Computador travando e com mensagem de erro.

Guilherme Vermelho · 26 de setembro de 2023

Olá,

Meu notebook foi recentemente adquirido, novo e após instalar algumas extensões do chrome e programas duvidosos comecei a receber mensagens de erro a respeito de "audio.exe" e "grservices.exe". Acredito que a máquina esteja infectada.

Peço a ajuda de vocês para avaliar meus logs e confirmar minha suspeita.

Seguem os logs.

Obrigado.

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-26-2023
# Duration: 00:00:01
# OS: Windows 11 (Build 22621.2283)
# Cleaned: 29
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files\Tencent
Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\ProgramData\Tencent
Deleted C:\Users\guilh\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\guilh\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63557FD5-7F8E-4799-905D-C475871A78AA}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{65815CA8-768E-4592-B813-050581E5DAC0}
Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Search By ZoneAlarm
Deleted http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br
Deleted http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br
Deleted http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br
Deleted http://istart.webssearches.com/?type=hp&ts=1414538147&from=bxk1&uid=WDCXWD5000BPVT-60HXZT3_WD-WXN1E32NKVMSNKVMS
Deleted http://istart.webssearches.com/?type=hp&ts=1414538147&from=bxk1&uid=WDCXWD5000BPVT-60HXZT3_WD-WXN1E32NKVMSNKVMS
Deleted http://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=dde72d04ab3c4cd6853d3bb14dc531f5&tu=10GXy009a2B0CO0&sku=&tstsId=&ver=&

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE23B3FD-B9D1-4EBD-8CD9-9F0887DDB597}
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80434D54-1596-4D78-B6C4-CEE2D8653B2B}
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE23B3FD-B9D1-4EBD-8CD9-9F0887DDB597}
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Deleted Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED}
Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Deleted Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4461 octets] - [26/09/2023 10:49:32]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

~ ZHPCleaner v2023.9.26.45 by Nicolas Coolman (2023/09/26)
~ Run by guilh (Administrator) (26/09/2023 10:52:38)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\guilh\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\guilh\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point :
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 22621)

---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (5)
FOUND file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\History =>.SUP.BrowserHistoric
FOUND file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\History =>.SUP.BrowserHistoric
FOUND folder: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache
FOUND folder: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache
FOUND folder: C:\Users\guilh\AppData\Local\Opera Software\Opera Stable\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache

---\\ Hosts file (1)
~ The hosts file is legitimate (21)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (4)
FOUND file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference
FOUND folder: C:\Users\guilh\AppData\Local\Google\Update =>Heuristic.Suspect
FOUND folder: C:\ProgramData\IObit\ASCDownloader =>SUP.Optional.AdvancedSystemCare

---\\ Registry ( Key, Value, Data) (4)
FOUND key: HKEY_USERS\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r [] =>Adware.Navipromo
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48c4d171-290d-4b41-b940-f739f8dc8093}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ecebae50-4f24-4c4b-ace0-ab3467d323e9}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser
FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser

---\\ Summary of the elements found (7)
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache
https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
https://nicolascoolman.eu/wp-content/uploads/2017/12/26/sup-advancedsystemcare/ =>SUP.Optional.AdvancedSystemCare
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Adware.Navipromo
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser

---\\ Result of repair
~ Any repair made
~ Google Chrome OK
~ Microsoft Edge OK
~ Microsoft Internet Explorer OK
~ Opera Stable OK

---\\ Statistics
~ Items scanned : 97382
~ Items found : 16
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 10/18

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of search in 00h07mn23s

---\\ Reports (0)
ZHPCleaner-[S]-26092023-11_00_01.txt

~ ZHPCleaner v2023.9.26.45 by Nicolas Coolman (2023/09/26)
~ Run by guilh (Administrator) (26/09/2023 11:01:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\guilh\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\guilh\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 22621)

---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (0)

---\\ Hosts file (1)
~ The hosts file is legitimate (21)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (9)
MOVED file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\History =>.SUP.BrowserHistoric
MOVED file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\History =>.SUP.BrowserHistoric
MOVED file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium
MOVED file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium
MOVED folder: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache
MOVED folder: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache
MOVED folder: C:\Users\guilh\AppData\Local\Opera Software\Opera Stable\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache
MOVED folder: C:\Users\guilh\AppData\Local\Google\Update =>Heuristic.Suspect
MOVED folder: C:\ProgramData\IObit\ASCDownloader =>SUP.Optional.AdvancedSystemCare

---\\ Registry ( Key, Value, Data) (4)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48c4d171-290d-4b41-b940-f739f8dc8093}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ecebae50-4f24-4c4b-ace0-ab3467d323e9}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser
DELETED key*: HKEY_USERS\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r [] =>Adware.Navipromo

---\\ Summary of the elements found (7)
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect
https://nicolascoolman.eu/wp-content/uploads/2017/12/26/sup-advancedsystemcare/ =>SUP.Optional.AdvancedSystemCare
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Adware.Navipromo

---\\ Other deletions. (0)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Microsoft Edge OK
~ Microsoft Internet Explorer OK
~ Opera Stable OK

---\\ Statistics
~ Items scanned : 1043
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 10/18

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2023
Executado por guilh (administrador) em GUIVERMELHO (Acer Nitro AN515-58) (26-09-2023 11:05:07)
Executando a partir de C:\Users\guilh\Desktop\FRST64.exe
Perfis Carregados: guilh
Plataforma: Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAdminAgent.exe
(Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAgent.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE <2>
(DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_helper.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe <2>
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\neo\core\mc-neo-host.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.986.611.0_x64__8wekyb3d8bbwe\PushNotificationsLongRunningTask.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe [1673008 2023-05-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) [Arquivo não assinado]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142222176 2023-04-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Google Update] => "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" (Nenhum Arquivo)
HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4374888 2023-09-11] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210232 2023-09-23] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc)
Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk [2023-09-18]
ShortcutTarget: Audio system.lnk -> C:\Netframework.4.5.2\Audio system.vbs () [Arquivo não assinado]
Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2023-09-26]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk [2023-09-18]
ShortcutTarget: system.lnk -> C:\Perform\system.vbs () [Arquivo não assinado]

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {AB28516B-FCD3-481C-8EDA-D26FA8816B97} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (Nenhum Arquivo)
Task: {03768D52-5397-46F6-9404-AC20EC436D5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Nenhum Arquivo)
Task: {65532448-C145-49C5-B05D-389973E60B07} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {CF26937B-FE54-41A5-B8A3-D5986CF41D59} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {AF75F4D6-2296-498C-B976-586DCC5CFD9A} - System32\Tasks\audio system => C:\Perform\update.vbs (Nenhum Arquivo)
Task: {0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D} - System32\Tasks\Driver Booster SkipUAC (guilh) => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\DriverBooster.exe [8966120 2023-07-27] (IObit CO., LTD -> IObit)
Task: {1866B25B-8067-4F5F-8B61-D3B8888F581C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\AutoUpdate.exe [2516968 2023-06-13] (IObit CO., LTD -> IObit)
Task: {C59F40E0-7B31-49F5-8CC4-8BF0537D2407} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Nenhum Arquivo)
Task: {5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (Nenhum Arquivo)
Task: {C8C25885-F528-475C-8C7D-C61CD10197D5} - System32\Tasks\iTop Summer Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopsump23.exe" /sum (Nenhum Arquivo)
Task: {475868C0-5FC0-427B-B5AB-3472F6BF6892} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {88D56762-D568-4F5B-A809-C403A6C827A3} - System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\WPS\1.11.279.1\dad\mc-dad.exe [4379528 2023-09-12] (McAfee, LLC -> McAfee, LLC)
Task: {C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {A155A82B-9E51-48CF-A477-D10075016515} - System32\Tasks\McAfee\WPS\McAfee Sustainability => C:\Program Files\McAfee\WPS\1.11.279.1\sustainability\mc-sustainability.exe [778816 2023-09-12] (McAfee, LLC -> McAfee, LLC)
Task: {5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {1283FDD0-291D-4775-A11D-2B6EE2D9A2DA} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {B54F2BA6-417F-437E-B81C-265EE5A1C6B3} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {56EFF8C7-F360-4B48-B402-1ABF6763AB84} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {2BB25299-DD12-4A55-A8F2-871A76A0A421} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2}
Task: {7E4F884A-4B65-4572-95C8-75A72035EC76} - System32\Tasks\McAfee\WPS\WPSPush => \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe [819400 2023-09-12] (McAfee, LLC -> )
Task: {470FD3C7-F7B6-430C-9160-31C3D0723EF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {89DB786A-3BCD-4ED9-9A28-4E689B55B665} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7DD50F2E-9467-4B35-8754-5F0DC7FB8A26} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {71136401-2E5A-477F-8C50-D95564CDEA05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA0F5D0F-DBA1-46DC-B35A-FE00325EF813} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-09-17] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Nenhum Arquivo)
Task: {A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3} - System32\Tasks\NitroSense => C:\Program Files\Acer\NitroSense Service\PSLauncher.exe [609640 2023-01-05] (Acer Incorporated -> Acer Incorporated)
Task: {C937BDAE-E1AF-438E-BF9D-115E21D7BB91} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF5DDFC7-50BD-4989-B899-33CC98D12EA6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CB4A7E3-1E03-42BB-AE20-88C0F397B181} - System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\guilh\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {37E30BB7-8F3B-4D5D-AB99-07F690D33DCC} - System32\Tasks\Opera scheduled Autoupdate 1694556305 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo)
Task: {1F1F8B45-A057-40EF-80B6-113D793A9A7A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-02] (Acer Incorporated -> Acer Incorporated)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Edge:
=======
Edge Profile: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-26]
Edge Extension: (Google Docs Offline) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-17]
Edge Extension: (Edge relevant text changes) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-13]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default [2023-09-26]
CHR Extension: (Adobe Acrobat: ferramentas para editar, converter e assinar PDFs) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-09-26]
CHR Extension: (Google Docs offline) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-26]
CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

