [Arquivo não assinado] C:\WINDOWS\System32\hpf3l70w.dll
2016-07-19 21:03 - 2009-04-20 11:29 - 000249856 _____ (Hewlett-Packard Corporation) [Arquivo não assinado] C:\WINDOWS\system32\spool\PRTPROCS\x64\hpfpp70w.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000029696 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\DebugLogger.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000032768 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000031744 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
2015-08-23 23:42 - 2022-07-15 11:00 - 000094720 _____ (Igor Pavlov) [Arquivo não assinado] C:\Program Files\7-Zip\7-zip.dll
2009-06-25 09:27 - 2009-06-25 09:27 - 000541184 _____ (Marvell Semiconductor, Inc.) [Arquivo não assinado] C:\WINDOWS\System32\mvtcpmon.dll
2023-06-01 14:01 - 2016-11-14 09:30 - 001300688 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2009-06-25 09:25 - 2009-06-25 09:25 - 000144896 _____ (OpenSLP) [Arquivo não assinado] C:\WINDOWS\System32\slp64.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\google.com -> www.google.com
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\google.com.br -> www.google.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.b.br -> www.itau.b.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2022-06-10 19:36 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-10-01 16:12 - 2021-10-01 16:13 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
HKU\S-1-5-21-467048075-196725563-1868618205-1001\Control Panel\Desktop\\Wallpaper -> D:\Área de Trabalho\838293.jpg
DNS Servers: 1.0.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AutoRun_MBIM => 2
MSCONFIG\Services: Change Modem Device Service => 2
MSCONFIG\Services: DevMgmtService => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: ProductAgentService => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "VIVO INTERNET 4G"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "VIVO INTERNET 4G"
HKLM\...\StartupApproved\Run32: => "Genshin Impact_Launcher"
HKLM\...\StartupApproved\Run32: => "Genshin Impact Beta_Launcher"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{9704DFD4-4832-4BA2-AD86-B1FA9825F1F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B8524ED1-C8B3-42D3-8377-9007CD2EAA50}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2FA0FB6A-3668-45DF-BB38-CA9816E4F7CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{60982F0A-8A31-47A3-B257-549FBC515CA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9DE48766-BD8F-4E57-9A48-50B2D7A9F735}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{0EAAE5A9-8970-47BB-A4F2-6A1742F28E41}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{C69FB424-B5AD-4AD0-BD4C-43D5DE3B800A}] => (Allow) D:\Games Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe () [Arquivo não assinado]
FirewallRules: [{D9B48F0D-AE4E-4B45-80AD-9881E874D23B}] => (Allow) D:\Games Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe () [Arquivo não assinado]
FirewallRules: [{7F4F876F-6B2E-463B-B1C0-4F8D31B6DE0E}] => (Allow) LPort=57209
FirewallRules: [{B6E1770B-8CAD-4D20-A5EF-AA5E16123919}] => (Allow) LPort=57209
FirewallRules: [{ECF732B5-EE5C-4091-9D65-5E8D0926D921}] => (Allow) LPort=9100
FirewallRules: [{21270FD4-3BF9-4EAC-9CFE-E71669980D50}] => (Allow) LPort=427
FirewallRules: [{04EB6426-E32A-44E6-AF67-70FFED25D5F8}] => (Allow) LPort=161
FirewallRules: [TCP Query User{9DB0A4D1-CBE4-464B-94F0-F3C42A376D1D}C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe] => (Allow) C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe (ITAU UNIBANCO S.A. -> Banco Itaú)
FirewallRules: [UDP Query User{04E3C43F-4BF3-485C-9E90-F35D803C4123}C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe] => (Allow) C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe (ITAU UNIBANCO S.A. -> Banco Itaú)
FirewallRules: [{112F261F-4506-4B4E-BC4F-A32D6499DFDB}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [{29EB09DF-8EE5-4FE0-B8F2-7713B4BA3E85}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [{756953E8-A221-4F00-AEEB-038FDAECCBFB}] => (Allow) LPort=9100
FirewallRules: [{79FFF101-D1B6-4085-97B3-E76F504E1D4D}] => (Allow) LPort=427
FirewallRules: [{A0BB0B35-3961-4770-985C-F673DACB5911}] => (Allow) LPort=161
FirewallRules: [{0C508160-3801-4AB0-940C-D97A9E5C9820}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett-Packard Company -> Hewlett Packard)
FirewallRules: [{955D43DB-DDAA-41E9-8C4A-B581CCCC7559}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett-Packard Company -> Hewlett Packard)
FirewallRules: [{1AA059A1-5AB1-4335-B21F-CA0DD4C3CC27}] => (Allow) LPort=57209
FirewallRules: [{D7659CAC-C449-438C-9994-F84DD097CE69}] => (Allow) LPort=57210
FirewallRules: [{AF1355A8-C405-4208-AB10-33ED0A67F073}] => (Allow) LPort=57211
FirewallRules: [{45962D66-4A6B-45DD-BF35-E761F56AD9B2}] => (Allow) LPort=57212
FirewallRules: [{B5CCDEE1-DC04-41A0-9361-45381456A761}] => (Allow) LPort=57213
FirewallRules: [{61ACAA29-9085-4F20-B5E8-57AC45E3870A}] => (Allow) LPort=57214
FirewallRules: [{F9770054-8423-418C-B688-C5C9B3963DFE}] => (Allow) LPort=57215
FirewallRules: [{8C2914B5-15B3-4C48-AA82-78DEA6F2D379}] => (Allow) LPort=57216
FirewallRules: [{810BAA4E-1B8B-4FDA-8B72-CD45A01BE72F}] => (Allow) LPort=57217
FirewallRules: [{58F42371-9689-4D51-89AB-606D1A001BAD}] => (Allow) LPort=57218
FirewallRules: [{527DD172-FEEF-4424-84CB-9E49472E4D7F}] => (Allow) LPort=57209
FirewallRules: [{7234C66E-E760-47B9-9218-588B0194ACEE}] => (Allow) LPort=57210
FirewallRules: [{89C4D8BE-B71A-4BF3-B61E-B8169AD76902}] => (Allow) LPort=57211
FirewallRules: [{7B303FB5-0AF9-4AD1-9423-FECC397BD8A4}] => (Allow) LPort=57212
FirewallRules: [{FD6CE65C-1A77-4D7A-B1BE-3CA958B6704F}] => (Allow) LPort=57213
FirewallRules: [{CB0FB2C6-32D5-4167-A20B-63975E68D2D5}] => (Allow) LPort=57214
FirewallRules: [{00FA6BF7-B5A6-4804-B943-117AB3F24EC2}] => (Allow) LPort=57215
FirewallRules: [{9A46CF73-52B0-4155-8D32-3AC1D3DBDDD9}] => (Allow) LPort=57216
FirewallRules: [{1BFD7944-E93E-4D03-8342-7397C837FC1D}] => (Allow) LPort=57217
FirewallRules: [{07D1F187-4D33-4E9F-AABF-D958A367E8F2}] => (Allow) LPort=57218
FirewallRules: [{115E9E6E-EEEC-4B8E-877C-85F97D65B924}] => (Allow) LPort=23007
FirewallRules: [{5D10575B-15A2-47EB-A5E3-52C0030B676D}] => (Allow) LPort=23008
FirewallRules: [{88908B64-7FB1-4D51-B4FF-E7374FF75DB2}] => (Allow) LPort=33009
FirewallRules: [{0D97A74D-EF16-44D3-B3C9-A3F9AE2E9F1C}] => (Allow) LPort=33010
FirewallRules: [{51FB394C-330C-4FFB-BE85-B266C3868486}] => (Allow) LPort=33011
FirewallRules: [{50E3A043-B0B1-49D2-AABF-83F624CE67D4}] => (Allow) LPort=43012
FirewallRules: [{2AFF7942-479D-436D-B639-6E13C1F82ACC}] => (Allow) LPort=43013
FirewallRules: [{2D9EE3AE-5FEF-465D-A998-D55D06D59387}] => (Allow) LPort=53014
FirewallRules: [{FBCDA599-CAA8-4C13-A217-5A0E8D854BA9}] => (Allow) LPort=53015
FirewallRules: [{8D5B5EA6-E8AA-484A-BBA0-5D24BB080E72}] => (Allow) LPort=53016
FirewallRules: [{BFE86399-281C-4061-B880-5DC1EDB87DF1}] => (Allow) LPort=23007
FirewallRules: [{9A4B665D-B1F9-4C2F-B541-8517A8E16C98}] => (Allow) LPort=23008
FirewallRules: [{073E55E9-3949-42EB-8F95-DFF6B37A8945}] => (Allow) LPort=33009
FirewallRules: [{D631D813-84EE-4E2D-868E-F080A7DBE7AC}] => (Allow) LPort=33010
FirewallRules: [{759E29DB-3902-4EBF-B109-32E4341B5907}] => (Allow) LPort=33011
FirewallRules: [{116E6146-CB2E-4BDC-90A4-F00EA1AD4377}] => (Allow) LPort=43012
FirewallRules: [{32C1D800-6BDE-42C1-8E03-04A7ED274A83}] => (Allow) LPort=43013
FirewallRules: [{7838B0FE-A664-40F5-BF45-AC25607BD7F0}] => (Allow) LPort=53014
FirewallRules: [{29E4851B-E360-4337-93E3-EFE1331587FB}] => (Allow) LPort=53015
FirewallRules: [{36B1C54D-C58D-4F1A-AB42-333D338B7A00}] => (Allow) LPort=53016
FirewallRules: [{E4F0A1DA-EF72-4E1C-A87E-1B71F971477F}] => (Allow) LPort=50053
FirewallRules: [{02A83C19-C6C1-45F4-9B50-1C73B1EDC322}] => (Allow) LPort=50053
FirewallRules: [{322A0D8E-AA8D-4A50-B4A3-A8E3EA7B838A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0D0E2360-084D-47AC-BC5B-0F52F486118E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59F3EB46-7110-4BD6-A6A0-32841E67EE07}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D26BDEAB-488A-4ABA-A3E1-782D4249B379}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E797C231-379C-4588-A66A-E8C48FAF680D}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [{2C17A881-B1FF-47EE-BD1F-957AE7B9C3A2}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [TCP Query User{AE1F08BC-BA00-4214-B1D0-4E1098B05D36}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{19694063-9D68-4774-8786-24271BA34A28}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{02FA6EC5-5843-47B0-9579-517E8C1D7A59}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Nenhum Arquivo
FirewallRules: [{47A1D1A1-4C71-4545-A814-F6B7F7314D44}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Nenhum Arquivo
FirewallRules: [{A96CFB8E-99A5-4DD9-B7C5-67B3FA7A102D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6BB2E303-7F11-4581-B66F-2D32FDD47735}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7A86D96F-8823-48BD-8969-184FE89706BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D08F0EB9-1FCA-4F89-BF4D-822CA7622AD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{ADD6CED8-054F-4731-ADAE-BD0240723ACB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{57B7D3F7-0D1B-421D-AAEF-29AA187E39F6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1F9E6F74-E687-4100-842D-5AEF0E6E932E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{EA0740D0-B82D-479B-9FAA-62CAE172F128}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8AC3F5F4-018A-4A03-A891-31F876C6444C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2E719CE5-4254-457E-9649-F342B9BB05DE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E0BD1869-4663-4D21-8ABA-877D1E0158D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{D26C168A-7BF2-4534-9642-4A1C1936CE48}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A45673F-B673-4273-A441-BCC143FE2FFB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Pontos de Restauração =========================