Opera:
=======
OPR DefaultProfile: Opera Stable
OPR Profile: C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable [2023-09-12]
OPR Extension: (Rich Hints Agent) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-09-12]
OPR Extension: (Opera Wallet) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-09-12]
OPR Extension: (Aria) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-09-12]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe [543888 2022-02-02] (Intel Corporation -> Intel Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
S2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5f98233769cf65a5\AS\IAS\IntelAudioService.exe [539992 2023-08-22] (Intel Corporation -> Intel)
R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe [2781312 2023-08-22] (Intel Corporation -> Intel Corporation)
S3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation)
S2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2423160 2022-03-28] (Intel Corporation -> Intel)
S2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2883448 2022-03-28] (Intel Corporation -> Intel)
S3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation)
R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe [2310472 2023-09-12] (McAfee, LLC -> McAfee, LLC)
S3 mc-wps-update; C:\Program Files\McAfee\WPS\1.11.279.1\mc-update.exe [5075896 2023-09-12] (McAfee, LLC -> McAfee, LLC)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-19] (McAfee, LLC -> McAfee, LLC)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
S3 PSSvc; C:\Program Files\Acer\NitroSense Service\PSSvc.exe [867176 2023-01-05] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ACCSvc; "C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [36800 2022-05-31] (Acer Incorporated -> Acer Incorporated)
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Arquivo não assinado]
S3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_e63a1a6682c5eed2\e2k68cx21x64.sys [619408 2022-03-08] (Realtek Semiconductor Corp. -> Realtek)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_5d49b801c1e48609\IntcUSB.sys [941976 2023-08-22] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_6808233353fa1d56\ipf_acpi.sys [87168 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_cpu.sys [80512 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_lf.sys [445056 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [175848 2022-03-28] (Intel Corporation -> Rivet Networks, LLC.)
S0 mfeelam; C:\Windows\System32\DRIVERS\mfeelam.sys [18400 2023-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R0 mfesec; C:\Windows\System32\DRIVERS\mfesec.sys [82696 2023-09-12] (McAfee, LLC -> McAfee, LLC)
R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [243768 2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation)
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-09-17] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-09-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-09-26 11:05 - 2023-09-26 11:05 - 000023635 _____ C:\Users\guilh\Desktop\FRST.txt
2023-09-26 11:05 - 2023-09-26 11:05 - 000000000 ____D C:\FRST
2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Downloads\FRST64.exe
2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Desktop\FRST64.exe
2023-09-26 11:01 - 2023-09-26 11:01 - 000011461 _____ C:\Users\guilh\Desktop\ZHPCleaner (R).html
2023-09-26 11:01 - 2023-09-26 11:01 - 000004138 _____ C:\Users\guilh\Desktop\ZHPCleaner (R).txt
2023-09-26 11:00 - 2023-09-26 11:00 - 000011172 _____ C:\Users\guilh\Desktop\ZHPCleaner (S).html
2023-09-26 11:00 - 2023-09-26 11:00 - 000003958 _____ C:\Users\guilh\Desktop\ZHPCleaner (S).txt
2023-09-26 10:55 - 2023-09-26 10:50 - 000004429 _____ C:\Users\guilh\Desktop\AdwCleaner[C00].txt
2023-09-26 10:51 - 2023-09-26 11:01 - 000000000 ____D C:\Users\guilh\AppData\Roaming\ZHP
2023-09-26 10:51 - 2023-09-26 10:52 - 000000875 _____ C:\Users\guilh\Desktop\ZHPCleaner.lnk
2023-09-26 10:51 - 2023-09-26 10:51 - 003343008 _____ (Nicolas Coolman) C:\Users\guilh\Downloads\ZHPCleaner.exe
2023-09-26 10:51 - 2023-09-26 10:51 - 000000000 ____D C:\Users\guilh\AppData\Local\ZHP
2023-09-26 10:46 - 2023-09-26 10:50 - 000000000 ____D C:\AdwCleaner
2023-09-26 10:44 - 2023-09-26 10:44 - 008791352 _____ (Malwarebytes) C:\Users\guilh\Downloads\adwcleaner.exe
2023-09-26 10:43 - 2023-09-26 10:43 - 000000000 ____D C:\Users\guilh\AppData\Local\Steam
2023-09-26 10:42 - 2023-09-26 10:46 - 000000000 ____D C:\Program Files (x86)\Steam
2023-09-26 10:42 - 2023-09-26 10:42 - 002296488 _____ C:\Users\guilh\Downloads\SteamSetup.exe
2023-09-26 10:42 - 2023-09-26 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-09-26 07:57 - 2023-09-26 07:57 - 000732744 _____ C:\Windows\system32\prfh0416.dat
2023-09-26 07:57 - 2023-09-26 07:57 - 000146898 _____ C:\Windows\system32\prfc0416.dat
2023-09-26 06:54 - 2023-09-26 06:54 - 004847296 _____ (Husdawg, LLC) C:\Users\guilh\Downloads\Detection.exe
2023-09-22 16:20 - 2023-09-22 16:20 - 002601711 _____ C:\Users\guilh\Downloads\USO DE MÉTODOS OFICIAIS_DIURNO.pdf
2023-09-20 16:32 - 2023-09-20 16:32 - 000082065 _____ C:\Users\guilh\Downloads\extrato_conta.pdf
2023-09-13 08:23 - 2023-09-13 08:23 - 000000000 ____D C:\Users\guilh\Documents\Modelos Personalizados do Office
2023-09-13 08:22 - 2023-09-13 08:22 - 000560409 _____ C:\Users\guilh\Downloads\3- 2023 Lista Consolidada DCB jul.xlsx
2023-09-12 19:05 - 2023-09-25 20:14 - 000000000 ____D C:\Users\guilh\AppData\Local\CrashDumps
2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files\EaseUS
2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files (x86)\EaseUS
2023-09-12 19:05 - 2023-09-12 19:05 - 000004440 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1694556311
2023-09-12 19:05 - 2023-09-12 19:05 - 000004192 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1694556305
2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\Users\guilh\AppData\Local\Opera Software
2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\ProgramData\SystemAcCrux
2023-09-12 19:05 - 2022-12-29 13:34 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\EPMVolFl0.sys
2023-09-12 19:04 - 2023-09-12 19:05 - 077004880 _____ (EaseUS ) C:\Users\guilh\Downloads\epm17.9_free_B.exe
2023-09-12 19:04 - 2023-09-12 19:04 - 001966984 _____ C:\Users\guilh\Downloads\epm_free_installer.793248.exe
2023-09-12 19:04 - 2023-09-12 19:04 - 001767600 _____ ( ) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer_R-sI6W1.exe
2023-09-12 19:04 - 2023-09-12 19:04 - 000098304 _____ (Hewlett-Packard Company) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer.exe
2023-09-12 19:04 - 2023-09-12 19:04 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Opera Software
2023-09-12 19:00 - 2023-09-12 18:59 - 000082696 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfesec.sys
2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\WPSInstallerTemp1
2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2023-09-07 10:46 - 2023-09-07 10:46 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\PowerPoint
2023-09-07 09:49 - 2023-09-25 16:46 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Excel
2023-09-06 10:49 - 2023-09-06 10:49 - 000120029 _____ C:\Users\guilh\Downloads\Escitalopram.pdf
2023-09-05 09:44 - 2023-09-21 08:25 - 000003446 _____ C:\Windows\SysWOW64\pubfreeware.ini
2023-09-05 09:14 - 2023-09-05 09:14 - 000000000 ____D C:\Users\guilh\AppData\Local\McAfee
2023-09-01 19:20 - 2023-09-01 19:20 - 085419960 _____ (McAfee, LLC) C:\Users\guilh\Downloads\McAfee_Installer_serial_6Cd8yLdeaKmyPO98NLkWIg2_key_affid_1274_akey.exe
2023-09-01 19:02 - 2023-09-01 19:03 - 000000000 __RSD C:\Users\guilh\Documents\McAfee Vaults
2023-09-01 19:02 - 2023-09-01 19:02 - 000000000 ____D C:\Users\guilh\AppData\Local\McAfee File Lock
2023-09-01 18:59 - 2023-09-13 08:15 - 000000000 ____D C:\Program Files\McAfee
2023-09-01 18:59 - 2023-09-12 19:03 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2023-09-01 18:53 - 2023-09-13 08:16 - 000000000 ____D C:\ProgramData\McAfee
2023-09-01 18:53 - 2023-09-01 19:07 - 000000051 _____ C:\Users\guilh\AppData\Roaming\MCVi2UserDetail.ini
2023-09-01 18:53 - 2023-09-01 18:53 - 005891472 _____ (McAfee, LLC) C:\Users\guilh\Downloads\mcafee_trial_setup_433.0207.3919_key.exe

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-09-26 11:01 - 2023-08-22 21:21 - 000000000 ____D C:\ProgramData\IObit
2023-09-26 11:01 - 2023-08-22 21:16 - 000000000 ____D C:\Users\guilh\AppData\Local\Google
2023-09-26 11:00 - 2023-08-22 21:18 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome
2023-09-26 10:50 - 2023-08-22 21:21 - 000000000 ____D C:\Users\guilh\AppData\Roaming\IObit
2023-09-26 10:50 - 2023-08-22 21:12 - 000000000 ____D C:\ProgramData\Acer
2023-09-26 10:50 - 2023-08-22 21:12 - 000000000 ____D C:\Program Files (x86)\Acer
2023-09-26 10:50 - 2023-08-22 20:49 - 000000000 ____D C:\ProgramData\NVIDIA
2023-09-26 10:50 - 2023-08-22 20:42 - 000000000 ___RD C:\Users\guilh\OneDrive
2023-09-26 10:46 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\D3DSCache
2023-09-26 10:05 - 2023-08-22 21:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-09-26 10:05 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemTemp
2023-09-26 08:55 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-26 08:13 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\Packages
2023-09-26 07:57 - 2023-08-22 20:47 - 001682102 _____ C:\Windows\system32\PerfStringBackup.INI
2023-09-26 07:57 - 2022-05-07 02:22 - 000000000 ____D C:\Windows\INF
2023-09-26 06:52 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\AppReadiness
2023-09-26 06:50 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-09-25 18:11 - 2023-08-22 20:35 - 000000000 ____D C:\ProgramData\Packages
2023-09-25 18:11 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-25 17:23 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Word
2023-09-25 14:20 - 2023-08-23 18:33 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-25 14:20 - 2023-08-22 21:52 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-25 14:20 - 2023-08-22 21:51 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-25 14:20 - 2023-08-22 20:42 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001
2023-09-25 09:26 - 2023-08-22 20:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-21 15:11 - 2023-08-23 18:44 - 000000000 ____D C:\Users\guilh\Documents\WeChat Files
2023-09-20 19:15 - 2023-08-22 20:33 - 000012288 ___SH C:\DumpStack.log.tmp
2023-09-20 19:15 - 2023-08-22 20:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-20 19:15 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\NDF
2023-09-20 19:15 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ServiceState
2023-09-20 19:15 - 2022-05-07 02:17 - 000524288 _____ C:\Windows\system32\config\BBI
2023-09-19 16:41 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Office
2023-09-19 09:57 - 2023-08-22 21:35 - 000000000 ___HD C:\Perform
2023-09-19 09:42 - 2023-08-22 21:22 - 000000000 ____D C:\ProgramData\ProductData
2023-09-19 07:48 - 2023-08-22 21:16 - 000004224 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7}
2023-09-19 07:48 - 2023-08-22 21:16 - 000003956 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B}
2023-09-18 09:31 - 2023-08-22 21:35 - 000000000 ___HD C:\Netframework.4.5.2
2023-09-18 09:23 - 2022-05-07 02:17 - 000000000 ____D C:\Windows\CbsTemp
2023-09-18 09:22 - 2023-08-23 00:27 - 000000000 ____D C:\Windows\system32\MRT
2023-09-18 09:20 - 2023-08-23 00:27 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-18 09:20 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\AppLocker
2023-09-18 09:19 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-17 22:36 - 2023-08-22 21:48 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-17 22:35 - 2023-08-22 20:39 - 000000000 ____D C:\Users\guilh
2023-09-17 22:35 - 2023-08-22 20:33 - 000496264 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\UUS
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemResources
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\oobe
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\Dism
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellComponents
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Provisioning
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\bcastdvr
2023-09-17 20:51 - 2023-08-22 20:37 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-17 20:46 - 2023-08-23 00:24 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2023-09-13 08:21 - 2023-08-22 22:11 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\UProof
2023-09-12 20:49 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Registration
2023-09-12 19:04 - 2022-05-07 02:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-09-12 19:04 - 2022-05-07 02:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-09-12 19:00 - 2023-08-22 21:16 - 000002498 _____ C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-05 10:09 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\Panther
2023-09-05 09:06 - 2023-08-22 21:39 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-09-05 09:06 - 2023-08-22 21:39 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2023-09-05 09:00 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-09-01 19:02 - 2022-05-07 02:24 - 000000124 _____ C:\Windows\win.ini
2023-09-01 18:53 - 2023-08-23 00:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools

==================== Arquivos na raiz de alguns diretórios ========

2023-09-01 18:53 - 2023-09-01 19:07 - 000000051 _____ () C:\Users\guilh\AppData\Roaming\MCVi2UserDetail.ini
2023-08-22 21:35 - 2023-08-22 21:35 - 000000410 _____ () C:\Users\guilh\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 25-09-2023
Executado por guilh (26-09-2023 11:05:40)
Executando a partir de C:\Users\guilh\Desktop
Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) (2023-08-22 23:35:07)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-1468474341-1498967642-3512864176-500 - Administrator - Disabled)
Convidado (S-1-5-21-1468474341-1498967642-3512864176-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1468474341-1498967642-3512864176-503 - Limited - Disabled)
guilh (S-1-5-21-1468474341-1498967642-3512864176-1001 - Administrator - Enabled) => C:\Users\guilh
WDAGUtilityAccount (S-1-5-21-1468474341-1498967642-3512864176-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: McAfee (Disabled - Up to date) {17E6E93C-6841-5FC7-DEB8-480FDC929279}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.)
Coremail Client V4.0 version 4.0.1.699 (HKLM\...\CMClient_is1) (Version: 4.0.1.699 - )
Documentos (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\547329c748b021098adbb041e9997af7) (Version: 1.0 - Google\Chrome)
Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.6.0 - IObit)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Dynamic Application Loader Host Interface Service (HKLM\...\{B31B8E7F-3C96-4A05-887F-78F3DB1E2FC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Gmail (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\a3baf68a4cbc856ea0b6f162cafbe8a3) (Version: 1.0 - Google\Chrome)
Google Chrome (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
Google Drive (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\92561bab538146c8d23631a9655f2def) (Version: 1.0 - Google\Chrome)
Intel(R) Chipset Device Software (HKLM\...\{B7BE54CB-2BAB-458E-99FF-46067A9D451E}) (Version: 10.1.18950.8297 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{128196ab-db0f-4c9e-b603-9c8d8b59934d}) (Version: 10.1.18950.8297 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2239.3.33.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{6633DA0D-F56A-42E4-9599-D37A640CAF36}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{C71B56FC-8255-4226-B3E4-6B81288A6A0B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME WMI Provider (HKLM\...\{64528C16-C80F-4935-AF3A-946B86EB3EEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
McAfee (HKLM\...\McAfee.WPS) (Version: 1.11.279.1 - McAfee, LLC)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft 365 Apps para Grandes Empresas - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.41 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Teams) (Version: 1.6.00.11166 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
NitroSense Service (HKLM\...\{6FC78E80-6385-43D6-8A43-FA80094F1A2E}) (Version: 3.01.3052 - Acer Incorporated)
NVIDIA Driver de áudio HD 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA Driver de gráficos 512.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.74 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9309.1 - Realtek Semiconductor Corp.)
Sheets (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\729e688ab6880be61f3228ca532f5f97) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\7457603eb1d7d66885433bf216ff532c) (Version: 1.0 - Google\Chrome)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.11166 - Microsoft Corporation)
WebAdvisor da McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.836 - McAfee, LLC)
WeChat (HKLM-x32\...\WeChat) (Version: 3.9.6.33 - 腾讯科技(深圳)有限公司)
WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH)
YouTube (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\63c9d49a6b2c600986bb89cb0948ddcd) (Version: 1.0 - Google\Chrome)

Packages:
=========
Acer Purified Voice Console (R) -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPurifiedVoiceConsoleR_1.0.5.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt [2023-09-17] (INTEL CORP) [Startup Task]
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3054.0_x64__48frkmn4z8aw4 [2023-08-22] (Acer Incorporated)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-23] (Microsoft Corporation)
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2023.3.13.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.14.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.)
Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1122.329.0_x64__rh07ty8m5nkag [2023-08-22] (Rivet Networks LLC) [Startup Task]
McAfee® Security -> C:\Program Files\McAfee\WPS\1.11.279.1 [2023-09-12] ()
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation)
NitroSense_V31 -> C:\Program Files\WindowsApps\AcerIncorporated.NitroSenseV31_3.1.3052.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-22] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.294.0_x64__dt26b99r8h8gj [2023-09-05] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-01] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0 [2023-09-25] (Spotify AB) [Startup Task]
WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.986.611.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corp.)
Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-17] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-08-22] (win.rar GmbH)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97}\localserver32 -> C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> )
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\guilh\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\116.0.5845.188\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.292\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\guilh\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\nvshext.dll [2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Docs.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Documentos.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Gmail.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Google Drive.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Sheets.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Slides.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\YouTube.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Módulos Carregados (Whitelisted) =============

2020-03-06 06:11 - 2020-03-06 06:11 - 000021504 _____ (Adobe Systems Inc.) [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\Acrobat Elements\ContextMenuShim64.ptb

==================== Alternate Data Streams (Whitelisted) ========

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\sharepoint.com -> hxxps://1bws5l-files.sharepoint.com

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2022-05-07 02:24 - 2022-05-07 02:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\guilh\Downloads\wallpaperbetter.com_1920x1080.jpg
DNS Servers: O Suporte não está conectado à internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{FE3D84E7-D5D0-4749-BBD7-B574B3E39F01}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5DECDFD8-973A-4C56-97ED-7F88B51B644E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0405B5B1-1AAF-4825-967D-C7C4C54E2574}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CBCEC0B6-8D3F-428C-B0C1-3EA683598EE3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BBD3988B-10B6-4968-9C7B-0BDDC7FD9E66}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FE8024DF-5B09-4BE0-B3DE-F6B4C2A0B447}] => (Allow) C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> )
FirewallRules: [TCP Query User{274EB8B5-BC96-471A-864D-A4F975539016}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{3C7B0E6D-FB1A-42D8-AFA8-3DD521244E37}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{464E45D1-9892-4CB7-8348-0AA64EE6DD0F}] => (Allow) C:\Users\guilh\AppData\Local\Programs\Opera\102.0.4880.46\opera.exe => Nenhum Arquivo
FirewallRules: [{0D13D52D-B046-455E-9EA5-B1C9336868A1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA604C4B-C070-41F1-A883-F565E8F3F0E3}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{27B9E91B-40A0-42F8-BE0E-F104F1F519B4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF65E029-66BD-4B54-96CD-76CD0344056D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{884AF703-67BC-47D7-B5D0-284AFB4C4448}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E9E1619C-6764-4101-A1E3-71FA6CFC6FF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A65FE57C-1D9B-419A-BDD5-D9A60767AF11}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{557C13AE-B357-4CB1-B3AE-9E295602A6B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{96BE86C9-D610-4CEE-AF37-4451B7D37C2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4CCE2437-A38F-4802-84F3-47EC26DD0ED2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E6B07CED-2C7E-45CD-AA6A-2743C25EDF39}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3A59B8BE-2F78-4B0A-A6FC-CE0DFA793E0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6B49219D-E8B0-439F-BDA1-A58E3DC36AEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3B50D019-0F24-47D4-9AC1-37459124C427}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{91489089-8118-4628-9F0F-EF999D6A43D5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)

==================== Pontos de Restauração =========================

21-09-2023 08:25:40 Windows Update
21-09-2023 08:25:48 Windows Update
26-09-2023 11:00:27 ZHPcleaner

==================== Dispositivos Apresentando Falhas No Gerenciador ============

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (09/26/2023 10:47:35 AM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT)
Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783
Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000001ce8a
ID do processo com falha: 0x0x51a0
Hora de início do aplicativo com falha: 0x0x1d9f07ff7b7926c
Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe
Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll
ID do Relatório: c8f90dbb-28be-4ce6-9322-b920b9abdf36
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (09/26/2023 10:47:04 AM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT)
Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783
Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000001ce8a
ID do processo com falha: 0x0x1278
Hora de início do aplicativo com falha: 0x0x1d9ec0fffccac1a
Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe
Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll
ID do Relatório: e6bc08cf-865c-4b74-93fd-9765a4e4781a
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (09/25/2023 08:14:05 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO)
Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23231.411.2342.9597, carimbo de data/hora: 0x64ed3548
Nome do módulo com falha: ucrtbase.dll, versão: 10.0.22621.608, carimbo de data/hora: 0xf5fc15a3
Código de exceção: 0xc0000409
Deslocamento da falha: 0x000000000007f61e
ID do processo com falha: 0x0x4cd4
Hora de início do aplicativo com falha: 0x0x1d9f005fa59ef0f
Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll
ID do Relatório: c500ef52-b02c-4e04-8641-4863e15f6a7d
Nome completo do pacote com falha: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
ID do aplicativo relativo ao pacote com falha: msteamsupdate

Error: (09/25/2023 09:27:13 AM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO)
Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23231.411.2342.9597, carimbo de data/hora: 0x64ed3548
Nome do módulo com falha: ucrtbase.dll, versão: 10.0.22621.608, carimbo de data/hora: 0xf5fc15a3
Código de exceção: 0xc0000409
Deslocamento da falha: 0x000000000007f61e
ID do processo com falha: 0x0x2324
Hora de início do aplicativo com falha: 0x0x1d9efab9c7dc914
Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll
ID do Relatório: ab3d3857-7792-4b38-87aa-c08b17aa910e
Nome completo do pacote com falha: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
ID do aplicativo relativo ao pacote com falha: msteamsupdate

Error: (09/20/2023 07:17:04 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO)
Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23231.411.2342.9597, carimbo de data/hora: 0x64ed3548
Nome do módulo com falha: ucrtbase.dll, versão: 10.0.22621.608, carimbo de data/hora: 0xf5fc15a3
Código de exceção: 0xc0000409
Deslocamento da falha: 0x000000000007f61e
ID do processo com falha: 0x0x1ca8
Hora de início do aplicativo com falha: 0x0x1d9ec102f2d4fe2
Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe
Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll
ID do Relatório: 1ddbba84-6613-4b29-8bb6-ac63ba35a3b0
Nome completo do pacote com falha: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe
ID do aplicativo relativo ao pacote com falha: msteamsupdate

Error: (09/20/2023 07:15:03 PM) (Source: Application Hang) (EventID: 1002) (User: AUTORIDADE NT)
Description: O programa ShellExperienceHost.exe versão 10.0.22621.2215 interagiu com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle de Segurança e Manutenção.

Error: (09/20/2023 07:14:36 PM) (Source: Application Hang) (EventID: 1002) (User: AUTORIDADE NT)
Description: O programa ShellExperienceHost.exe versão 10.0.22621.2215 interagiu com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle de Segurança e Manutenção.

Error: (09/19/2023 03:40:32 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO)
Description: Nome do aplicativo com falha: Widgets.exe, versão: 421.20070.1820.0, carimbo de data/hora: 0x64e54318
Nome do módulo com falha: Widgets.exe, versão: 421.20070.1820.0, carimbo de data/hora: 0x64e54318
Código de exceção: 0xc0000005
Deslocamento da falha: 0x0000000000122cc7
ID do processo com falha: 0x0x20e0
Hora de início do aplicativo com falha: 0x0x1d9eb224960bae0
Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
Caminho do módulo com falha: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
ID do Relatório: e0367dea-7504-40b5-866f-a6c4402188d6
Nome completo do pacote com falha: MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy
ID do aplicativo relativo ao pacote com falha: Widgets

Erros de Sistema:
=============
Error: (09/26/2023 10:59:46 AM) (Source: DCOM) (EventID: 10010) (User: GUIVERMELHO)
Description: O servidor {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} não se registrou no DCOM dentro do tempo limite necessário.

Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Predator Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço FileSyncHelper foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço NVIDIA Display Container LS foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 6000 milissegundos: Reiniciar o serviço.

Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Microsoft Office Click-to-Run Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Killer Network Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço McAfee WebAdvisor foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1 milissegundos: Reiniciar o serviço.

Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Killer Dynamic Bandwidth Management foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Windows Defender:
================
Date: 2023-08-23 06:48:13
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Contebrew.A!ml&threatid=251873&enterprise=0
Nome: Program:Win32/Contebrew.A!ml
Gravidade: Alto
Categoria: Modificador de Configurações
Caminho: file:_C:\Users\guilh\Downloads\Adobe.Acrobat.Pro.DC.v2022.001.20085.exe
Origem da Detecção: Computador local
Tipo da Detecção: FastPath
Fonte da Detecção: Proteção em Tempo Real
Usuário: GuiVermelho\guilh
Nome do Processo: C:\Windows\explorer.exe
Versão da Inteligência de Segurança: AV: 1.395.1105.0, AS: 1.395.1105.0, NIS: 1.395.1105.0
Versão do Mecanismo: AM: 1.1.23070.1005, NIS: 1.1.23070.1005

CodeIntegrity:
===============
Date: 2023-09-26 10:48:48
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.11.279.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.

Date: 2023-09-26 10:48:18
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.11.279.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements.

==================== Informações da Memória ===========================

BIOS: Insyde Corp. V2.05 04/12/2023
placa-mãe: ADL Jimny_ADH
Processador: 12th Gen Intel(R) Core(TM) i5-12450H
Percentagem de memória em uso: 48%
RAM física total: 7901.05 MB
RAM física disponível: 4062.48 MB
Virtual Total: 10973.05 MB
Virtual disponível: 5216.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:397.15 GB) (Free:328.74 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS
Drive d: (WINDRIVER) (Fixed) (Total:20 GB) (Free:5.64 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS

\\?\Volume{babfb7f2-327b-47f8-bc2c-f4b7eabdc326}\ (EFI) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 0FC3CF86)

Partition: GPT.

==================== Fim de Addition.txt =======================

~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of clean in 00h00mn36s

---\\ Reports (2)
ZHPCleaner-[S]-26092023-11_00_01.txt
ZHPCleaner-[R]-26092023-11_01_48.txt

Elias Pereira · 27 de setembro de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:

File: C:\Perform\system.vbs
File: C:\Netframework.4.5.2\Audio system.vbs
File: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk
File: C:\Program Files\cmclient\CMClient.exe

HKLM-x32\...\Run: [] => [X]
S2 ACCSvc; "C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe" [X]

Task: {AB28516B-FCD3-481C-8EDA-D26FA8816B97} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe  -auto (Nenhum Arquivo)
Task: {03768D52-5397-46F6-9404-AC20EC436D5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe  (Nenhum Arquivo)
Task: {65532448-C145-49C5-B05D-389973E60B07} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {CF26937B-FE54-41A5-B8A3-D5986CF41D59} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {AF75F4D6-2296-498C-B976-586DCC5CFD9A} - System32\Tasks\audio system => C:\Perform\update.vbs  (Nenhum Arquivo)
Task: {0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D} - System32\Tasks\Driver Booster SkipUAC (guilh) => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\DriverBooster.exe [8966120 2023-07-27] (IObit CO., LTD -> IObit)
Task: {1866B25B-8067-4F5F-8B61-D3B8888F581C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\AutoUpdate.exe [2516968 2023-06-13] (IObit CO., LTD -> IObit)
Task: {C59F40E0-7B31-49F5-8CC4-8BF0537D2407} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe"  /c (Nenhum Arquivo)
Task: {5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe"  /ua /installsource scheduler (Nenhum Arquivo)
Task: {C8C25885-F528-475C-8C7D-C61CD10197D5} - System32\Tasks\iTop Summer Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopsump23.exe"  /sum (Nenhum Arquivo)
Task: {475868C0-5FC0-427B-B5AB-3472F6BF6892} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {88D56762-D568-4F5B-A809-C403A6C827A3} - System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\WPS\1.11.279.1\dad\mc-dad.exe [4379528 2023-09-12] (McAfee, LLC -> McAfee, LLC)
Task: {C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {A155A82B-9E51-48CF-A477-D10075016515} - System32\Tasks\McAfee\WPS\McAfee Sustainability => C:\Program Files\McAfee\WPS\1.11.279.1\sustainability\mc-sustainability.exe [778816 2023-09-12] (McAfee, LLC -> McAfee, LLC)
Task: {5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {1283FDD0-291D-4775-A11D-2B6EE2D9A2DA} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {B54F2BA6-417F-437E-B81C-265EE5A1C6B3} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {56EFF8C7-F360-4B48-B402-1ABF6763AB84} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {2BB25299-DD12-4A55-A8F2-871A76A0A421} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2}
Task: {7E4F884A-4B65-4572-95C8-75A72035EC76} - System32\Tasks\McAfee\WPS\WPSPush => \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe [819400 2023-09-12] (McAfee, LLC -> )
Task: {470FD3C7-F7B6-430C-9160-31C3D0723EF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {89DB786A-3BCD-4ED9-9A28-4E689B55B665} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7DD50F2E-9467-4B35-8754-5F0DC7FB8A26} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {71136401-2E5A-477F-8C50-D95564CDEA05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA0F5D0F-DBA1-46DC-B35A-FE00325EF813} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-09-17] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Nenhum Arquivo)
Task: {A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3} - System32\Tasks\NitroSense => C:\Program Files\Acer\NitroSense Service\PSLauncher.exe [609640 2023-01-05] (Acer Incorporated -> Acer Incorporated)
Task: {C937BDAE-E1AF-438E-BF9D-115E21D7BB91} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF5DDFC7-50BD-4989-B899-33CC98D12EA6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CB4A7E3-1E03-42BB-AE20-88C0F397B181} - System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe  -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\guilh\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {37E30BB7-8F3B-4D5D-AB99-07F690D33DCC} - System32\Tasks\Opera scheduled Autoupdate 1694556305 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe  --scheduledautoupdate $(Arg0) (Nenhum Arquivo)
Task: {1F1F8B45-A057-40EF-80B6-113D793A9A7A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-02] (Acer Incorporated -> Acer Incorporated)

CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow

RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

Clique no botão

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Guilherme Vermelho · 27 de setembro de 2023

Bom dia,

Obrigado pela ajuda!

Ao fim da correção o computador foi reiniciado e quando foi iniciado recebi as mesmas mensagens de erro.

Segue o log gerado:

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023
Executado por guilh (27-09-2023 12:34:41) Run:1
Executando a partir de C:\Users\guilh\Desktop
Perfis Carregados: guilh
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:

File: C:\Perform\system.vbs
File: C:\Netframework.4.5.2\Audio system.vbs
File: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk
File: C:\Program Files\cmclient\CMClient.exe

HKLM-x32\...\Run: [] => [X]
S2 ACCSvc; "C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe" [X]

Task: {AB28516B-FCD3-481C-8EDA-D26FA8816B97} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (Nenhum Arquivo)
Task: {03768D52-5397-46F6-9404-AC20EC436D5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Nenhum Arquivo)
Task: {65532448-C145-49C5-B05D-389973E60B07} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {CF26937B-FE54-41A5-B8A3-D5986CF41D59} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {AF75F4D6-2296-498C-B976-586DCC5CFD9A} - System32\Tasks\audio system => C:\Perform\update.vbs (Nenhum Arquivo)
Task: {0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D} - System32\Tasks\Driver Booster SkipUAC (guilh) => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\DriverBooster.exe [8966120 2023-07-27] (IObit CO., LTD -> IObit)
Task: {1866B25B-8067-4F5F-8B61-D3B8888F581C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\AutoUpdate.exe [2516968 2023-06-13] (IObit CO., LTD -> IObit)
Task: {C59F40E0-7B31-49F5-8CC4-8BF0537D2407} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Nenhum Arquivo)
Task: {5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (Nenhum Arquivo)
Task: {C8C25885-F528-475C-8C7D-C61CD10197D5} - System32\Tasks\iTop Summer Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopsump23.exe" /sum (Nenhum Arquivo)
Task: {475868C0-5FC0-427B-B5AB-3472F6BF6892} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {88D56762-D568-4F5B-A809-C403A6C827A3} - System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\WPS\1.11.279.1\dad\mc-dad.exe [4379528 2023-09-12] (McAfee, LLC -> McAfee, LLC)
Task: {C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {A155A82B-9E51-48CF-A477-D10075016515} - System32\Tasks\McAfee\WPS\McAfee Sustainability => C:\Program Files\McAfee\WPS\1.11.279.1\sustainability\mc-sustainability.exe [778816 2023-09-12] (McAfee, LLC -> McAfee, LLC)
Task: {5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {1283FDD0-291D-4775-A11D-2B6EE2D9A2DA} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {B54F2BA6-417F-437E-B81C-265EE5A1C6B3} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {56EFF8C7-F360-4B48-B402-1ABF6763AB84} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {2BB25299-DD12-4A55-A8F2-871A76A0A421} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2}
Task: {7E4F884A-4B65-4572-95C8-75A72035EC76} - System32\Tasks\McAfee\WPS\WPSPush => \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe [819400 2023-09-12] (McAfee, LLC -> )
Task: {470FD3C7-F7B6-430C-9160-31C3D0723EF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {89DB786A-3BCD-4ED9-9A28-4E689B55B665} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {7DD50F2E-9467-4B35-8754-5F0DC7FB8A26} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {71136401-2E5A-477F-8C50-D95564CDEA05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {EA0F5D0F-DBA1-46DC-B35A-FE00325EF813} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-09-17] (Microsoft Windows -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Nenhum Arquivo)
Task: {A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3} - System32\Tasks\NitroSense => C:\Program Files\Acer\NitroSense Service\PSLauncher.exe [609640 2023-01-05] (Acer Incorporated -> Acer Incorporated)
Task: {C937BDAE-E1AF-438E-BF9D-115E21D7BB91} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {EF5DDFC7-50BD-4989-B899-33CC98D12EA6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {4CB4A7E3-1E03-42BB-AE20-88C0F397B181} - System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\guilh\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {37E30BB7-8F3B-4D5D-AB99-07F690D33DCC} - System32\Tasks\Opera scheduled Autoupdate 1694556305 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo)
Task: {1F1F8B45-A057-40EF-80B6-113D793A9A7A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-02] (Acer Incorporated -> Acer Incorporated)

CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow

RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.

========================= File: C:\Perform\system.vbs ========================

C:\Perform\system.vbs
Arquivo não assinado
MD5: 41E008FA98C4431C4CEBEA068FC38D05
Data de criação e modificação: 2023-08-22 21:35 - 2022-03-31 01:58
Tamanho: 000000075
Atributos: ---AH
Nome Da Empresa:
Interno Nome:
Original Nome:
Produto:
Descrição:
Arquivo Versão:
Produto Versão:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/f1693021ac9058a21c7c2836f38aa4c3e35c34cacb61ecbe6844ea46d3222a08/detection/f-f1693021ac9058a21c7c2836f38aa4c3e35c34cacb61ecbe6844ea46d3222a08-1694813476

====== Fim de File: ======

========================= File: C:\Netframework.4.5.2\Audio system.vbs ========================

C:\Netframework.4.5.2\Audio system.vbs
Arquivo não assinado
MD5: 261EBC81437C78656A3E089EEF3FBE0B
Data de criação e modificação: 2023-08-22 21:35 - 2023-01-29 22:20
Tamanho: 000000146
Atributos: ----A
Nome Da Empresa:
Interno Nome:
Original Nome:
Produto:
Descrição:
Arquivo Versão:
Produto Versão:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/b5fdf55c965f25abfc79009b5764106fbf9e55fa56f1d559b1a173e4850dc00e/detection/f-b5fdf55c965f25abfc79009b5764106fbf9e55fa56f1d559b1a173e4850dc00e-1692882467

====== Fim de File: ======

========================= File: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk ========================

C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk
Arquivo não assinado
MD5: 59E5E63C66D400F6C1AF35DCC1C7702A
Data de criação e modificação: 2023-08-22 21:35 - 2023-09-18 09:41
Tamanho: 000000740
Atributos: ----A
Nome Da Empresa:
Interno Nome:
Original Nome:
Produto:
Descrição:
Arquivo Versão:
Produto Versão:
Copyright:
VirusTotal: 0

====== Fim de File: ======

========================= File: C:\Program Files\cmclient\CMClient.exe ========================

C:\Program Files\cmclient\CMClient.exe
O arquivo é assinado digitalmente
MD5: FA953E3714AE54DF88FF18B90220F4BA
Data de criação e modificação: 2023-08-22 22:05 - 2023-07-29 15:25
Tamanho: 033426480
Atributos: ----A
Nome Da Empresa: 广东盈世计算机科技有限公司 ->
Interno Nome:
Original Nome:
Produto:
Descrição:
Arquivo Versão:
Produto Versão:
Copyright:
VirusTotal: https://www.virustotal.com/gui/file/0ba87b1eb30d56e221479368568e6d6e9f13148e2d3bcd2f43a11daf18e228ac/detection/f-0ba87b1eb30d56e221479368568e6d6e9f13148e2d3bcd2f43a11daf18e228ac-1693544730

====== Fim de File: ======

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\ACCSvc => removido (a) com sucesso.
ACCSvc => o serviço removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB28516B-FCD3-481C-8EDA-D26FA8816B97}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB28516B-FCD3-481C-8EDA-D26FA8816B97}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\ACC => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACC" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03768D52-5397-46F6-9404-AC20EC436D5C}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03768D52-5397-46F6-9404-AC20EC436D5C}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65532448-C145-49C5-B05D-389973E60B07}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65532448-C145-49C5-B05D-389973E60B07}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\AdobeGCInvoker-1.0 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF26937B-FE54-41A5-B8A3-D5986CF41D59}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF26937B-FE54-41A5-B8A3-D5986CF41D59}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe-Genuine-Software-Integrity-Scheduler-1.0" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AF75F4D6-2296-498C-B976-586DCC5CFD9A}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF75F4D6-2296-498C-B976-586DCC5CFD9A}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\audio system => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\audio system" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (guilh) => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (guilh)" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1866B25B-8067-4F5F-8B61-D3B8888F581C}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1866B25B-8067-4F5F-8B61-D3B8888F581C}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Driver Booster Update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C59F40E0-7B31-49F5-8CC4-8BF0537D2407}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C59F40E0-7B31-49F5-8CC4-8BF0537D2407}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8C25885-F528-475C-8C7D-C61CD10197D5}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8C25885-F528-475C-8C7D-C61CD10197D5}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\iTop Summer Task (One-Time) => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTop Summer Task (One-Time)" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{475868C0-5FC0-427B-B5AB-3472F6BF6892}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{475868C0-5FC0-427B-B5AB-3472F6BF6892}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\amwebapitriggertask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\amwebapitriggertask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88D56762-D568-4F5B-A809-C403A6C827A3}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D56762-D568-4F5B-A809-C403A6C827A3}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\DAD.WPS.Execute.Updates" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\datupdatetask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\datupdatetask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A155A82B-9E51-48CF-A477-D10075016515}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A155A82B-9E51-48CF-A477-D10075016515}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\McAfee Sustainability => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Sustainability" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\mcpcoscanner => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\mcpcoscanner" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1283FDD0-291D-4775-A11D-2B6EE2D9A2DA}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1283FDD0-291D-4775-A11D-2B6EE2D9A2DA}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\NGMCadence => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\NGMCadence" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B54F2BA6-417F-437E-B81C-265EE5A1C6B3}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B54F2BA6-417F-437E-B81C-265EE5A1C6B3}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\odsscheduledtask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\odsscheduledtask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{56EFF8C7-F360-4B48-B402-1ABF6763AB84}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56EFF8C7-F360-4B48-B402-1ABF6763AB84}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\systemrebootedtask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\systemrebootedtask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BB25299-DD12-4A55-A8F2-871A76A0A421}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB25299-DD12-4A55-A8F2-871A76A0A421}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\Update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\Update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E4F884A-4B65-4572-95C8-75A72035EC76}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E4F884A-4B65-4572-95C8-75A72035EC76}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\McAfee\WPS\WPSPush => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\WPSPush" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{470FD3C7-F7B6-430C-9160-31C3D0723EF0}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{470FD3C7-F7B6-430C-9160-31C3D0723EF0}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89DB786A-3BCD-4ED9-9A28-4E689B55B665}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89DB786A-3BCD-4ED9-9A28-4E689B55B665}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DD50F2E-9467-4B35-8754-5F0DC7FB8A26}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DD50F2E-9467-4B35-8754-5F0DC7FB8A26}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{71136401-2E5A-477F-8C50-D95564CDEA05}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71136401-2E5A-477F-8C50-D95564CDEA05}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA0F5D0F-DBA1-46DC-B35A-FE00325EF813}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA0F5D0F-DBA1-46DC-B35A-FE00325EF813}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Office\Office Performance Monitor => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Performance Monitor" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppxDeploymentClient\UCPD velocity" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\NitroSense => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NitroSense" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C937BDAE-E1AF-438E-BF9D-115E21D7BB91}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C937BDAE-E1AF-438E-BF9D-115E21D7BB91}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\OneDrive Per-Machine Standalone Update Task => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Per-Machine Standalone Update Task" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF5DDFC7-50BD-4989-B899-33CC98D12EA6}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF5DDFC7-50BD-4989-B899-33CC98D12EA6}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CB4A7E3-1E03-42BB-AE20-88C0F397B181}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB4A7E3-1E03-42BB-AE20-88C0F397B181}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1694556311" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37E30BB7-8F3B-4D5D-AB99-07F690D33DCC}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E30BB7-8F3B-4D5D-AB99-07F690D33DCC}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1694556305 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1694556305" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F1F8B45-A057-40EF-80B6-113D793A9A7A}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F1F8B45-A057-40EF-80B6-113D793A9A7A}" => removido (a) com sucesso.
C:\Windows\System32\Tasks\Software Update Application => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Update Application" => removido (a) com sucesso.

========= ipconfig /flushdns =========

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========

========= netsh advfirewall reset =========

Ok.

========= Fim de CMD: =========

========= DISM /Online /Cleanup-Image /RestoreHealth =========

Ferramenta de Gerenciamento e Manuten‡Æo de Imagens de Implanta‡Æo
VersÆo: 10.0.22621.1

VersÆo da Imagem: 10.0.22621.2283

[== 3.8% ]

[== 4.8% ]

[=== 5.7% ]

[=== 6.7% ]

[==== 7.7% ]

[===== 8.7% ]

[===== 9.4% ]

[====== 10.4% ]

[====== 11.4% ]

[======= 12.4% ]

[======= 13.4% ]

[======== 14.3% ]

[======== 15.3% ]

[========= 16.3% ]

[========== 17.3% ]

[========== 18.3% ]

[=========== 19.2% ]

[=========== 20.2% ]

[============ 20.9% ]

[============ 21.9% ]

[============= 22.4% ]

[============= 22.5% ]

[============= 23.5% ]

[============== 24.5% ]

[============== 25.4% ]

[=============== 26.4% ]

[=============== 27.4% ]

[================ 28.4% ]

[================ 29.1% ]

[================= 30.0% ]

[================= 31.0% ]

[================== 32.0% ]

[=================== 33.0% ]

[=================== 34.0% ]

[==================== 34.9% ]

[==================== 35.5% ]

[==================== 35.8% ]

[==================== 36.1% ]

[===================== 37.1% ]

[====================== 38.0% ]

[====================== 39.0% ]

[======================= 40.0% ]

[======================= 40.7% ]

[======================= 41.1% ]

[======================== 41.6% ]

[======================== 42.1% ]

[======================== 42.3% ]

[======================== 43.0% ]

[========================= 43.7% ]

[========================= 44.3% ]

[========================== 45.1% ]

[========================== 46.0% ]

[===========================47.0% ]

[===========================48.0% ]

[===========================49.0% ]

[===========================50.0% ]

[===========================50.9% ]

[===========================51.9% ]

[===========================52.9% ]

[===========================53.2% ]

[===========================53.3% ]

[===========================53.4% ]

[===========================53.5% ]

[===========================53.6% ]

[===========================53.7% ]

[===========================53.8% ]

[===========================53.9% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.3% ]

[===========================54.4% ]

[===========================54.5% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.1% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.4% ]

[===========================55.5% ]

[===========================55.6% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================56.0% ]

[===========================56.3% ]

[===========================56.5% ]

[===========================56.6% ]

[===========================56.8% ]

[===========================57.1%= ]

[===========================57.8%= ]

[===========================58.8%== ]

[===========================59.5%== ]

[===========================62.3%==== ]

[===========================77.4%============ ]

[===========================84.9%================= ]

[==========================100.0%==========================]
Opera‡Æo de restaura‡Æo conclu¡da com ˆxito.
A opera‡Æo foi conclu¡da com ˆxito.

========= Fim de CMD: =========

========= SFC /scannow =========

Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído.

Iniciando fase de verificação de verificação do sistema.

Verificação 0% concluída.
Verificação 1% concluída.
Verificação 2% concluída.
Verificação 2% concluída.
Verificação 3% concluída.
Verificação 4% concluída.
Verificação 4% concluída.
Verificação 5% concluída.
Verificação 6% concluída.
Verificação 6% concluída.
Verificação 7% concluída.
Verificação 8% concluída.
Verificação 8% concluída.
Verificação 9% concluída.
Verificação 10% concluída.
Verificação 11% concluída.
Verificação 11% concluída.
Verificação 12% concluída.
Verificação 13% concluída.
Verificação 13% concluída.
Verificação 14% concluída.
Verificação 15% concluída.
Verificação 15% concluída.
Verificação 16% concluída.
Verificação 17% concluída.
Verificação 17% concluída.
Verificação 18% concluída.
Verificação 19% concluída.
Verificação 20% concluída.
Verificação 20% concluída.
Verificação 21% concluída.
Verificação 22% concluída.
Verificação 22% concluída.
Verificação 23% concluída.
Verificação 24% concluída.
Verificação 24% concluída.
Verificação 25% concluída.
Verificação 26% concluída.
Verificação 26% concluída.
Verificação 27% concluída.
Verificação 28% concluída.
Verificação 28% concluída.
Verificação 29% concluída.
Verificação 30% concluída.
Verificação 31% concluída.
Verificação 31% concluída.
Verificação 32% concluída.
Verificação 33% concluída.
Verificação 33% concluída.
Verificação 34% concluída.
Verificação 35% concluída.
Verificação 35% concluída.
Verificação 36% concluída.
Verificação 37% concluída.
Verificação 37% concluída.
Verificação 38% concluída.
Verificação 39% concluída.
Verificação 40% concluída.
Verificação 40% concluída.
Verificação 41% concluída.
Verificação 42% concluída.
Verificação 42% concluída.
Verificação 43% concluída.
Verificação 44% concluída.
Verificação 44% concluída.
Verificação 45% concluída.
Verificação 46% concluída.
Verificação 46% concluída.
Verificação 47% concluída.
Verificação 48% concluída.
Verificação 48% concluída.
Verificação 49% concluída.
Verificação 50% concluída.
Verificação 51% concluída.
Verificação 51% concluída.
Verificação 52% concluída.
Verificação 53% concluída.
Verificação 53% concluída.
Verificação 54% concluída.
Verificação 55% concluída.
Verificação 55% concluída.
Verificação 56% concluída.
Verificação 57% concluída.
Verificação 57% concluída.
Verificação 58% concluída.
Verificação 59% concluída.
Verificação 60% concluída.
Verificação 60% concluída.
Verificação 61% concluída.
Verificação 62% concluída.
Verificação 62% concluída.
Verificação 63% concluída.
Verificação 64% concluída.
Verificação 64% concluída.
Verificação 65% concluída.
Verificação 66% concluída.
Verificação 66% concluída.
Verificação 67% concluída.
Verificação 68% concluída.
Verificação 68% concluída.
Verificação 69% concluída.
Verificação 70% concluída.
Verificação 71% concluída.
Verificação 71% concluída.
Verificação 72% concluída.
Verificação 73% concluída.
Verificação 73% concluída.
Verificação 74% concluída.
Verificação 75% concluída.
Verificação 75% concluída.
Verificação 76% concluída.
Verificação 77% concluída.
Verificação 77% concluída.
Verificação 78% concluída.
Verificação 79% concluída.
Verificação 80% concluída.
Verificação 80% concluída.
Verificação 81% concluída.
Verificação 82% concluída.
Verificação 82% concluída.
Verificação 83% concluída.
Verificação 84% concluída.
Verificação 84% concluída.
Verificação 85% concluída.
Verificação 86% concluída.
Verificação 86% concluída.
Verificação 87% concluída.
Verificação 88% concluída.
Verificação 88% concluída.
Verificação 89% concluída.
Verificação 90% concluída.
Verificação 91% concluída.
Verificação 91% concluída.
Verificação 92% concluída.
Verificação 93% concluída.
Verificação 93% concluída.
Verificação 94% concluída.
Verificação 95% concluída.
Verificação 95% concluída.
Verificação 96% concluída.
Verificação 97% concluída.
Verificação 97% concluída.
Verificação 98% concluída.
Verificação 99% concluída.
Verificação 100% concluída.