20-07-2023 19:13:25 Ponto de Verificação Agendado

==================== Dispositivos Apresentando Falhas No Gerenciador ============

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (07/28/2023 08:35:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: SearchApp.exe, versão: 10.0.19041.3155, carimbo de data/hora: 0x5cb9ff30
Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.19041.3155, carimbo de data/hora: 0xbf300201
Código de exceção: 0xc0000409
Deslocamento da falha: 0x000000000012d8b2
ID do processo com falha: 0x2e14
Hora de início do aplicativo com falha: 0x01d9c19d2cd38ec6
Caminho do aplicativo com falha: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Caminho do módulo com falha: C:\WINDOWS\System32\KERNELBASE.dll
ID do Relatório: 898b69cf-5303-4ce4-be61-fca0fbae4119
Nome completo do pacote com falha: Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy
ID do aplicativo relativo ao pacote com falha: CortanaUI

Error: (07/28/2023 08:35:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Explorer.EXE, versão: 10.0.19041.3155, carimbo de data/hora: 0x5772a955
Nome do módulo com falha: ntdll.dll, versão: 10.0.19041.3155, carimbo de data/hora: 0x5212ece5
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000001ed51
ID do processo com falha: 0x2cb8
Hora de início do aplicativo com falha: 0x01d9c148be530a91
Caminho do aplicativo com falha: C:\WINDOWS\Explorer.EXE
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: 74cebba7-d802-416e-8b34-f8bf0418a2a0
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (07/27/2023 08:26:48 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado.
]

Error: (07/27/2023 05:23:41 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/27/2023 04:27:46 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/27/2023 03:56:06 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/27/2023 03:56:06 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (07/27/2023 03:56:06 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Erros de Sistema:
=============
Error: (07/28/2023 09:26:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (45000 milissegundos) ao aguardar a conexão do serviço NvStreamNetworkSvc.

Error: (07/28/2023 08:33:27 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: AUTORIDADE NT)
Description: E:\Device\HarddiskVolume203

Error: (07/28/2023 08:22:32 PM) (Source: Ntfs) (EventID: 55) (User: AUTORIDADE NT)
Description: Corrupção detectada na estrutura do sistema de arquivos, no volume E:.

A natureza exata da corrupção é desconhecida. As estruturas do sistema de arquivos precisam ser verificadas e corrigidas offline.

Error: (07/28/2023 08:22:32 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: AUTORIDADE NT)
Description: E:\Device\HarddiskVolume173

Error: (07/28/2023 08:04:26 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk2\DR6, possui um setor defeituoso.

Error: (07/28/2023 07:52:29 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk2\DR6, possui um setor defeituoso.

Error: (07/28/2023 06:46:45 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: O gerenciador de recursos de transações no volume E: encontrou um erro sem nova tentativa e não pôde ser iniciado. Os dados contêm o código de erro.

Error: (07/28/2023 06:46:43 PM) (Source: volsnap) (EventID: 14) (User: )
Description: As cópias de sombra do volume F: foram anuladas devido a uma falha de E/S no volume F:.

Windows Defender:
================
Date: 2023-03-28 10:27:25
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {33B9A05B-B9F9-466D-ACB9-3B59DDE6C71B}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 10:22:34
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {C889AA89-6F2A-43ED-981E-7AE295922696}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 09:56:14
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {5EDCBF41-C554-420E-AFB2-B5AB38A29F92}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 09:21:13
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {2E00FDA6-61BE-4E36-A497-DC9117BECA80}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 09:10:33
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {349F2248-1234-4A31-950F-AC518C2008D8}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA
Event[0]:

Date: 2022-05-22 23:54:51
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.283.1164.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.15500.2
Código de Erro: 0x8024001e
Descrição do Erro: Erro inesperado ao verificar atualizações. Para obter informações sobre como instalar ou solucionar problemas de atualizações, consulte Ajuda e Suporte.

CodeIntegrity:
===============
Date: 2023-07-29 12:37:51
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-07-29 12:33:27
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Informações da Memória ===========================

BIOS: American Megatrends Inc. 2105 07/23/2010
placa-mãe: ASUSTeK Computer INC. M4A785TD-V EVO
Processador: AMD Phenom(tm) II X6 1055T Processor
Percentagem de memória em uso: 35%
RAM física total: 9982.18 MB
RAM física disponível: 6398.27 MB
Virtual Total: 10622.18 MB
Virtual disponível: 7208.31 MB

==================== Drives ================================

Drive () (Fixed) (Total:110.78 GB) (Free:32.86 GB) (Model: KINGSTON SV300S37A120G ATA Device) NTFS
Drive d: (Anjo) (Fixed) (Total:931.51 GB) (Free:367.58 GB) (Model: SAMSUNG HD103SI ATA Device) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]

\\?\Volume{70b2a5bd-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{70b2a5bd-0000-0000-0000-90d11b000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 70B2A5BD)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=526 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6BF97209)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt =======================

Elias Pereira · 29 de julho de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:
Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)]
Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)]
Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)]
Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
File: C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe
File: C:\Windows\SysWOW64\WIN8_MBIM.exe
File: C:\WINDOWS\system32\mvtcpmon.dll

CMD: ipconfig /flushdns
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow

RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

Clique no botão

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Quando surge o bloco de notas com o conteudo, aparece o local onde esse arquivo é salvo?

Xacamaster · 31 de julho de 2023

Elias, segue como pedido.

Jurava ter enviado a mensagem aqui no fórum antes, mas ao que parece não foi e ficou salva no rascunho.

Citação

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 27-07-2023
Executado por Angelo (29-07-2023 21:13:17) Run:2
Executando a partir de D:\Área de Trabalho
Perfis Carregados: Angelo
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)]
Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)]
Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)]
Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]
File: C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe
File: C:\Windows\SysWOW64\WIN8_MBIM.exe
File: C:\WINDOWS\system32\mvtcpmon.dll

CMD: ipconfig /flushdns
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow

RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removido (a) com sucesso.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removido (a) com sucesso.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removido (a) com sucesso.
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removido (a) com sucesso.
C:\WINDOWS\system32\Drivers\gbpddfac64.sys => ":r0d3jo5" ADS removido (a) com sucesso.

========================= File: C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe ========================

C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe
Arquivo não assinado
MD5: 76274EDD3E086F86E41732C1AC135301
Data de criação e modificação: 2022-02-16 18:27 - 2021-10-26 14:50
Tamanho: 000913408
Atributos: ----A
Nome Da Empresa:
Interno Nome:
Original Nome:
Produto:
Descrição:
Arquivo Versão:
Produto Versão:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/8624ba6782c3884bf2e5041a6cef4fa94ca43dc4ac29ef593563327ee173adb3/detection/f-8624ba6782c3884bf2e5041a6cef4fa94ca43dc4ac29ef593563327ee173adb3-1690558100

====== Fim de File: ======

========================= File: C:\Windows\SysWOW64\WIN8_MBIM.exe ========================

C:\Windows\SysWOW64\WIN8_MBIM.exe
Arquivo não assinado
MD5: 3FB8DBD32821E6D6E218EB375B8DD442
Data de criação e modificação: 2016-12-13 21:44 - 2014-03-06 23:23
Tamanho: 000163840
Atributos: ----A
Nome Da Empresa:
Interno Nome:
Original Nome:
Produto:
Descrição:
Arquivo Versão:
Produto Versão:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/9110d0c72033efed88d7a4a116c8b8f2642b561f895077bfbcfb80221a4720e1/detection/f-9110d0c72033efed88d7a4a116c8b8f2642b561f895077bfbcfb80221a4720e1-1676642347

====== Fim de File: ======

========================= File: C:\WINDOWS\system32\mvtcpmon.dll ========================

C:\WINDOWS\system32\mvtcpmon.dll
Arquivo não assinado
MD5: 29C30E1850AEB2E8D859113BDC421528
Data de criação e modificação: 2009-06-25 09:27 - 2009-06-25 09:27
Tamanho: 000541184
Atributos: ----A
Nome Da Empresa: Marvell Semiconductor, Inc.
Interno Nome: mvtcpmon.dll
Original Nome: mvtcpmon.dll
Produto: Advanced TCP/IP Port Monitor DLL
Descrição: Advanced TCP/IP Port Monitor DLL
Arquivo Versão: 2009.0625.1.7742
Produto Versão: 2009.0625.1.7742
Copyright: Copyright © 2007-2008 Marvell Semiconductor, Inc.
VirusTotal: https://www.virustotal.com/gui/file/e5626c6e87e75060815280e3006d5dce91c82c4e7e38541a8892f2d3c56b9922/detection/f-e5626c6e87e75060815280e3006d5dce91c82c4e7e38541a8892f2d3c56b9922-1690461688