A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito.
Para reparos online, os detalhes são incluídos no arquivo de log CBS localizado em
windir\Logs\CBS\CBS.log. Por exemplo, C:\Windows\Logs\CBS\CBS.log. Para reparos
offline, os detalhes são incluídos no arquivo de log fornecido pelo sinalizador /OFFLOGFILE.

========= Fim de CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.

========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

FlushDNS => completado
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16925342 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 54427303 B
Windows/system/drivers => 142143177 B
Edge => 0 B
Chrome => 1322279796 B
Firefox => 0 B
Opera => 13434917 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 11912107 B
systemprofile32 => 11912129 B
LocalService => 11960341 B
NetworkService => 11983497 B
guilh => 298996539 B

RecycleBin => 54676143 B
EmptyTemp: => 1.8 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 12:51:00 ====

Elias Pereira · 27 de setembro de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:

C:\Perform\system.vbs
C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk

SearchAll: audio.exe,grservices.exe

CMD: ipconfig /flushdns
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Clique com o direito sobre o arquivo FRST.EXE, depois execute como Administrador

Clique no botão SEARCH/BUSCAR

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

PROXIMO PASSO

Poste uma imagem com os erros mencionados.

Guilherme Vermelho · 27 de setembro de 2023

Olá,

Não encontrei o botão de SEARCH ou BUSCAR no FRST64.exe. No programa só havia as opções ANALISAR, PESQUISAR ARQUIVOS, PESQUISAR REGISTRO e CORRIGIR.

Realizei o mesmo procedimento da etapa anterior, clicando na opção de CORRIGIR.

Ao finalizar o procedimento, o computador foi reiniciado e o erro Audio.exe persiste. Não recebi mais o erro "grservices.exe".

Segue o log gerado:

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023
Executado por guilh (27-09-2023 14:18:14) Run:2
Executando a partir de C:\Users\guilh\Desktop
Perfis Carregados: guilh
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:

C:\Perform\system.vbs
C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk

SearchAll: audio.exe,grservices.exe

CMD: ipconfig /flushdns
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
C:\Perform\system.vbs => movido com sucesso
C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk => movido com sucesso
SearchAll: audio.exe,grservices.exe => Erro: Nenhuma correção automática foi encontrada para esta entrada.

========= ipconfig /flushdns =========

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========

Ponto de Restauração criado com sucesso.

O sistema precisou ser reiniciado.

==== Fim de Fixlog 14:18:28 ====

Elias Pereira · 27 de setembro de 2023

Execute novamente o FRST.exe como Administrador

Na area de pesquisa da tela inicial cole o conteudo abaixo:

SearchAll: audio.exe,grservices.exe

Clique em Pesquisar.

Abra o log search.txt, copie e cole o conteudo na sua proxima resposta.

Guilherme Vermelho · 28 de setembro de 2023

Olá,

Testei com as duas opções, PESQUISAR ARQUIVOS e PESQUISAR REGISTRO.

Segue o Log do PESQUISAR ARQUIVOS

Farbar Recovery Scan Tool (x64) Versão: 25-09-2023
Executado por guilh (28-09-2023 14:20:13)
Executando a partir de C:\Users\guilh\Desktop
Modo da Inicialização: Normal

================== Pesquisar Arquivos: "SearchAll: audio.exe,grservices.exe" =============

Arquivo:
========

pasta:
========

Registro:
========

====== Fim de Pesquisar ======

Segue o log do PESQUISAR REGISTRO

Farbar Recovery Scan Tool (x64) Versão: 25-09-2023
Executado por guilh (28-09-2023 14:23:51)
Executando a partir de C:\Users\guilh\Desktop
Modo da Inicialização: Normal

================== Pesquisar Registro: "SearchAll: audio.exe,grservices.exe" ===========

====== Fim de Pesquisar ======

Elias Pereira · 29 de setembro de 2023

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:
StartBatch:
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig" /s
reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s
EndBatch:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Clique com o direito sobre o arquivo FRST.EXE, depois execute como Administrador

Clique no botão SEARCH/BUSCAR

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Guilherme Vermelho · 29 de setembro de 2023

Olá,

Não encontrei o botão de SEARCH ou BUSCAR no FRST64.exe. No programa só havia as opções ANALISAR, PESQUISAR ARQUIVOS, PESQUISAR REGISTRO e CORRIGIR.

Realizei o mesmo procedimento da etapa anterior, clicando na opção de CORRIGIR.

Ao finalizar o procedimento, o computador foi reiniciado e o erro Audio.exe persiste.

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023
Executado por guilh (29-09-2023 13:20:05) Run:3
Executando a partir de C:\Users\guilh\Desktop
Perfis Carregados: guilh
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
StartBatch:
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig" /s
reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s
EndBatch:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.

========= Batch: =========

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
OneDrive REG_SZ "C:\Program Files\Microsoft OneDrive\OneDrive.exe" /background
Google Update REG_SZ "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe"
MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D REG_SZ "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\state

ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SecurityHealth REG_EXPAND_SZ %windir%\system32\SecurityHealthSystray.exe
RtkAudUService REG_SZ "C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe" -background
AdobeGCInvoker-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
AdobeAAMUpdater-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Acrobat Assistant 8.0 REG_SZ "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
TeamsMachineInstaller REG_EXPAND_SZ %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS

ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.

========= Fim de Batch: =========

O sistema precisou ser reiniciado.

==== Fim de Fixlog 13:20:16 ====

Elias Pereira · 29 de setembro de 2023

Execute novamente o FRST.exe como administrador.

Abra os logs em separado, copie e cole o conteudo na sua proxima resposta.

Guilherme Vermelho · 2 de outubro de 2023

Bom dia,

Segue o log.

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023
Executado por guilh (02-10-2023 08:20:48) Run:4
Executando a partir de C:\Users\guilh\Desktop
Perfis Carregados: guilh
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
StartBatch:
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig" /s
reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /s
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /s
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s
EndBatch:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.

========= Batch: =========

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
OneDrive REG_SZ "C:\Program Files\Microsoft OneDrive\OneDrive.exe" /background
Google Update REG_SZ "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe"
MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D REG_SZ "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\state

ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SecurityHealth REG_EXPAND_SZ %windir%\system32\SecurityHealthSystray.exe
RtkAudUService REG_SZ "C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe" -background
AdobeGCInvoker-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
AdobeAAMUpdater-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
Acrobat Assistant 8.0 REG_SZ "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
TeamsMachineInstaller REG_EXPAND_SZ %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS

ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado.

========= Fim de Batch: =========

O sistema precisou ser reiniciado.

==== Fim de Fixlog 08:21:01 ====

Elias Pereira · 2 de outubro de 2023

Clique com o direito sobre o arquivo FRST64.EXE, depois clique em http://i.imgur.com/VRIfczU.png .

Aceite o contrato e depois clique no botão Scan/Examinar.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Guilherme Vermelho · 3 de outubro de 2023

Bom dia,

Seguem os logs:

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2023
Executado por guilh (administrador) em GUIVERMELHO (Acer Nitro AN515-58) (03-10-2023 08:24:11)
Executando a partir de C:\Users\guilh\Desktop\FRST64.exe
Perfis Carregados: guilh
Plataforma: Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Adobe Inc. -> Adobe Systems Inc.) [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe
(cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE
(drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
(DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_helper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome.exe <39>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_734ca279c9cf8df2\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_89d541b5fe7b9dc6\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_670360bdb5a40a0d\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
(services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe <2>
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe <3>
(svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\neo\core\mc-neo-host.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.2061_none_e9764a2042bb8e95\TiWorker.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe [1673008 2023-05-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) [Arquivo não assinado]
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142222176 2023-04-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Google Update] => "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" (Nenhum Arquivo)
HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc)
Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk [2023-09-18]
ShortcutTarget: Audio system.lnk -> C:\Netframework.4.5.2\Audio system.vbs () [Arquivo não assinado]
Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2023-09-27]
ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {5F1CB6D7-D0C5-4360-91AC-6910659D9ED3} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {ED067E53-E15E-4105-8A4A-899F205EEBD4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {55D107C6-901C-4424-8F3C-ABF145A479F7} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {6FFFABC0-6266-4279-A4D8-6F42D0EEB1E5} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {A02431B2-42B3-4F0A-B3DB-B94C4234BBD4} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {01F7E411-E886-4B44-AD3E-FADF0993632B} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D
Task: {A40AAC01-48B9-4BA1-A2BB-F804D23E27F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {861C1CE1-0795-41E6-8580-64FDB8E95C30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {110FE0D4-14E2-40BC-BDD5-69B7F0FE89F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {40BED165-CD79-4218-94BD-1A1A62C8BB25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2B24477D-BB12-4687-8FC2-AF343EEBAFC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {8A85DBD9-2607-4BA0-A34A-C8AA8EE809BF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8B873C9A-4E90-4485-AB27-DEEA15A381E2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B47DF9F1-BC83-4320-AC7A-9D2601BC7F4D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D96B710F-5C35-441B-9775-871BDAF9E31B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F95AD09B-A64C-487C-A97B-48A8F0BE6777} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2CFA7857-B1EF-43B2-ACDE-C13F0579B427} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {66E3EADB-E4FA-4E77-89E8-7758C5DE92B0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {302A1CF7-4890-4F79-99A5-BC0C51BBA18A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4E4EEE33-4788-4B24-8B78-1F25937A338B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 181.213.132.2 181.213.132.3
Tcpip\..\Interfaces\{48c4d171-290d-4b41-b940-f739f8dc8093}: [DhcpNameServer] 181.213.132.2 181.213.132.3

Edge:
=======
Edge Profile: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-03]
Edge Extension: (Documentos Google off-line) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26]
Edge Extension: (Edge relevant text changes) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-26]

FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default [2023-10-03]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-09-29]
CHR Extension: (Adobe Acrobat: ferramentas para editar, converter e assinar PDFs) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-26]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-09-26]
CHR Extension: (Google Docs offline) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26]
CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-26]
CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]