====== Fim de File: ======

========= ipconfig /flushdns =========

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Ferramenta de Gerenciamento e Manuten‡Æo de Imagens de Implanta‡Æo
VersÆo: 10.0.19041.844

VersÆo da Imagem: 10.0.19045.3208

[== 3.8% ]
[== 3.8% ]
[== 4.0% ]
[== 4.2% ]
[== 4.3% ]
[== 4.4% ]
[== 4.5% ]
[== 4.5% ]
[== 4.7% ]
[== 4.9% ]
[=== 5.2% ]
[=== 5.5% ]
[=== 5.6% ]
[=== 5.7% ]
[=== 5.9% ]
[=== 6.0% ]
[=== 6.2% ]
[=== 6.3% ]
[=== 6.3% ]
[=== 6.6% ]
[=== 6.8% ]
[=== 6.8% ]
[=== 6.9% ]
[==== 7.1% ]
[==== 7.2% ]
[==== 7.3% ]
[==== 7.4% ]
[==== 7.5% ]
[==== 7.7% ]
[==== 7.8% ]
[==== 8.0% ]
[==== 8.1% ]
[==== 8.3% ]
[==== 8.5% ]
[===== 8.7% ]
[===== 8.8% ]
[===== 9.0% ]
[===== 9.1% ]
[===== 9.4% ]
[===== 9.7% ]
[===== 10.0% ]
[===== 10.2% ]
[====== 10.4% ]
[====== 10.6% ]
[====== 10.6% ]
[====== 10.9% ]
[====== 11.0% ]
[====== 11.2% ]
[====== 11.2% ]
[====== 11.3% ]
[====== 11.5% ]
[====== 11.8% ]
[====== 11.8% ]
[====== 11.9% ]
[======= 12.1% ]
[======= 12.2% ]
[======= 12.4% ]
[======= 12.5% ]
[======= 12.8% ]
[======= 12.9% ]
[======= 13.1% ]
[======= 13.1% ]
[======= 13.3% ]
[======= 13.6% ]
[======== 13.8% ]
[======== 14.0% ]
[======== 14.2% ]
[======== 14.2% ]
[======== 14.3% ]
[======== 14.5% ]
[======== 14.8% ]
[======== 15.0% ]
[======== 15.0% ]
[======== 15.2% ]
[======== 15.3% ]
[======== 15.5% ]
[========= 15.6% ]
[========= 15.7% ]
[========= 15.8% ]
[========= 16.0% ]
[========= 16.2% ]
[========= 16.4% ]
[========= 16.5% ]
[========= 16.8% ]
[========= 16.9% ]
[========= 17.1% ]
[========= 17.2% ]
[========== 17.4% ]
[========== 17.5% ]
[========== 17.7% ]
[========== 17.8% ]
[========== 18.0% ]
[========== 18.2% ]
[========== 18.5% ]
[========== 18.6% ]
[========== 18.7% ]
[========== 18.8% ]
[=========== 19.2% ]
[=========== 19.3% ]
[=========== 19.4% ]
[=========== 19.5% ]
[=========== 19.6% ]
[=========== 19.8% ]
[=========== 20.0% ]
[=========== 20.2% ]
[=========== 20.4% ]
[=========== 20.7% ]
[=========== 20.7% ]
[============ 20.9% ]
[============ 21.1% ]
[============ 21.1% ]
[============ 21.3% ]
[============ 21.3% ]
[============ 21.4% ]
[============ 21.5% ]
[============ 21.7% ]
[============ 21.7% ]
[============ 21.8% ]
[============ 22.0% ]
[============ 22.3% ]
[============= 22.5% ]
[============= 22.5% ]
[============= 22.8% ]
[============= 22.9% ]
[============= 23.1% ]
[============= 23.2% ]
[============= 23.3% ]
[============= 23.5% ]
[============= 23.6% ]
[============= 23.8% ]
[============= 23.8% ]
[============= 24.0% ]
[============== 24.3% ]
[============== 24.5% ]
[============== 24.6% ]
[============== 24.9% ]
[============== 25.1% ]
[============== 25.4% ]
[============== 25.6% ]
[============== 25.7% ]
[============== 25.7% ]
[=============== 25.9% ]
[=============== 26.1% ]
[=============== 26.3% ]
[=============== 26.3% ]
[=============== 26.4% ]
[=============== 26.4% ]
[=============== 26.4% ]
[=============== 26.6% ]
[=============== 26.8% ]
[=============== 26.9% ]
[=============== 27.1% ]
[=============== 27.5% ]
[================ 28.5% ]
[================ 29.2% ]
[================= 29.4% ]
[================= 29.9% ]
[================= 30.1% ]
[================= 30.3% ]
[================= 30.4% ]
[================= 30.8% ]
[================= 30.9% ]
[================== 31.1% ]
[================== 31.5% ]
[================== 31.7% ]
[================== 32.1% ]
[================== 32.4% ]
[================== 32.7% ]
[=================== 32.8% ]
[=================== 32.9% ]
[=================== 33.0% ]
[=================== 33.3% ]
[=================== 33.4% ]
[=================== 33.6% ]
[=================== 33.7% ]
[=================== 33.7% ]
[=================== 33.8% ]
[=================== 34.0% ]
[=================== 34.1% ]
[=================== 34.2% ]
[=================== 34.3% ]
[=================== 34.4% ]
[==================== 34.6% ]
[==================== 34.6% ]
[==================== 34.7% ]
[==================== 34.7% ]
[==================== 34.7% ]
[==================== 34.8% ]
[==================== 34.8% ]
[==================== 34.8% ]
[==================== 34.9% ]
[==================== 34.9% ]
[==================== 34.9% ]
[==================== 35.2% ]
[==================== 35.2% ]
[==================== 35.5% ]
[==================== 35.6% ]
[==================== 35.9% ]
[==================== 36.1% ]
[===================== 36.3% ]
[===================== 36.7% ]
[===================== 37.1% ]
[===================== 37.2% ]
[===================== 37.4% ]
[===================== 37.7% ]
[====================== 38.0% ]
[====================== 38.2% ]
[====================== 38.4% ]
[====================== 38.6% ]
[====================== 38.8% ]
[====================== 38.9% ]
[====================== 39.0% ]
[====================== 39.2% ]
[====================== 39.4% ]
[====================== 39.5% ]
[======================= 39.9% ]
[======================= 40.1% ]
[======================= 40.2% ]
[======================= 40.5% ]
[======================= 40.6% ]
[======================= 40.9% ]
[======================= 40.9% ]
[======================= 41.0% ]
[======================= 41.1% ]
[======================= 41.3% ]
[======================== 41.4% ]
[======================== 41.7% ]
[======================== 41.7% ]
[======================== 41.8% ]
[======================== 42.0% ]
[======================== 42.2% ]
[======================== 42.3% ]
[======================== 42.3% ]
[======================== 42.3% ]
[======================== 42.6% ]
[======================== 42.6% ]
[======================== 42.6% ]
[======================== 42.9% ]
[======================== 43.0% ]
[======================== 43.0% ]
[========================= 43.2% ]
[========================= 43.4% ]
[========================= 43.5% ]
[========================= 43.5% ]
[========================= 43.5% ]
[========================= 43.6% ]
[========================= 43.7% ]
[========================= 43.8% ]
[========================= 43.8% ]
[========================= 44.1% ]
[========================= 44.4% ]
[========================= 44.5% ]
[========================= 44.5% ]
[========================= 44.6% ]
[========================= 44.7% ]
[========================= 44.8% ]
[========================== 44.8% ]
[========================== 45.1% ]
[========================== 45.2% ]
[========================== 45.2% ]
[========================== 45.3% ]
[========================== 45.4% ]
[========================== 45.5% ]
[========================== 45.7% ]
[========================== 45.8% ]
[========================== 46.1% ]
[========================== 46.1% ]
[========================== 46.1% ]
[========================== 46.3% ]
[========================== 46.5% ]
[===========================46.6% ]
[===========================46.7% ]
[===========================46.8% ]
[===========================46.9% ]
[===========================47.0% ]
[===========================47.0% ]
[===========================47.1% ]
[===========================47.1% ]
[===========================47.1% ]
[===========================47.2% ]
[===========================47.2% ]
[===========================47.2% ]
[===========================47.2% ]
[===========================47.3% ]
[===========================47.3% ]
[===========================47.4% ]
[===========================47.4% ]
[===========================47.5% ]
[===========================47.5% ]
[===========================47.6% ]
[===========================47.7% ]
[===========================47.8% ]
[===========================47.8% ]
[===========================47.9% ]
[===========================47.9% ]
[===========================48.0% ]
[===========================48.0% ]
[===========================48.1% ]
[===========================48.2% ]
[===========================48.3% ]
[===========================48.5% ]
[===========================48.6% ]
[===========================48.6% ]
[===========================48.7% ]
[===========================48.7% ]
[===========================48.7% ]
[===========================48.8% ]
[===========================48.8% ]
[===========================48.8% ]
[===========================48.8% ]
[===========================48.9% ]
[===========================48.9% ]
[===========================48.9% ]
[===========================48.9% ]
[===========================49.0% ]
[===========================49.0% ]
[===========================49.1% ]
[===========================49.1% ]
[===========================49.1% ]
[===========================49.2% ]
[===========================49.4% ]
[===========================49.4% ]
[===========================49.4% ]
[===========================49.5% ]
[===========================49.7% ]
[===========================49.8% ]
[===========================50.0% ]
[===========================50.1% ]
[===========================50.1% ]
[===========================50.3% ]
[===========================50.3% ]
[===========================50.3% ]
[===========================50.6% ]
[===========================50.8% ]
[===========================50.9% ]
[===========================51.2% ]
[===========================51.5% ]
[===========================51.6% ]
[===========================51.8% ]
[===========================51.9% ]
[===========================52.2% ]
[===========================52.3% ]
[===========================52.8% ]
[===========================53.0% ]
[===========================53.4% ]
[===========================53.4% ]
[===========================53.9% ]
[===========================54.3% ]
[===========================54.6% ]
[===========================54.7% ]
[===========================54.7% ]
[===========================54.8% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.2% ]
[===========================55.3% ]
[===========================55.3% ]
[===========================55.3% ]
[===========================55.3% ]
[===========================55.4% ]
[===========================55.4% ]
[===========================55.4% ]
[===========================55.4% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.5% ]
[===========================55.6% ]
[===========================55.6% ]
[===========================55.6% ]
[===========================55.7% ]
[===========================55.7% ]
[===========================55.7% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.8% ]
[===========================55.9% ]
[===========================55.9% ]
[===========================55.9% ]
[===========================56.0% ]
[===========================56.0% ]
[===========================56.0% ]
[===========================56.0% ]
[===========================56.1% ]
[===========================56.1% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.2% ]
[===========================56.3% ]
[===========================56.3% ]
[===========================56.3% ]
[===========================56.3% ]
[===========================56.4% ]
[===========================56.4% ]
[===========================56.4% ]
[===========================56.4% ]
[===========================56.4% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.5% ]
[===========================56.6% ]
[===========================56.6% ]
[===========================56.6% ]
[===========================56.6% ]
[===========================56.7% ]
[===========================56.7% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================56.8% ]
[===========================56.9%= ]
[===========================56.9%= ]
[===========================56.9%= ]
[===========================57.0%= ]
[===========================57.0%= ]
[===========================57.0%= ]
[===========================57.0%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.1%= ]
[===========================57.2%= ]
[===========================57.2%= ]
[===========================57.2%= ]
[===========================57.3%= ]
[===========================57.3%= ]
[===========================57.3%= ]
[===========================57.3%= ]
[===========================57.4%= ]
[===========================57.5%= ]
[===========================57.5%= ]
[===========================57.7%= ]
[===========================57.7%= ]
[===========================57.8%= ]
[===========================58.0%= ]
[===========================58.0%= ]
[===========================58.1%= ]
[===========================58.1%= ]
[===========================58.2%= ]
[===========================58.3%= ]
[===========================58.6%== ]
[===========================58.6%== ]
[===========================58.6%== ]
[===========================59.5%== ]
[===========================59.7%== ]
[===========================60.2%== ]
[===========================60.2%== ]
[===========================62.3%==== ]
[===========================84.9%================= ]
[==========================100.0%==========================]
Opera‡Æo de restaura‡Æo conclu¡da com ˆxito.
A opera‡Æo foi conclu¡da com ˆxito.

========= Fim de CMD: =========

========= SFC /scannow =========

Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído.

Iniciando fase de verificação de verificação do sistema.
Verificação 0% concluída. Verificação 1% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 99% concluída. Verificação 100% concluída.

A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito.
Para reparos online, os detalhes são incluídos no arquivo de log CBS localizado em
windir\Logs\CBS\CBS.log. Por exemplo, C:\Windows\Logs\CBS\CBS.log. Para reparos
offline, os detalhes são incluídos no arquivo de log fornecido pelo sinalizador /OFFLOGFILE.

========= Fim de CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-467048075-196725563-1868618205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-467048075-196725563-1868618205-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.

========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 941265814 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => -4268451 B
Edge => 0 B
Chrome => 226146442 B
Firefox => 308303401 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 21184 B
NetworkService => 21184 B
Angelo Braz => 1463858987 B

RecycleBin => 0 B
EmptyTemp: => 2.7 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 21:50:30 ====

Citação

Quando surge o bloco de notas com o conteudo, aparece o local onde esse arquivo é salvo?

Não aparece, não, Elias.

Elias Pereira · 1 de agosto de 2023

Faça o download do Process Monitor em: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Após baixar, descompacte o arquivo ZIP e execute o "Procmon.exe". Dependendo das configurações de segurança, talvez seja necessário executá-lo como administrador.
No menu "Filter", selecione "Filter..." ou use o atalho "Ctrl + L" e defina como a imagem abaixo;
Clique em "Add" para adicionar a condição e, em seguida, clique em "OK" para fechar o diálogo de filtro.
No menu "Opções" ou "Options" marca a opção "Enable Boot Logging"
Reinicie o computador e abra novamente o Process Monitor.
Abra novamente o Process Monitor e dê "load/recaregue" o arquivo "Bootlog.pml"
Aguarde o carregamento.
No menu "File/Arquivo" clique em "salvar como" e salve o arquivo como "output.txt".
Abra o arquivo em separado, copie e cole na sua próxima resposta.

Xacamaster · 9 de agosto de 2023

Elias, tive dificuldades no salvamento do log, ao utilizar a opção "Salvar como" o log não estava sendo gerado em ".txt", então selecionei todos os itens e copiei e colei no bloco de notas. Caso tenha realizado o procedimento errado, peço desculpas e o realizarei novamente.

Obs.: Anexarei o log, pois não estou conseguido cola-lo na resposta por este ser muito grande.

output.txt

Elias Pereira · 9 de agosto de 2023

Me desculpe. Esqueci que o salvamento é em uma extensão diferente e possivelmente não deixa mudar.

Anexe o arquivo Bootlog.pml, por gentileza.

Xacamaster · 9 de agosto de 2023

Certo, Elias.

Ao abrir o programa após o reiniciar da máquina ele gerou um "Bootlog.pml" com 2Gb de tamanho. Dentro da interface do programa utilizei a função "Salvar" e ela gerou um arquivo chamado "Logfile.pml" com 4Mb, o qual anexo em minha resposta. Caso não seja esse último, me avise para que eu possa subir o Bootlog na nuvem.

Obs.: Por o arquivo ultrapassar o limite de 4mb do fórum, o comprimi com a ferramenta 7zip.

Logfile.7z

Elias Pereira · 11 de agosto de 2023

O log ficou enorme. Complicado de analisar.

Execute novamente o FRST.

Abra cada log em separado, copie e cole em sua proxima resposta.

Xacamaster · 11 de agosto de 2023

Entendi. Desculpe-me.

Segue os logs pedidos. Elias.

Citação

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 06-08-2023
Executado por Angelo (administrador) em DESKTOP-T0H8SRB (11-08-2023 16:04:38)
Executando a partir de D:\Área de Trabalho\FRST64.exe
Perfis Carregados: Angelo
Plataforma: Microsoft Windows 10 Pro Versão 22H2 19045.3324 (X64) Idioma: Português (Brasil)
Navegador padrão: Edge
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Banco Bradesco S.A. -> Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe
(C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe ->) (Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avpui.exe
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksdeui.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Microsoft Corporation) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\WebView2\msedgewebview2.exe <6>
(C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Angelo Braz\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(explorer.exe ->) (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aetcrss1.exe
(explorer.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(services.exe ->) () [Arquivo não assinado] C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe
(services.exe ->) () [Arquivo não assinado] C:\Windows\SysWOW64\WIN8_MBIM.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Banco Bradesco SA -> Banco Bradesco S.A.) C:\Program Files (x86)\scpbrad\scpbradserv.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP) [Arquivo não assinado] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe
(services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [CertificateRegistration] => C:\WINDOWS\system32\aetcrss1.exe [25088 2017-05-09] (A.E.T. Europe B.V.) [Arquivo não assinado]
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart [1767712 2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) [Arquivo não assinado]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [0 0000-00-00] () <==== ATENÇÃO [zero byte Arquivo/Pasta]
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [Arquivo não assinado]
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41572768 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe [8080480 2023-07-13] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CiscoSpark] => C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1523 2023-06-27] () [Arquivo não assinado]
HKLM\...\Windows x64\Print Processors\HP1006PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1006PP.dll [65024 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Windows x64\Print Processors\hpfpp70w: C:\Windows\System32\spool\prtprocs\x64\hpfpp70w.dll [249856 2009-04-20] (Hewlett-Packard Corporation) [Arquivo não assinado]
HKLM\...\Print\Monitors\Advanced TCP/IP Port Monitor: C:\WINDOWS\system32\mvtcpmon.dll [541184 2009-06-25] (Marvell Semiconductor, Inc.) [Arquivo não assinado]
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP1006LM: C:\WINDOWS\system32\HP1006LM.DLL [198144 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\novaPDF 7 Monitor: C:\WINDOWS\system32\novamnk7.dll [29008 2011-02-15] (Softland -> Softland)
HKLM\...\Print\Monitors\PCL hpf3l70w.dll: C:\WINDOWS\system32\hpf3l70w.dll [136704 2009-04-20] (Hewlett-Packard Company) [Arquivo não assinado]
HKLM\...\Print\Monitors\Wondershare PDF Converter Monitor: C:\WINDOWS\system32\WSMonitorX64.dll [98152 2016-04-15] (Wondershare Software Co., Ltd. -> Wondershare Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\115.0.5790.171\Installer\chrmstp.exe [2023-08-07] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {139C4758-67F3-4329-A974-4794BFC59D65} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {E1FB5B62-6B72-4BB6-85FB-3264951AC391} - System32\Tasks\Apple Diagnostics => C:\Users\Angelo Braz\AppData\Local\Microsoft\WindowsApps\eReporter-AppX.exe [0 2023-08-05] () [simlink -> ]
Task: {B66060EA-A021-458D-9DEE-E15858150EEC} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {5EB4695D-60B3-41A5-B1DF-3A70B5AE000D} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "7bde81e5-df76-4cdb-b6c4-cb680b94b0fd" --version "6.14.10584" --silent
Task: {C3C69662-F7DA-4E2E-888B-7422EB16FEF7} - System32\Tasks\CCleanerSkipUAC - Angelo => C:\Program Files\CCleaner\CCleaner.exe [34677664 2023-07-12] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {EADD7685-93F8-4058-B6CE-ACDA2C31816F} - System32\Tasks\GoogleUpdateTaskMachineCore{02CBA588-79F0-470C-86D2-F97C38EF9BDC} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.)
Task: {64E75D80-D58E-4E89-B64A-8392C3778955} - System32\Tasks\GoogleUpdateTaskMachineUA{CC4F3893-5487-44F3-8EF1-EBF935399E40} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.)
Task: {04A14E1D-D46A-4360-A088-07DD5CBA9A5B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {7803E048-6719-4971-B790-109174D4D4D8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26656184 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {191073D9-54C5-4CB7-A7F3-B6E98BAFD0AB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124312 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C6840B6-ACB1-4347-9849-55D29D05343A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124312 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {9AC27F52-F74A-4BB7-98AE-F87D4FEB097D} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(1): %windir%\system32\compattelrunner.exe -> -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc
Task: {9AC27F52-F74A-4BB7-98AE-F87D4FEB097D} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(2): %windir%\system32\compattelrunner.exe -> -m:appraiser.dll -f:DoScheduledTelemetryRun
Task: {9AC27F52-F74A-4BB7-98AE-F87D4FEB097D} - System32\Tasks\Microsoft\Windows\Application Experience\MareBackup => Command(3): %windir%\system32\compattelrunner.exe -> -m:aemarebackup.dll -f:BackupMareData
Task: {7FB1B722-D6A3-452B-AEAC-7C3108F0DC43} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [686496 2023-08-07] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {5719D563-8B12-4D40-82D2-A8CFA8C5A422} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [733088 2023-08-07] (Mozilla Corporation -> Mozilla Foundation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{81d19a1e-6325-4e6f-b780-655a8085b934}: [NameServer] 198.51.100.1,198.51.100.2
Tcpip\..\Interfaces\{f91de001-c0b5-48b3-94ee-3ccec5151877}: [NameServer] 1.0.0.1,1.1.1.1
Tcpip\..\Interfaces\{f91de001-c0b5-48b3-94ee-3ccec5151877}: [DhcpNameServer] 192.168.1.254

Edge:
=======
DownloadDir: D:\Área de Trabalho
Edge DefaultProfile: Default
Edge Profile: C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default [2023-08-11]
Edge DownloadDir: Default -> D:\Downloads
Edge Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-07-22]
Edge Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2023-07-31]
Edge Extension: (Edge relevant text changes) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-08]
Edge Extension: (TWP - Translate Web Pages) - C:\Tradutor EDGE [2023-06-02] [UpdateUrl:hxxps://raw.githubusercontent.com/FilipePS/Traduzir-paginas-web/master/dist/chromium/updates.xml] <==== ATENÇÃO
Edge HKU\S-1-5-21-467048075-196725563-1868618205-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]

FireFox:
========
FF DefaultProfile: ncjbv9eo.default
FF ProfilePath: C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\ncjbv9eo.default [2023-08-09]
FF ProfilePath: C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\tczzhnvm.default-release-1691629413015 [2023-08-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [] [não assinado]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [Nenhum Arquivo]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-08-01] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2023-08-09] <==== ATENÇÃO (Aponta para arquivo *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2023-08-09] <==== ATENÇÃO

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default [2023-08-09]
CHR Extension: (Reduza: Testador de cupons para suas compras) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\adblhjgamdlpmikabkcdleflikihalej [2022-07-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2023-06-11]
CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-07-03]
CHR Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-08-07]
CHR Extension: (Gerar DANFe/DACTe) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnalonmlenogoaknbeikifdbaokkhmjj [2022-02-02]
CHR Extension: (Documentos Google off-line) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-20]
CHR Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2023-08-07]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 AutoRun_MBIM; C:\WINDOWS\SysWOW64\WIN8_MBIM.exe [163840 2014-03-06] () [Arquivo não assinado]
R2 AVP21.14; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe [32008 2023-07-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 Change Modem Device Service; C:\WINDOWS\SysWOW64\ChgService.exe [135168 2014-02-20] () [Arquivo não assinado]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11867104 2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
R2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe [913408 2021-10-26] () [Arquivo não assinado]
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-12-01] (Epic Games Inc. -> Epic Games, Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-20] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2348512 2023-03-29] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7178720 2023-03-29] (GOG sp. z o.o -> GOG.com)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Arquivo não assinado]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-08-09] (HP Inc. -> HP Inc.)
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [127800 2010-04-07] (Hewlett-Packard Company -> HP)
S3 klvssbridge64_21.14; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\vssbridge64.exe [503544 2023-07-13] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe [32008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7770888 2017-05-09] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-06-24] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-06-24] (Electronic Arts, Inc. -> Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2703192 2022-12-22] (Rockstar Games, Inc. -> Rockstar Games)
R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] (Realtek Semiconductor Corp -> )
R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [2284400 2023-06-07] (Banco Bradesco SA -> Banco Bradesco S.A.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402200 2023-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2022-01-05] (Wondershare Technology Co.,Ltd -> Wondershare)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 athur; C:\WINDOWS\System32\drivers\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-28] (Bitdefender SRL -> BitDefender)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [243336 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2023-08-08] (GAS INFORMATICA LTDA -> GAS Tecnologia)
R1 klbackupdisk.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klbackupdisk.sys [110312 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt.Kaspersky4Win-21-14; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-14\klbackupflt.sys [245024 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\kldisk.sys [128288 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2023-07-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 KLFLT.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klflt.sys [550664 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse.Kaspersky4Win-21-14; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-14\klgse.sys [738824 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLHK.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klhk.sys [1822752 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF.Kaspersky4Win-21-14; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-14\klif.sys [1187592 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [99624 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klkbdflt.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klkbdflt.sys [121584 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klmouflt.sys [117992 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd.Kaspersky4Win-21-14; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-14\klpd.sys [81176 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klpnpflt.sys [107240 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 kltun; C:\WINDOWS\system32\DRIVERS\kltun.sys [86776 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_Kaspersky4Win-21-14_arkmon; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-14_arkmon.sys [369432 2023-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_Kaspersky4Win-21-14_klark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-14_klark.sys [351912 2023-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_Kaspersky4Win-21-14_klbg; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-14_klbg.sys [179816 2023-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_Kaspersky4Win-21-14_mark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-14_mark.sys [260512 2023-08-04] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klwfp.sys [182008 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\klwtp.sys [428784 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps.Kaspersky4Win-21-14; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-14\kneps.sys [352504 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] (ASUSTeK Computer Inc. -> )
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49608 2023-03-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [495896 2023-03-27] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-27] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-08-10 17:05 - 2023-08-10 17:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foto3x4
2023-08-10 17:05 - 2023-08-10 17:05 - 000000000 ____D C:\Program Files (x86)\Qualiom freewares
2023-08-09 22:02 - 2023-08-09 22:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-08-09 22:02 - 2023-08-09 22:03 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Mozilla
2023-08-09 22:02 - 2023-08-09 22:03 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-09 22:02 - 2023-08-09 22:02 - 000002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegação privativa do Firefox.lnk
2023-08-09 22:02 - 2023-08-09 22:02 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-08-09 09:30 - 2023-08-09 09:30 - 000000000 ___HD C:\$WinREAgent
2023-08-08 21:07 - 2023-08-08 21:07 - 000000000 ____D C:\WINDOWS\Panther
2023-08-07 18:38 - 2023-08-07 18:38 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\com.adobe.dunamis
2023-08-07 18:38 - 2023-08-07 18:38 - 000000000 ____D C:\Users\Angelo Braz\.ms-ad
2023-08-07 18:20 - 2023-08-10 22:28 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-08-07 18:19 - 2023-08-10 22:28 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-08-05 20:20 - 2023-08-05 20:20 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-08-05 17:04 - 2023-08-11 09:56 - 000000000 ___RD C:\Users\Angelo Braz\iCloudDrive
2023-08-05 17:04 - 2023-08-05 17:04 - 000003598 _____ C:\WINDOWS\system32\Tasks\Apple Diagnostics
2023-08-04 08:26 - 2023-08-09 10:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\Kaspersky4Win-21-14
2023-08-02 13:23 - 2023-08-02 13:49 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-07-31 21:51 - 2023-07-31 21:56 - 000003960 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{CC4F3893-5487-44F3-8EF1-EBF935399E40}
2023-07-31 21:51 - 2023-07-31 21:56 - 000003836 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{02CBA588-79F0-470C-86D2-F97C38EF9BDC}
2023-07-30 10:16 - 2023-08-08 21:08 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-07-30 10:16 - 2023-08-05 20:20 - 000003472 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-07-30 10:16 - 2023-07-30 10:16 - 000002908 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Angelo
2023-07-18 14:32 - 2023-07-18 14:32 - 000000008 _____ C:\ProgramData\ntuser.pol
2023-07-13 16:09 - 2023-07-13 17:10 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\ZHP

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-08-11 16:05 - 2023-07-10 14:55 - 000000000 ____D C:\FRST
2023-08-11 16:02 - 2021-12-16 21:16 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-08-11 16:02 - 2015-08-11 22:55 - 000000000 ____D C:\Program Files (x86)\Google
2023-08-11 15:55 - 2016-11-18 06:31 - 000000000 ____D C:\Users\Angelo Braz\AppData\LocalLow\Mozilla
2023-08-11 15:51 - 2022-02-09 20:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-08-11 12:00 - 2020-08-17 17:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-08-11 10:04 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-08-11 08:27 - 2023-06-27 18:25 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\WebEx
2023-08-10 21:03 - 2020-08-17 17:43 - 001749624 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-08-10 21:03 - 2019-12-07 11:53 - 000755378 _____ C:\WINDOWS\system32\prfh0416.dat
2023-08-10 21:03 - 2019-12-07 11:53 - 000149432 _____ C:\WINDOWS\system32\prfc0416.dat
2023-08-10 21:03 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2023-08-10 20:00 - 2020-08-17 17:46 - 000004182 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D560E2BD-2729-4B68-9016-45F841C9ACEA}
2023-08-10 18:10 - 2015-07-31 15:53 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Word
2023-08-10 16:10 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-08-10 16:10 - 2019-10-13 14:30 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Apple Computer
2023-08-10 09:50 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-08-10 09:50 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-08-09 22:02 - 2015-07-30 14:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-08-09 21:59 - 2020-08-17 15:16 - 000000000 ____D C:\Users\Angelo Braz
2023-08-09 18:30 - 2023-06-01 12:54 - 000000000 ____D C:\ProgramData\NVIDIA
2023-08-09 18:30 - 2020-08-17 17:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-08-09 18:30 - 2020-08-17 17:33 - 000008192 ___SH C:\DumpStack.log.tmp
2023-08-09 18:29 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-08-09 10:10 - 2020-08-17 17:33 - 000462752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-08-09 10:09 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-08-09 10:09 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-08-09 10:09 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-08-09 10:09 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-08-09 10:09 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-08-09 10:09 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-08-09 10:09 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-08-09 10:09 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-08-09 10:09 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\appcompat
2023-08-09 10:07 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-08-09 09:58 - 2020-08-17 17:36 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-08-09 09:30 - 2022-03-22 08:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-08-09 09:30 - 2021-07-27 22:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2023-08-09 08:27 - 2020-04-06 13:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-08-08 21:08 - 2015-08-04 17:13 - 000028888 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\gbpddfac64.sys
2023-08-08 20:53 - 2019-11-15 21:44 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\MPC-HC
2023-08-08 19:55 - 2015-08-12 12:56 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-08-08 19:45 - 2015-08-12 12:56 - 175983240 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-08-08 19:21 - 2022-09-23 18:37 - 000000000 ____D C:\Program Files (x86)\dotnet
2023-08-08 19:21 - 2017-08-30 09:34 - 000000000 ____D C:\ProgramData\Package Cache
2023-08-07 20:25 - 2019-12-07 06:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2023-08-07 18:38 - 2015-07-31 22:27 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\Adobe
2023-08-07 18:18 - 2022-01-31 22:33 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-08-07 18:03 - 2015-08-11 22:57 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-08-05 22:01 - 2018-04-30 19:56 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\D3DSCache
2023-08-05 21:09 - 2018-11-29 23:01 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CrashDumps
2023-08-05 20:20 - 2015-07-30 13:48 - 000000000 ____D C:\Program Files\CCleaner
2023-08-05 17:22 - 2019-10-13 15:02 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\Apple Inc
2023-08-05 17:04 - 2019-10-13 14:30 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\Apple Computer
2023-08-05 16:51 - 2022-08-14 18:22 - 000000000 ____D C:\ProgramData\Apple Inc
2023-08-05 16:51 - 2018-07-18 21:29 - 000000000 ____D C:\ProgramData\Packages
2023-08-05 16:51 - 2017-10-18 01:12 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\Packages
2023-08-05 15:13 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-08-05 12:26 - 2015-07-31 15:54 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Excel
2023-08-05 09:33 - 2022-12-18 19:51 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-467048075-196725563-1868618205-1001
2023-08-05 09:33 - 2020-08-17 17:46 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-467048075-196725563-1868618205-1001
2023-08-05 09:33 - 2020-08-17 15:16 - 000002448 _____ C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-08-05 09:32 - 2022-08-28 15:03 - 000000000 ____D C:\Program Files\Common Files\AV
2023-08-04 08:28 - 2022-08-28 15:02 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2023-08-04 08:28 - 2022-08-28 15:02 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2023-08-04 08:26 - 2023-05-02 15:23 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk
2023-08-02 13:49 - 2021-03-09 16:52 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-07-31 14:52 - 2020-04-19 23:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-07-20 10:47 - 2023-05-02 15:25 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage
2023-07-18 14:30 - 2015-07-31 16:02 - 000000000 ____D C:\Users\Angelo Braz\AppData\LocalLow\Temp
2023-07-18 14:28 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2023-07-18 14:28 - 2017-09-29 10:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2023-07-13 19:27 - 2021-02-19 21:08 - 000099624 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2023-07-13 16:06 - 2020-07-22 20:42 - 000000000 ____D C:\AdwCleaner
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe

==================== Arquivos na raiz de alguns diretórios ========

2016-03-26 12:02 - 2016-03-26 12:02 - 000000001 _____ () C:\Users\Angelo Braz\AppData\Local\llftool.4.40.agreement
2016-03-26 12:03 - 2016-03-26 12:03 - 000000019 _____ () C:\Users\Angelo Braz\AppData\Local\llftool.license
2017-09-04 22:53 - 2017-09-04 22:53 - 000003379 _____ () C:\Users\Angelo Braz\AppData\Local\recently-used.xbel
2015-11-02 21:17 - 2022-11-30 14:48 - 000007610 _____ () C:\Users\Angelo Braz\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Citação

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 06-08-2023
Executado por Angelo (11-08-2023 16:20:35)
Executando a partir de D:\Área de Trabalho
Microsoft Windows 10 Pro Versão 22H2 19045.3324 (X64) (2020-08-17 20:46:23)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-467048075-196725563-1868618205-500 - Administrator - Disabled)
Angelo (S-1-5-21-467048075-196725563-1868618205-1001 - Administrator - Enabled) => C:\Users\Angelo Braz
Convidado (S-1-5-21-467048075-196725563-1868618205-501 - Limited - Enabled)
DefaultAccount (S-1-5-21-467048075-196725563-1868618205-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-467048075-196725563-1868618205-1006 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-467048075-196725563-1868618205-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 23.003.20269 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.)
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\{fa489a41-09bb-480e-95ff-0856f05112eb}) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.) Hidden
Anki (HKLM-x32\...\Anki) (Version: 2.1.43 - )
Aplicativo Itaú (HKLM-x32\...\{D0A058D6-4688-4E33-8894-8951D057990E}) (Version: 1.0.182 - Banco Itaú)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 6.14 - Piriform)
Cisco Webex Meetings (HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\ActiveTouchMeetingClient) (Version: 43.6.4 - Cisco Webex LLC)
Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.)
Configurações da câmera Logitech (HKLM-x32\...\LogiUCDPP) (Version: 2.12.20.0 - Logitech Europe S.A.)
digiCamControl (HKLM-x32\...\{051b8fc1-d433-4428-bcd1-f90aa50afa23}) (Version: 2.1.4.0 - ) Hidden
ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{59C0032B-88B5-41F3-B8FD-5B3356670B4F}) (Version: 1.1.167.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{4B31654B-80C2-405C-91C9-49B14AEB0F42}) (Version: 2.0.32.0 - Epic Games, Inc.)
Foto3x4 1.0 (HKLM-x32\...\{149B2FDC-AC01-4A38-A2F8-0AD40B2AEFAA}_is1) (Version: - Qualiom Sistemas Computacionais)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.2.15332 - Foxit Software Inc.)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.61.63 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 115.0.5790.171 - Google LLC)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
iCloud Outlook (HKLM\...\{AC76D136-36CC-4606-8361-4939FE5D2381}) (Version: 14.2.0.108 - Apple Inc.)
Identiv uTrust Smart Card Reader (HKLM-x32\...\{307F1256-AB13-4987-BAED-104752D425C8}) (Version: 1.17.0 - Identiv)
IRPF 2023 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\6908-8355-8468-2086) (Version: 1.3 - Receita Federal do Brasil)
IRPF2017 (HKLM-x32\...\IRPF2017) (Version: 1.1 - Receita Federal do Brasil)
IRPF2018 (HKLM-x32\...\IRPF2018) (Version: 1.4 - Receita Federal do Brasil)
IRPF2019 (HKLM-x32\...\IRPF2019) (Version: 1.5 - Receita Federal do Brasil)
IRPF2020 (HKLM-x32\...\IRPF2020) (Version: 1.9 - Receita Federal do Brasil)
IRPF2021 (HKLM-x32\...\IRPF2021) (Version: 1.2 - Receita Federal do Brasil)
IRPF2022 (HKLM-x32\...\IRPF2022) (Version: 1.3 - Receita Federal do Brasil)
Kaspersky (HKLM-x32\...\{3CC8CD12-5F5C-38C0-9557-8D379777C4AF}) (Version: 21.14.5.462 - Kaspersky) Hidden
Kaspersky (HKLM-x32\...\InstallWIX_{3CC8CD12-5F5C-38C0-9557-8D379777C4AF}) (Version: 21.14.5.462 - Kaspersky)
Kaspersky VPN (HKLM-x32\...\{4DC8ED2C-8DA1-3701-A234-66AF6EF1CEFF}) (Version: 21.13.5.506 - Kaspersky) Hidden
Kaspersky VPN (HKLM-x32\...\InstallWIX_{4DC8ED2C-8DA1-3701-A234-66AF6EF1CEFF}) (Version: 21.13.5.506 - Kaspersky)
K-Lite Codec Pack 17.1.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.1.5 - KLCP)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.21 (x86) (HKLM-x32\...\{A9F8F2E3-D3A4-4D90-9800-F689932ECE89}) (Version: 48.87.64667 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.21 (x86) (HKLM-x32\...\{EF4A37DD-21FE-43E9-89D1-1C699CC197AC}) (Version: 48.87.64667 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.21 (x86) (HKLM-x32\...\{B8ED272B-5F2D-4FF5-A7CA-C73552D7FB0F}) (Version: 48.87.64667 - Microsoft Corporation) Hidden
Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.16626.20134 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 115.0.1901.200 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 115.0.1901.200 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\OneDriveSetup.exe) (Version: 23.147.0716.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016 (HKLM\...\{F07B1E25-5670-4556-9C7F-5A1966C83269}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016 (HKLM\...\{E493B8F4-E300-43EC-95D0-BDF3711297EA}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016 (HKLM-x32\...\{5CD4E357-9ED6-42AC-B654-F1FC21DD60C9}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016 (HKLM-x32\...\{E2C131AD-D30F-4D67-ACE9-B3D485E84DA8}) (Version: 14.27.29016 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.21 (x86) (HKLM-x32\...\{33e692e6-1f06-4c3d-8981-738c129e0b2c}) (Version: 6.0.21.32717 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.21 (x86) (HKLM-x32\...\{F25834D2-0460-4995-8585-8E41BD074159}) (Version: 48.87.64723 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 116.0.2 (x64 pt-BR)) (Version: 116.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 116.0.2 - Mozilla)
Mozilla Thunderbird (x64 pt-BR) (HKLM\...\Mozilla Thunderbird 102.14.0 (x64 pt-BR)) (Version: 102.14.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NVIDIA Driver de controle do 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Driver de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA Driver do 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.16626.20118 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.5.101.48500 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
PDFsam Basic (HKLM\...\{24493C22-01EA-4E07-AB21-84910EB826B0}) (Version: 4.3.3.0 - Sober Lemur S.a.s. di Vacondio Andrea)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.64.316.2023 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5880 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.5 - Rockstar Games)
SafeSign 64-bits (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.124 - A.E.T. Europe B.V.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Suporte do iPod (HKLM\...\{713ABB2F-9ACB-4A4A-945A-CEA53C08644C}) (Version: 12.11.3.7 - Apple Inc.)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 82.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Webex (HKLM\...\{03482546-35AA-4BEC-A702-8B95FE6F4E02}) (Version: 43.6.0.26407 - Cisco Systems, Inc)