Opera:
=======
OPR DefaultProfile: Opera Stable
OPR Profile: C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable [2023-09-27]
OPR Extension: (Rich Hints Agent) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-09-12]
OPR Extension: (Opera Wallet) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-09-12]
OPR Extension: (Aria) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-09-12]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe [543888 2022-02-02] (Intel Corporation -> Intel Corporation)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
S2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5f98233769cf65a5\AS\IAS\IntelAudioService.exe [539992 2023-08-22] (Intel Corporation -> Intel)
R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe [2781312 2023-08-22] (Intel Corporation -> Intel Corporation)
S3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation)
R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2423160 2022-03-28] (Intel Corporation -> Intel)
R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2883448 2022-03-28] (Intel Corporation -> Intel)
R3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation)
R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe [2310472 2023-09-12] (McAfee, LLC -> McAfee, LLC)
S3 mc-wps-update; C:\Program Files\McAfee\WPS\1.11.279.1\mc-update.exe [5075896 2023-09-12] (McAfee, LLC -> McAfee, LLC)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-19] (McAfee, LLC -> McAfee, LLC)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
S3 PSSvc; C:\Program Files\Acer\NitroSense Service\PSSvc.exe [867176 2023-01-05] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [36800 2022-05-31] (Acer Incorporated -> Acer Incorporated)
S3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_e63a1a6682c5eed2\e2k68cx21x64.sys [619408 2022-03-08] (Realtek Semiconductor Corp. -> Realtek)
R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_5d49b801c1e48609\IntcUSB.sys [941976 2023-08-22] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_6808233353fa1d56\ipf_acpi.sys [87168 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_cpu.sys [80512 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_lf.sys [445056 2023-08-22] (Intel Corporation -> Intel Corporation)
R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [175848 2022-03-28] (Intel Corporation -> Rivet Networks, LLC.)
S0 mfeelam; C:\Windows\System32\DRIVERS\mfeelam.sys [18400 2023-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R0 mfesec; C:\Windows\System32\DRIVERS\mfesec.sys [82696 2023-09-12] (McAfee, LLC -> McAfee, LLC)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation)
R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [243768 2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation)
S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-09-17] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-09-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-05] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-10-03 08:24 - 2023-10-03 08:24 - 000024227 _____ C:\Users\guilh\Desktop\FRST.txt
2023-10-02 12:17 - 2023-10-02 12:17 - 005269765 _____ C:\Users\guilh\Desktop\LAUDO_DE_VISTROTIA_DE_ENTRADA_AV_SANTA_MARINA,_1588_-_APTO_16_BL02_.docx 1.pdf
2023-10-02 10:35 - 2023-10-02 10:35 - 000095385 _____ C:\Users\guilh\Downloads\PROPOSTA EFETIVADA.pdf
2023-10-02 08:48 - 2023-10-02 08:48 - 000163050 _____ C:\Users\guilh\Downloads\00 INFORMAÇÕES ASSOCIAR AO CLUBE DO BOSQUE 2023.pdf
2023-10-02 08:48 - 2023-10-02 08:48 - 000163050 _____ C:\Users\guilh\Downloads\00 INFORMAÇÕES ASSOCIAR AO CLUBE DO BOSQUE 2023 (1).pdf
2023-10-02 08:47 - 2023-10-02 08:47 - 000162562 _____ C:\Users\guilh\Desktop\Huahai Edoxaban Ethyl p-toluene sulfonate impurity evaluation.pdf
2023-10-02 08:29 - 2023-10-02 08:29 - 000732744 _____ C:\Windows\system32\prfh0416.dat
2023-10-02 08:29 - 2023-10-02 08:29 - 000146898 _____ C:\Windows\system32\prfc0416.dat
2023-10-02 08:18 - 2023-10-03 08:22 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2023-09-28 19:03 - 2023-09-28 19:03 - 001261502 _____ C:\Users\guilh\Downloads\Unidad 6.pdf
2023-09-28 16:59 - 2023-09-28 16:59 - 000066785 _____ C:\Users\guilh\Downloads\GpqytvF7i9Q
2023-09-28 16:55 - 2023-09-28 16:55 - 001325790 _____ C:\Users\guilh\Desktop\Vistoria.pdf
2023-09-27 18:45 - 2023-09-27 18:45 - 000000012 _____ C:\Windows\setlist.txt
2023-09-27 18:34 - 2023-09-27 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GitzWC
2023-09-27 18:33 - 2023-09-29 13:27 - 000000000 ____D C:\GitzWC
2023-09-27 18:31 - 2023-09-27 18:31 - 545525368 _____ (GitzWC, Inc. ) C:\Users\guilh\Downloads\Gitz_World_Champion_09.07.2023.exe
2023-09-27 16:28 - 2023-09-27 16:28 - 000000000 ____D C:\Program Files (x86)\Outbyte
2023-09-27 16:09 - 2023-09-27 16:27 - 000000000 ____D C:\Windows\system32\Tasks\Outbyte
2023-09-27 16:07 - 2023-09-27 16:08 - 026190888 _____ (Outbyte) C:\Users\guilh\Downloads\outbyte-pc-repair.exe
2023-09-27 15:02 - 2023-09-27 15:03 - 026190888 _____ (Outbyte) C:\Users\guilh\Downloads\Audio_exe-outbyte-pc-repair.exe
2023-09-27 12:51 - 2023-09-27 12:51 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001
2023-09-26 14:58 - 2023-09-27 08:09 - 000000000 ____D C:\Users\guilh\AppData\Local\NVIDIA Corporation
2023-09-26 14:58 - 2023-09-26 14:58 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-26 14:58 - 2023-09-26 14:58 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-26 14:58 - 2023-09-26 14:58 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-26 14:58 - 2023-09-26 14:58 - 000000000 ____D C:\Users\guilh\ansel
2023-09-26 14:58 - 2023-09-26 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2023-09-26 14:58 - 2023-01-20 13:45 - 002904632 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2023-09-26 14:58 - 2023-01-20 13:45 - 002234920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2023-09-26 14:58 - 2023-01-20 13:45 - 001297464 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2023-09-26 14:58 - 2023-01-12 23:34 - 000086568 _____ C:\Windows\system32\FvSDK_x64.dll
2023-09-26 14:58 - 2023-01-12 23:34 - 000075304 _____ C:\Windows\SysWOW64\FvSDK_x86.dll
2023-09-26 14:58 - 2022-12-13 06:27 - 000169512 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2023-09-26 14:58 - 2022-12-13 06:27 - 000148520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2023-09-26 14:57 - 2023-09-26 14:57 - 131458368 _____ (NVIDIA Corporation) C:\Users\guilh\Downloads\GeForce_Experience_v3.27.0.112.exe
2023-09-26 14:57 - 2023-09-26 14:57 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-26 14:57 - 2023-09-26 14:57 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2023-09-26 14:57 - 2022-10-14 04:06 - 000059928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2023-09-26 14:57 - 2022-07-13 20:32 - 000060112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2023-09-26 13:52 - 2023-09-26 13:52 - 000000000 ____D C:\Users\guilh\AppData\Local\UnrealEngine
2023-09-26 13:52 - 2023-09-26 13:52 - 000000000 ____D C:\Users\guilh\AppData\Local\StateOfDecay2
2023-09-26 13:33 - 2023-09-26 13:33 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-09-26 11:35 - 2023-09-26 11:35 - 000000000 ____D C:\ProgramData\Tencent
2023-09-26 11:34 - 2023-09-26 11:34 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Tencent
2023-09-26 11:34 - 2023-09-26 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeChat
2023-09-26 11:33 - 2023-09-26 11:33 - 000000000 ____D C:\Program Files\Tencent
2023-09-26 11:30 - 2023-09-26 11:31 - 000000000 ____D C:\Users\guilh\AppData\Roaming\iTop Data Recovery
2023-09-26 11:30 - 2023-09-26 11:30 - 000000000 ____D C:\ProgramData\ProductData3
2023-09-26 11:29 - 2023-09-26 11:29 - 028452408 _____ (IObit ) C:\Users\guilh\Downloads\iobituninstaller.exe
2023-09-26 11:20 - 2023-09-26 11:20 - 000114088 _____ C:\Users\guilh\Downloads\darf.pdf
2023-09-26 11:19 - 2023-09-28 16:55 - 000000000 ____D C:\Users\guilh\AppData\LocalLow\Temp
2023-09-26 11:05 - 2023-10-03 08:24 - 000000000 ____D C:\FRST
2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Downloads\FRST64.exe
2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Desktop\FRST64.exe
2023-09-26 11:01 - 2023-09-26 11:01 - 000011461 _____ C:\Users\guilh\Desktop\ZHPCleaner (R).html
2023-09-26 11:00 - 2023-09-26 11:00 - 000011172 _____ C:\Users\guilh\Desktop\ZHPCleaner (S).html
2023-09-26 10:51 - 2023-09-26 11:01 - 000000000 ____D C:\Users\guilh\AppData\Roaming\ZHP
2023-09-26 10:51 - 2023-09-26 10:52 - 000000875 _____ C:\Users\guilh\Desktop\ZHPCleaner.lnk
2023-09-26 10:51 - 2023-09-26 10:51 - 003343008 _____ (Nicolas Coolman) C:\Users\guilh\Downloads\ZHPCleaner.exe
2023-09-26 10:51 - 2023-09-26 10:51 - 000000000 ____D C:\Users\guilh\AppData\Local\ZHP
2023-09-26 10:46 - 2023-09-26 10:50 - 000000000 ____D C:\AdwCleaner
2023-09-26 10:44 - 2023-09-26 10:44 - 008791352 _____ (Malwarebytes) C:\Users\guilh\Downloads\adwcleaner.exe
2023-09-26 10:43 - 2023-09-26 13:26 - 000000000 ____D C:\Users\guilh\AppData\Local\Steam
2023-09-26 10:42 - 2023-09-27 18:38 - 000000000 ____D C:\Program Files (x86)\Steam
2023-09-26 10:42 - 2023-09-26 10:42 - 002296488 _____ C:\Users\guilh\Downloads\SteamSetup.exe
2023-09-26 10:42 - 2023-09-26 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-09-26 06:54 - 2023-09-26 06:54 - 004847296 _____ (Husdawg, LLC) C:\Users\guilh\Downloads\Detection.exe
2023-09-22 16:20 - 2023-09-22 16:20 - 002601711 _____ C:\Users\guilh\Downloads\USO DE MÉTODOS OFICIAIS_DIURNO.pdf
2023-09-20 16:32 - 2023-09-20 16:32 - 000082065 _____ C:\Users\guilh\Downloads\extrato_conta.pdf
2023-09-13 08:23 - 2023-09-13 08:23 - 000000000 ____D C:\Users\guilh\Documents\Modelos Personalizados do Office
2023-09-13 08:22 - 2023-09-13 08:22 - 000560409 _____ C:\Users\guilh\Downloads\3- 2023 Lista Consolidada DCB jul.xlsx
2023-09-12 19:05 - 2023-10-02 16:15 - 000000000 ____D C:\Users\guilh\AppData\Local\CrashDumps
2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files\EaseUS
2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files (x86)\EaseUS
2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\Users\guilh\AppData\Local\Opera Software
2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\ProgramData\SystemAcCrux
2023-09-12 19:05 - 2022-12-29 13:34 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\EPMVolFl0.sys
2023-09-12 19:04 - 2023-09-12 19:05 - 077004880 _____ (EaseUS ) C:\Users\guilh\Downloads\epm17.9_free_B.exe
2023-09-12 19:04 - 2023-09-12 19:04 - 001966984 _____ C:\Users\guilh\Downloads\epm_free_installer.793248.exe
2023-09-12 19:04 - 2023-09-12 19:04 - 001767600 _____ ( ) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer_R-sI6W1.exe
2023-09-12 19:04 - 2023-09-12 19:04 - 000098304 _____ (Hewlett-Packard Company) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer.exe
2023-09-12 19:04 - 2023-09-12 19:04 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Opera Software
2023-09-12 19:00 - 2023-09-12 18:59 - 000082696 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfesec.sys
2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\WPSInstallerTemp1
2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2023-09-07 10:46 - 2023-09-07 10:46 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\PowerPoint
2023-09-07 09:49 - 2023-10-02 09:06 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Excel
2023-09-06 10:49 - 2023-09-06 10:49 - 000120029 _____ C:\Users\guilh\Downloads\Escitalopram.pdf
2023-09-05 09:44 - 2023-09-21 08:25 - 000003446 _____ C:\Windows\SysWOW64\pubfreeware.ini
2023-09-05 09:14 - 2023-09-05 09:14 - 000000000 ____D C:\Users\guilh\AppData\Local\McAfee