Packages:
=========
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-08-14] (Microsoft Corporation)
HP Scan and Capture -> C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6 [2020-05-08] (Hewlett-Packard Company)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_148.2.1069.0_x64__v10z8vjag6ke6 [2023-08-09] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_14.2.108.0_x64__nzyj5cx40ttqa [2023-08-05] (Apple Inc.) [Startup Task]
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-06-13] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad]
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2307.24001.0_x64__8wekyb3d8bbwe [2023-08-04] (Microsoft Corporation) [Startup Task]
RecForth -> C:\Program Files\WindowsApps\IOForth.Screenrecord-screenrecorder_1.1.11.0_x64__pxs7cjhtcq1xt [2023-06-21] (IOForth)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-467048075-196725563-1868618205-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-467048075-196725563-1868618205-1001_Classes\CLSID\{944E6FDE-D5C9-4B75-90DB-DE2E0FF9D2C1} -> [iCloud Drive] => C:\Users\Angelo Braz\iCloudDrive [2023-08-05 17:04]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-08-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-08-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-08-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-08-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [Arquivo não assinado]

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Módulos Carregados (Whitelisted) =============

2017-05-09 09:27 - 2017-05-09 09:27 - 003067904 _____ (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aetpkss1.dll
2017-05-09 09:27 - 2017-05-09 09:27 - 000040960 _____ (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aettask.dll
2016-07-19 20:59 - 2009-04-20 12:29 - 000136704 _____ (Hewlett-Packard Company) [Arquivo não assinado] C:\WINDOWS\System32\hpf3l70w.dll
2016-07-19 21:03 - 2009-04-20 11:29 - 000249856 _____ (Hewlett-Packard Corporation) [Arquivo não assinado] C:\WINDOWS\system32\spool\PRTPROCS\x64\hpfpp70w.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000029696 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\DebugLogger.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000032768 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2009-06-24 10:57 - 2009-06-24 10:57 - 000031744 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
2015-08-23 23:42 - 2022-07-15 11:00 - 000094720 _____ (Igor Pavlov) [Arquivo não assinado] C:\Program Files\7-Zip\7-zip.dll
2009-06-25 09:27 - 2009-06-25 09:27 - 000541184 _____ (Marvell Semiconductor, Inc.) [Arquivo não assinado] C:\WINDOWS\System32\mvtcpmon.dll
2023-06-01 14:01 - 2016-11-14 09:30 - 001300688 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2009-06-25 09:25 - 2009-06-25 09:25 - 000144896 _____ (OpenSLP) [Arquivo não assinado] C:\WINDOWS\System32\slp64.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20]

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\google.com -> www.google.com
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\google.com.br -> www.google.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.b.br -> www.itau.b.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.com.br -> hxxps://bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.com.br -> bankline.itau.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br
IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2015-07-10 08:04 - 2022-06-10 19:36 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts

2021-10-01 16:12 - 2021-10-01 16:13 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\
HKU\S-1-5-21-467048075-196725563-1868618205-1001\Control Panel\Desktop\\Wallpaper -> D:\Área de Trabalho\838293.jpg
DNS Servers: 1.0.0.1 - 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AutoRun_MBIM => 2
MSCONFIG\Services: Change Modem Device Service => 2
MSCONFIG\Services: DevMgmtService => 2
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: Origin Web Helper Service => 2
MSCONFIG\Services: ProductAgentService => 2
MSCONFIG\Services: Steam Client Service => 3
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run: => "VIVO INTERNET 4G"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "ISUSScheduler"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "VIVO INTERNET 4G"
HKLM\...\StartupApproved\Run32: => "Genshin Impact_Launcher"
HKLM\...\StartupApproved\Run32: => "Genshin Impact Beta_Launcher"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "ISUSPM Startup"
HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{9704DFD4-4832-4BA2-AD86-B1FA9825F1F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B8524ED1-C8B3-42D3-8377-9007CD2EAA50}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2FA0FB6A-3668-45DF-BB38-CA9816E4F7CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{60982F0A-8A31-47A3-B257-549FBC515CA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{9DE48766-BD8F-4E57-9A48-50B2D7A9F735}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{0EAAE5A9-8970-47BB-A4F2-6A1742F28E41}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
FirewallRules: [{C69FB424-B5AD-4AD0-BD4C-43D5DE3B800A}] => (Allow) D:\Games Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe () [Arquivo não assinado]
FirewallRules: [{D9B48F0D-AE4E-4B45-80AD-9881E874D23B}] => (Allow) D:\Games Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe () [Arquivo não assinado]
FirewallRules: [{7F4F876F-6B2E-463B-B1C0-4F8D31B6DE0E}] => (Allow) LPort=57209
FirewallRules: [{B6E1770B-8CAD-4D20-A5EF-AA5E16123919}] => (Allow) LPort=57209
FirewallRules: [{ECF732B5-EE5C-4091-9D65-5E8D0926D921}] => (Allow) LPort=9100
FirewallRules: [{21270FD4-3BF9-4EAC-9CFE-E71669980D50}] => (Allow) LPort=427
FirewallRules: [{04EB6426-E32A-44E6-AF67-70FFED25D5F8}] => (Allow) LPort=161
FirewallRules: [TCP Query User{9DB0A4D1-CBE4-464B-94F0-F3C42A376D1D}C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe] => (Allow) C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe (ITAU UNIBANCO S.A. -> Banco Itaú)
FirewallRules: [UDP Query User{04E3C43F-4BF3-485C-9E90-F35D803C4123}C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe] => (Allow) C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe (ITAU UNIBANCO S.A. -> Banco Itaú)
FirewallRules: [{112F261F-4506-4B4E-BC4F-A32D6499DFDB}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [{29EB09DF-8EE5-4FE0-B8F2-7713B4BA3E85}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [{756953E8-A221-4F00-AEEB-038FDAECCBFB}] => (Allow) LPort=9100
FirewallRules: [{79FFF101-D1B6-4085-97B3-E76F504E1D4D}] => (Allow) LPort=427
FirewallRules: [{A0BB0B35-3961-4770-985C-F673DACB5911}] => (Allow) LPort=161
FirewallRules: [{0C508160-3801-4AB0-940C-D97A9E5C9820}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett-Packard Company -> Hewlett Packard)
FirewallRules: [{955D43DB-DDAA-41E9-8C4A-B581CCCC7559}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett-Packard Company -> Hewlett Packard)
FirewallRules: [{1AA059A1-5AB1-4335-B21F-CA0DD4C3CC27}] => (Allow) LPort=57209
FirewallRules: [{D7659CAC-C449-438C-9994-F84DD097CE69}] => (Allow) LPort=57210
FirewallRules: [{AF1355A8-C405-4208-AB10-33ED0A67F073}] => (Allow) LPort=57211
FirewallRules: [{45962D66-4A6B-45DD-BF35-E761F56AD9B2}] => (Allow) LPort=57212
FirewallRules: [{B5CCDEE1-DC04-41A0-9361-45381456A761}] => (Allow) LPort=57213
FirewallRules: [{61ACAA29-9085-4F20-B5E8-57AC45E3870A}] => (Allow) LPort=57214
FirewallRules: [{F9770054-8423-418C-B688-C5C9B3963DFE}] => (Allow) LPort=57215
FirewallRules: [{8C2914B5-15B3-4C48-AA82-78DEA6F2D379}] => (Allow) LPort=57216
FirewallRules: [{810BAA4E-1B8B-4FDA-8B72-CD45A01BE72F}] => (Allow) LPort=57217
FirewallRules: [{58F42371-9689-4D51-89AB-606D1A001BAD}] => (Allow) LPort=57218
FirewallRules: [{527DD172-FEEF-4424-84CB-9E49472E4D7F}] => (Allow) LPort=57209
FirewallRules: [{7234C66E-E760-47B9-9218-588B0194ACEE}] => (Allow) LPort=57210
FirewallRules: [{89C4D8BE-B71A-4BF3-B61E-B8169AD76902}] => (Allow) LPort=57211
FirewallRules: [{7B303FB5-0AF9-4AD1-9423-FECC397BD8A4}] => (Allow) LPort=57212
FirewallRules: [{FD6CE65C-1A77-4D7A-B1BE-3CA958B6704F}] => (Allow) LPort=57213
FirewallRules: [{CB0FB2C6-32D5-4167-A20B-63975E68D2D5}] => (Allow) LPort=57214
FirewallRules: [{00FA6BF7-B5A6-4804-B943-117AB3F24EC2}] => (Allow) LPort=57215
FirewallRules: [{9A46CF73-52B0-4155-8D32-3AC1D3DBDDD9}] => (Allow) LPort=57216
FirewallRules: [{1BFD7944-E93E-4D03-8342-7397C837FC1D}] => (Allow) LPort=57217
FirewallRules: [{07D1F187-4D33-4E9F-AABF-D958A367E8F2}] => (Allow) LPort=57218
FirewallRules: [{115E9E6E-EEEC-4B8E-877C-85F97D65B924}] => (Allow) LPort=23007
FirewallRules: [{5D10575B-15A2-47EB-A5E3-52C0030B676D}] => (Allow) LPort=23008
FirewallRules: [{88908B64-7FB1-4D51-B4FF-E7374FF75DB2}] => (Allow) LPort=33009
FirewallRules: [{0D97A74D-EF16-44D3-B3C9-A3F9AE2E9F1C}] => (Allow) LPort=33010
FirewallRules: [{51FB394C-330C-4FFB-BE85-B266C3868486}] => (Allow) LPort=33011
FirewallRules: [{50E3A043-B0B1-49D2-AABF-83F624CE67D4}] => (Allow) LPort=43012
FirewallRules: [{2AFF7942-479D-436D-B639-6E13C1F82ACC}] => (Allow) LPort=43013
FirewallRules: [{2D9EE3AE-5FEF-465D-A998-D55D06D59387}] => (Allow) LPort=53014
FirewallRules: [{FBCDA599-CAA8-4C13-A217-5A0E8D854BA9}] => (Allow) LPort=53015
FirewallRules: [{8D5B5EA6-E8AA-484A-BBA0-5D24BB080E72}] => (Allow) LPort=53016
FirewallRules: [{BFE86399-281C-4061-B880-5DC1EDB87DF1}] => (Allow) LPort=23007
FirewallRules: [{9A4B665D-B1F9-4C2F-B541-8517A8E16C98}] => (Allow) LPort=23008
FirewallRules: [{073E55E9-3949-42EB-8F95-DFF6B37A8945}] => (Allow) LPort=33009
FirewallRules: [{D631D813-84EE-4E2D-868E-F080A7DBE7AC}] => (Allow) LPort=33010
FirewallRules: [{759E29DB-3902-4EBF-B109-32E4341B5907}] => (Allow) LPort=33011
FirewallRules: [{116E6146-CB2E-4BDC-90A4-F00EA1AD4377}] => (Allow) LPort=43012
FirewallRules: [{32C1D800-6BDE-42C1-8E03-04A7ED274A83}] => (Allow) LPort=43013
FirewallRules: [{7838B0FE-A664-40F5-BF45-AC25607BD7F0}] => (Allow) LPort=53014
FirewallRules: [{29E4851B-E360-4337-93E3-EFE1331587FB}] => (Allow) LPort=53015
FirewallRules: [{36B1C54D-C58D-4F1A-AB42-333D338B7A00}] => (Allow) LPort=53016
FirewallRules: [{E4F0A1DA-EF72-4E1C-A87E-1B71F971477F}] => (Allow) LPort=50053
FirewallRules: [{02A83C19-C6C1-45F4-9B50-1C73B1EDC322}] => (Allow) LPort=50053
FirewallRules: [{322A0D8E-AA8D-4A50-B4A3-A8E3EA7B838A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0D0E2360-084D-47AC-BC5B-0F52F486118E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59F3EB46-7110-4BD6-A6A0-32841E67EE07}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D26BDEAB-488A-4ABA-A3E1-782D4249B379}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E797C231-379C-4588-A66A-E8C48FAF680D}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [{2C17A881-B1FF-47EE-BD1F-957AE7B9C3A2}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP)
FirewallRules: [TCP Query User{AE1F08BC-BA00-4214-B1D0-4E1098B05D36}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{19694063-9D68-4774-8786-24271BA34A28}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{02FA6EC5-5843-47B0-9579-517E8C1D7A59}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Nenhum Arquivo
FirewallRules: [{47A1D1A1-4C71-4545-A814-F6B7F7314D44}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Nenhum Arquivo
FirewallRules: [{A96CFB8E-99A5-4DD9-B7C5-67B3FA7A102D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D08F0EB9-1FCA-4F89-BF4D-822CA7622AD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{ADD6CED8-054F-4731-ADAE-BD0240723ACB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{57B7D3F7-0D1B-421D-AAEF-29AA187E39F6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1F9E6F74-E687-4100-842D-5AEF0E6E932E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{EA0740D0-B82D-479B-9FAA-62CAE172F128}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8AC3F5F4-018A-4A03-A891-31F876C6444C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2E719CE5-4254-457E-9649-F342B9BB05DE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{E0BD1869-4663-4D21-8ABA-877D1E0158D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FDE32108-AAE0-4713-855D-4569FCDD32BB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{7358EF98-6923-4B19-9B09-B130DEC8182F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{852E6C35-B170-4B8F-BAFC-E13D5B99FD05}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9CE512BC-2EAE-40EC-AE3B-DE28BDDDB398}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.200\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Pontos de Restauração =========================

==================== Dispositivos Apresentando Falhas No Gerenciador ============

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (08/11/2023 12:35:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15609

Error: (08/11/2023 12:35:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15609

Error: (08/11/2023 12:35:13 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/08/2023 07:55:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_Kaspersky4Win-21-13_mark.

System Error:
O sistema não pode encontrar o arquivo especificado.
.

Error: (08/08/2023 07:55:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_Kaspersky4Win-21-13_klbg.

System Error:
O sistema não pode encontrar o arquivo especificado.
.

Error: (08/08/2023 07:55:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_Kaspersky4Win-21-13_klark.

System Error:
O sistema não pode encontrar o arquivo especificado.
.

Error: (08/08/2023 07:55:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_Kaspersky4Win-21-13_arkmon.

System Error:
O sistema não pode encontrar o arquivo especificado.
.

Error: (08/08/2023 03:54:02 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Erros de Sistema:
=============
Error: (08/11/2023 09:37:23 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB)
Description: O servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} não se registrou no DCOM dentro do tempo limite necessário.

Error: (08/11/2023 12:35:13 AM) (Source: volsnap) (EventID: 25) (User: )
Description: As cópias de sombra do volume foram excluídas porque o armazenamento de cópia de sombra não pôde ser expandido. Reduza a carga de E/S do sistema ou escolha um volume de armazenamento de cópia de sombra do qual não esteja sendo feita uma cópia de sombra.

Error: (08/11/2023 12:34:55 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB)
Description: O servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} não se registrou no DCOM dentro do tempo limite necessário.

Error: (08/09/2023 10:59:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB)
Description: O servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} não se registrou no DCOM dentro do tempo limite necessário.

Error: (08/09/2023 06:30:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (45000 milissegundos) ao aguardar a conexão do serviço NvStreamNetworkSvc.

Error: (08/09/2023 06:29:44 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB)
Description: O servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} não se registrou no DCOM dentro do tempo limite necessário.

Error: (08/09/2023 04:52:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB)
Description: O servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} não se registrou no DCOM dentro do tempo limite necessário.

Error: (08/09/2023 10:27:02 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (45000 milissegundos) ao aguardar a conexão do serviço NvStreamNetworkSvc.

Windows Defender:
================
Date: 2023-03-28 10:27:25
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {33B9A05B-B9F9-466D-ACB9-3B59DDE6C71B}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 10:22:34
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {C889AA89-6F2A-43ED-981E-7AE295922696}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 09:56:14
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {5EDCBF41-C554-420E-AFB2-B5AB38A29F92}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 09:21:13
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {2E00FDA6-61BE-4E36-A497-DC9117BECA80}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2023-03-28 09:10:33
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {349F2248-1234-4A31-950F-AC518C2008D8}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA
Event[0]:

Date: 2022-05-22 23:54:51
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.283.1164.0
Fonte da Atualização: Servidor do Microsoft Update
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SISTEMA
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.15500.2
Código de Erro: 0x8024001e
Descrição do Erro: Erro inesperado ao verificar atualizações. Para obter informações sobre como instalar ou solucionar problemas de atualizações, consulte Ajuda e Suporte.

CodeIntegrity:
===============
Date: 2023-08-11 16:17:11
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-08-11 16:14:29
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

==================== Informações da Memória ===========================

BIOS: American Megatrends Inc. 2105 07/23/2010
placa-mãe: ASUSTeK Computer INC. M4A785TD-V EVO
Processador: AMD Phenom(tm) II X6 1055T Processor
Percentagem de memória em uso: 35%
RAM física total: 9982.18 MB
RAM física disponível: 6440.6 MB
Virtual Total: 10622.18 MB
Virtual disponível: 6756.58 MB

==================== Drives ================================

Drive () (Fixed) (Total:110.78 GB) (Free:4.35 GB) (Model: KINGSTON SV300S37A120G ATA Device) NTFS
Drive d: (Anjo) (Fixed) (Total:931.51 GB) (Free:334.54 GB) (Model: SAMSUNG HD103SI ATA Device) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)]

\\?\Volume{70b2a5bd-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{70b2a5bd-0000-0000-0000-90d11b000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 70B2A5BD)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=526 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6BF97209)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt =======================

Elias Pereira · 12 de agosto de 2023

22 horas atrás, Xacamaster disse:

Entendi. Desculpe-me

Não precisa se desculpar. Falei da questão que ficou enorme, pois achei que com o filtro não iria pegar tantas entradas.

Execute novamente o FRST em modo administrador.

Na caixa de texto da tela inicial, coloque:

searchAll: nox

Ápos isso, clique em Search Files.

Abra o logs gerados, copie e cole em sua proxima resposta.

Xacamaster · 19 de agosto de 2023

Em 12/08/2023 às 09:46, Elias Pereira disse:
Não precisa se desculpar. Falei da questão que ficou enorme, pois achei que com o filtro não iria pegar tantas entradas.

Execute novamente o FRST em modo administrador.

Na caixa de texto da tela inicial, coloque:
searchAll: nox
Ápos isso, clique em Search Files.

Abra o logs gerados, copie e cole em sua proxima resposta.