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2023-10-03 08:22 - 2023-08-22 20:49 - 000000000 ____D C:\ProgramData\NVIDIA
2023-10-03 08:22 - 2023-08-22 20:42 - 000000000 ___RD C:\Users\guilh\OneDrive
2023-10-03 08:22 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-10-03 08:22 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\AppReadiness
2023-10-03 08:22 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-10-02 15:19 - 2023-08-22 21:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-10-02 15:19 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemTemp
2023-10-02 09:46 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\D3DSCache
2023-10-02 09:44 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-10-02 09:02 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Word
2023-10-02 08:29 - 2023-08-22 20:47 - 001682102 _____ C:\Windows\system32\PerfStringBackup.INI
2023-10-02 08:29 - 2022-05-07 02:22 - 000000000 ____D C:\Windows\INF
2023-10-02 08:21 - 2023-08-22 20:33 - 000012288 ___SH C:\DumpStack.log.tmp
2023-10-02 08:21 - 2023-08-22 20:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-10-02 08:21 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ServiceState
2023-10-02 08:21 - 2022-05-07 02:17 - 000524288 _____ C:\Windows\system32\config\BBI
2023-10-02 08:19 - 2023-08-22 20:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-29 08:01 - 2023-08-22 21:22 - 000000000 ____D C:\ProgramData\ProductData
2023-09-28 10:25 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\Packages
2023-09-27 15:15 - 2022-05-07 02:17 - 000000000 ____D C:\Windows\CbsTemp
2023-09-27 14:48 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Office
2023-09-27 14:18 - 2023-08-22 21:35 - 000000000 ___HD C:\Perform
2023-09-26 15:00 - 2023-08-22 20:49 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-09-26 14:58 - 2023-08-22 21:15 - 000000000 ____D C:\Users\guilh\AppData\Local\NVIDIA
2023-09-26 14:58 - 2023-08-22 20:49 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2023-09-26 14:58 - 2023-08-22 20:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2023-09-26 14:58 - 2023-08-22 20:39 - 000000000 ____D C:\Users\guilh
2023-09-26 13:51 - 2023-08-22 20:47 - 000000000 ____D C:\ProgramData\Package Cache
2023-09-26 11:35 - 2023-08-23 18:44 - 000000000 ____D C:\Users\guilh\Documents\WeChat Files
2023-09-26 11:31 - 2023-08-22 21:23 - 000000000 ____D C:\ProgramData\iTop
2023-09-26 11:30 - 2023-08-22 21:22 - 000000000 ____D C:\Program Files (x86)\IObit
2023-09-26 11:17 - 2023-08-22 21:21 - 000000000 ____D C:\ProgramData\IObit
2023-09-26 11:15 - 2023-08-22 21:12 - 000000000 ____D C:\ProgramData\Acer
2023-09-26 11:14 - 2023-08-23 18:33 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-26 11:01 - 2023-08-22 21:16 - 000000000 ____D C:\Users\guilh\AppData\Local\Google
2023-09-26 11:00 - 2023-08-22 21:18 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome
2023-09-26 10:50 - 2023-08-22 21:21 - 000000000 ____D C:\Users\guilh\AppData\Roaming\IObit
2023-09-26 10:50 - 2023-08-22 21:12 - 000000000 ____D C:\Program Files (x86)\Acer
2023-09-25 18:11 - 2023-08-22 20:35 - 000000000 ____D C:\ProgramData\Packages
2023-09-25 14:20 - 2023-08-22 21:51 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-20 19:15 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\NDF
2023-09-18 09:31 - 2023-08-22 21:35 - 000000000 ___HD C:\Netframework.4.5.2
2023-09-18 09:22 - 2023-08-23 00:27 - 000000000 ____D C:\Windows\system32\MRT
2023-09-18 09:20 - 2023-08-23 00:27 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-18 09:20 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\AppLocker
2023-09-18 09:19 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-09-17 22:36 - 2023-08-22 21:48 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-17 22:35 - 2023-08-22 20:33 - 000496264 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\UUS
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemResources
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\oobe
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\Dism
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\appraiser
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellExperiences
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellComponents
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Provisioning
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\bcastdvr
2023-09-17 20:51 - 2023-08-22 20:37 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-17 20:46 - 2023-08-23 00:24 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2023-09-13 08:21 - 2023-08-22 22:11 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\UProof
2023-09-13 08:16 - 2023-09-01 18:53 - 000000000 ____D C:\ProgramData\McAfee
2023-09-13 08:15 - 2023-09-01 18:59 - 000000000 ____D C:\Program Files\McAfee
2023-09-12 20:49 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Registration
2023-09-12 19:04 - 2022-05-07 02:24 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-09-12 19:04 - 2022-05-07 02:17 - 000032768 _____ C:\Windows\system32\config\ELAM
2023-09-12 19:03 - 2023-09-01 18:59 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2023-09-12 19:00 - 2023-08-22 21:16 - 000002498 _____ C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-05 10:09 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\Panther
2023-09-05 09:00 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\Drivers\wd

==================== Arquivos na raiz de alguns diretórios ========

2023-09-01 18:53 - 2023-09-01 19:07 - 000000051 _____ () C:\Users\guilh\AppData\Roaming\MCVi2UserDetail.ini
2023-08-22 21:35 - 2023-08-22 21:35 - 000000410 _____ () C:\Users\guilh\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 25-09-2023
Executado por guilh (03-10-2023 08:24:55)
Executando a partir de C:\Users\guilh\Desktop
Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) (2023-08-22 23:35:07)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-1468474341-1498967642-3512864176-500 - Administrator - Disabled)
Convidado (S-1-5-21-1468474341-1498967642-3512864176-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1468474341-1498967642-3512864176-503 - Limited - Disabled)
guilh (S-1-5-21-1468474341-1498967642-3512864176-1001 - Administrator - Enabled) => C:\Users\guilh
WDAGUtilityAccount (S-1-5-21-1468474341-1498967642-3512864176-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: McAfee (Enabled - Up to date) {17E6E93C-6841-5FC7-DEB8-480FDC929279}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.)
Coremail Client V4.0 version 4.0.1.699 (HKLM\...\CMClient_is1) (Version: 4.0.1.699 - )
Documentos (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\547329c748b021098adbb041e9997af7) (Version: 1.0 - Google\Chrome)
Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.6.0 - IObit)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Dynamic Application Loader Host Interface Service (HKLM\...\{B31B8E7F-3C96-4A05-887F-78F3DB1E2FC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Gmail (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\a3baf68a4cbc856ea0b6f162cafbe8a3) (Version: 1.0 - Google\Chrome)
Google Chrome (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
Google Drive (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\92561bab538146c8d23631a9655f2def) (Version: 1.0 - Google\Chrome)
Gunbound Gitz World Champion versão 12 (HKLM-x32\...\{86521E8E-7AE9-41BA-9C01-ABA51C86DC43}_is1) (Version: 12 - GitzWC, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{B7BE54CB-2BAB-458E-99FF-46067A9D451E}) (Version: 10.1.18950.8297 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{128196ab-db0f-4c9e-b603-9c8d8b59934d}) (Version: 10.1.18950.8297 - Intel(R) Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2239.3.33.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{6633DA0D-F56A-42E4-9599-D37A640CAF36}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{C71B56FC-8255-4226-B3E4-6B81288A6A0B}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME WMI Provider (HKLM\...\{64528C16-C80F-4935-AF3A-946B86EB3EEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden
McAfee (HKLM\...\McAfee.WPS) (Version: 1.11.279.1 - McAfee, LLC)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft 365 Apps para Grandes Empresas - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.16731.20234 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Teams) (Version: 1.6.00.11166 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
NitroSense Service (HKLM\...\{6FC78E80-6385-43D6-8A43-FA80094F1A2E}) (Version: 3.01.3052 - Acer Incorporated)
NVIDIA Driver de áudio HD 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation)
NVIDIA Driver de gráficos 512.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.74 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation)
NVIDIA Software do sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9309.1 - Realtek Semiconductor Corp.)
Sheets (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\729e688ab6880be61f3228ca532f5f97) (Version: 1.0 - Google\Chrome)
Slides (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\7457603eb1d7d66885433bf216ff532c) (Version: 1.0 - Google\Chrome)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.11166 - Microsoft Corporation)
WebAdvisor da McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.836 - McAfee, LLC)
WeChat (HKLM-x32\...\WeChat) (Version: 3.9.6.33 - 腾讯科技(深圳)有限公司)
WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH)
YouTube (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\63c9d49a6b2c600986bb89cb0948ddcd) (Version: 1.0 - Google\Chrome)

Packages:
=========
Acer Purified Voice Console (R) -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPurifiedVoiceConsoleR_1.0.5.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated)
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt [2023-09-17] (INTEL CORP) [Startup Task]
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3054.0_x64__48frkmn4z8aw4 [2023-08-22] (Acer Incorporated)
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-23] (Microsoft Corporation)
DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2023.3.13.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.)
DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.14.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.)
Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1122.329.0_x64__rh07ty8m5nkag [2023-08-22] (Rivet Networks LLC) [Startup Task]
McAfee® Security -> C:\Program Files\McAfee\WPS\1.11.279.1 [2023-09-12] ()
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation)
NitroSense_V31 -> C:\Program Files\WindowsApps\AcerIncorporated.NitroSenseV31_3.1.3052.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-22] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.294.0_x64__dt26b99r8h8gj [2023-09-05] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-01] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-29] (Spotify AB) [Startup Task]
WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.986.611.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corp.)
Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation)
Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-17] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-08-22] (win.rar GmbH)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97}\localserver32 -> C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> )
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\guilh\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\116.0.5845.188\notification_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.292\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\guilh\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\nvshext.dll [2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC)

==================== Codecs (Whitelisted) ====================

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Docs.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Documentos.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Gmail.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Google Drive.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Sheets.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Slides.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\YouTube.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml

==================== Módulos Carregados (Whitelisted) =============

2015-03-17 06:34 - 2015-03-17 06:34 - 000010240 _____ () [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\acrotray.ptb
2020-03-06 06:11 - 2020-03-06 06:11 - 000240640 _____ () [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pt_BR\Adobe Send\SendAsLinkX.PTB
2020-03-06 06:11 - 2020-03-06 06:11 - 000048128 _____ () [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pt_br\PDFMaker\PDFMOutlookAddin.PTB
2020-03-06 06:11 - 2020-03-06 06:11 - 000056320 _____ (Adobe Systems Incorporated) [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pt_br\Adobe Send\SendAsLinkAddin.PTB
2023-08-22 21:49 - 2023-08-22 21:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll
2023-08-22 21:49 - 2023-08-22 21:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll