Analise de logs de uma possível Infecção

Alexander Cunha · 16 de janeiro

Boa tarde a todos os amigos do forum.

Peço que por favor analisem os logs, os sintomas são:

- Muita lentidão do PC, especialmente quando estou conectado a Internet

- Não sei se isso tem a ver com alguma infecção, mas a Net fica muito instavel principalmente pra acessar sites de banco.

- Do nada o PC fica reiniciando.

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-16-2024
# Duration: 00:00:01
# OS:       Windows 10 (Build 19045.3930)
# Cleaned: 1
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted kffplnohkmnjpakkgahhbpndamfidlkb

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1420 octets] - [30/12/2023 21:42:33]
AdwCleaner[C00].txt - [1610 octets] - [30/12/2023 21:42:50]
AdwCleaner[S01].txt - [1542 octets] - [30/12/2023 21:43:10]
AdwCleaner[S02].txt - [1631 octets] - [11/01/2024 18:13:35]
AdwCleaner[C02].txt - [1801 octets] - [11/01/2024 18:14:05]
AdwCleaner[S03].txt - [1753 octets] - [12/01/2024 11:35:23]
AdwCleaner[C03].txt - [1923 octets] - [12/01/2024 11:35:42]
AdwCleaner[S04].txt - [1875 octets] - [16/01/2024 11:36:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

~ ZHPCleaner v2024.1.9.2 by Nicolas Coolman (2024/01/09)
~ Run by Icebrave (Administrator) (16/01/2024 12:19:14)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Icebrave\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Icebrave\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 19045)

---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (1)
DELETED: [5sj018hq.default-release] - user_pref("browser.topsites.contile.cachedTiles", "[{\"id\":74357,\"name\":\"Amazon\",\"url\":\"http[...] =>PUP.Optional.Booking

---\\ Hosts file (1)
~ The hosts file is legitimate (21)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (12)
MOVED file: C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\History    =>.SUP.BrowserHistoric
MOVED file: C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\History    =>.SUP.BrowserHistoric
MOVED file: \Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: \Users\Net\AppData\Local\Google\Chrome\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: \Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: \Users\Net\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>Préférences Chromium
MOVED folder: C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Mozilla\Firefox\Profiles\vpumhnyi.default\Cache2 =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Mozilla\Firefox\Profiles\5sj018hq.default-release\Cache2 =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Thunderbird\Profiles\vpumhnyi.default\Cache2 =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Thunderbird\Profiles\5sj018hq.default-release\Cache2 =>.SUP.BrowserCache

---\\ Registry ( Key, Value, Data) (2)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5f7bc1e2-4bda-4ca1-8d18-bb68280c1e0e}\\DhcpNameServer [Bad : 181.213.132.6 181.213.132.7] =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.6 181.213.132.7] =>Hijacker.Browser

---\\ Summary of the elements found (5)
https://nicolascoolman.eu/forum/Topic/booking-logiciel-potentiellement-indesirable-pup-lpi/ =>PUP.Optional.Booking
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser

---\\ Other deletions. (0)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Microsoft Edge OK
~ Mozilla Firefox OK
~ Microsoft Internet Explorer OK
~ Thunderbird OK

---\\ Statistics
~ Items scanned : 4097
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 10/18

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of clean in 00h01mn33s

---\\ Reports (2)
ZHPCleaner-[S]-16012024-12_03_10.txt
ZHPCleaner-[R]-16012024-12_20_47.txt

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 16.01.2024
Executado por Icebrave (administrador) em DESKTOP-NPVV5ON (16-01-2024 12:33:04)
Executando a partir de C:\Users\Net\Desktop\FRST64.exe
Perfis Carregados: Icebrave & Net
Plataforma: Microsoft Windows 10 Pro Versão 22H2 19045.3930 (X64) Idioma: Português (Brasil)
Navegador padrão: FF
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <28>
(Notepad++ -> Don HO [email protected]) C:\Program Files\Notepad++\notepad++.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\prevhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Icebrave\AppData\Local\Microsoft\Teams\Update.exe [2452112 2023-12-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Nenhum Arquivo)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-702104581-954937399-490591429-1002\...\Run: [MicrosoftEdgeAutoLaunch_DE42051A7061B4E326E1FAAC622AFB84] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854272 2024-01-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Run: [MicrosoftEdgeAutoLaunch_4F469AB9D1336CB61BA9F80E8F2FF34A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854272 2024-01-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Net\AppData\Local\Microsoft\Teams\Update.exe [2452112 2023-12-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\Windows\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.217\Installer\chrmstp.exe [2024-01-12] (Google LLC -> Google LLC)
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {1DA84CB4-ABC8-43B2-8442-E6BF85B1287F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5550856 2023-12-19] (Microsoft Windows -> Microsoft Corporation)
Task: {D73C80EF-1466-4F43-93D0-CAA40A964D96} - System32\Tasks\GoogleUpdateTaskMachineCore{EAF13226-9018-4F9F-B7C9-57AFEBE1647F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-01-04] (Google LLC -> Google LLC)
Task: {BF5BE23D-9235-4F76-8318-5C927B06F61C} - System32\Tasks\GoogleUpdateTaskMachineUA{B258DE29-C842-47E0-828D-BFE7BD17BCEF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-01-04] (Google LLC -> Google LLC)
Task: {A852E842-7B14-424B-B092-7F0D94C4CE1E} - System32\Tasks\infatica_p2b => C:\Program Files (x86)\Infatica P2B\infatica_agent.exe [3708512 2023-10-30] (Infatica Pte. Ltd. -> )
Task: {C793EEAD-FB37-44A5-B89D-ACE2A07D756C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-12-13] () [Arquivo não assinado]
Task: {A725C931-5F8D-4A19-944F-E37C17835AFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Nenhum Arquivo)
Task: {3AD47504-F5EC-4D45-A07B-E50DED33F281} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Nenhum Arquivo)
Task: {3A737991-6F2E-4A28-863E-80443E608B42} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2024-01-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8513B3D4-E1EC-4860-8E35-9C05E6EB8490} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2024-01-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {F5B85923-5348-4286-8C7E-11A06FB6E7A8} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Net\AppData\Local\PrivaZer installation\PrivaZer.exe [24742368 2024-01-04] (Goversoft LLC -> Goversoft LLC)
Task: {EB8719A6-BC52-4D88-967F-0A281A59A7D8} - System32\Tasks\Toolbox.exe_{F4605C66-F9F4-4736-ABE8-8C2CB0E34B31} => C:\Program Files\HP\HP DeskJet 2130 series\Bin\Toolbox.exe [6075552 2021-11-15] (HP Inc. -> HP Inc.)
Task: {E2C01369-C846-4014-ADC2-5545B92D006B} - System32\Tasks\WpsExternal_Icebrave_20231217105152 => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpscloudsvr.exe [965520 2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {866E56F7-BB64-4B9E-9979-010E501BF0DE} - System32\Tasks\WpsExternal_Net_20240114165257 => C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13412\office6\wpscloudsvr.exe [965520 2024-01-14] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {93769C57-253C-4617-BCF3-96948A374067} - System32\Tasks\WpsUpdateTask_Icebrave => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpsupdate.exe [1494416 2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {93344D61-FD63-4D2C-87F1-05413414902E} - System32\Tasks\WpsUpdateTask_Net => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpsupdate.exe [1494416 2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Edge:
=======
Edge Profile: C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-16]
Edge HomePage: Default -> hxxp://www.google.com/
Edge Extension: (Documentos Google off-line) - C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-16]
Edge Extension: (Edge relevant text changes) - C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-16]

FireFox:
========
FF DefaultProfile: vpumhnyi.default
FF ProfilePath: C:\Users\Icebrave\AppData\Roaming\Mozilla\Firefox\Profiles\vpumhnyi.default [2023-12-16]
FF ProfilePath: C:\Users\Icebrave\AppData\Roaming\Mozilla\Firefox\Profiles\5sj018hq.default-release [2024-01-14]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)

Chrome:
=======
CHR Profile: C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default [2024-01-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-01-08]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2438128 2023-11-11] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9405400 2024-01-02] (Malwarebytes Inc. -> Malwarebytes)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [965520 2023-12-20] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2020-09-24] (Microsoft Corporation) [Arquivo não assinado]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222784 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2024-01-16 12:33 - 2024-01-16 12:34 - 000014231 _____ C:\Users\Net\Desktop\FRST.txt
2024-01-16 12:32 - 2024-01-16 12:33 - 000000000 ____D C:\FRST
2024-01-16 12:20 - 2024-01-16 12:20 - 000011402 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (R).html
2024-01-16 12:20 - 2024-01-16 12:20 - 000004249 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (R).txt
2024-01-16 12:03 - 2024-01-16 12:03 - 000011107 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (S).html
2024-01-16 12:03 - 2024-01-16 12:03 - 000004063 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (S).txt
2024-01-16 11:44 - 2024-01-16 12:20 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\ZHP
2024-01-16 11:44 - 2024-01-16 11:44 - 000000878 _____ C:\Users\Icebrave\Desktop\ZHPCleaner.lnk
2024-01-16 11:44 - 2024-01-16 11:44 - 000000000 ____D C:\Users\Icebrave\AppData\Local\ZHP
2024-01-16 11:43 - 2024-01-16 12:32 - 002389504 _____ (Farbar) C:\Users\Net\Desktop\FRST64.exe
2024-01-16 11:42 - 2024-01-16 11:44 - 003362976 _____ (Nicolas Coolman) C:\Users\Net\Desktop\ZHPCleaner.exe
2024-01-16 11:35 - 2024-01-16 11:35 - 000001622 _____ C:\Users\Icebrave\Desktop\MawwareBytes-160124.txt
2024-01-16 11:17 - 2024-01-16 11:17 - 000001787 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2024-01-16 11:17 - 2024-01-16 11:17 - 000001733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\Users\Net\AppData\Roaming\Canneverbe Limited
2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Canneverbe Limited
2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\ProgramData\Canneverbe Limited
2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\Program Files\CDBurnerXP
2024-01-14 16:52 - 2024-01-14 16:52 - 000004060 _____ C:\Windows\system32\Tasks\WpsExternal_Net_20240114165257
2024-01-14 02:42 - 2024-01-14 02:42 - 000323799 _____ C:\Users\Net\Downloads\kali-linux-2023.4-installer-amd64.iso.torrent
2024-01-13 11:28 - 2024-01-13 11:28 - 000000000 ____D C:\Program Files\Easy2Boot_v2.19
2024-01-11 18:10 - 2024-01-11 18:10 - 000000695 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner.lnk
2024-01-11 17:59 - 2024-01-11 18:07 - 000000000 ___HD C:\$WinREAgent
2024-01-11 17:51 - 2024-01-11 17:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\mbam
2024-01-11 17:51 - 2024-01-11 17:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Malwarebytes
2024-01-11 17:18 - 2024-01-11 17:18 - 000029148 _____ C:\Users\Net\Downloads\linuxmint-21.2-cinnamon-64bit.iso.torrent
2024-01-10 21:07 - 2024-01-10 21:07 - 001638416 _____ C:\Users\Net\Downloads\Tube Digger.rar
2024-01-09 21:48 - 2024-01-12 17:00 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2024-01-09 19:26 - 2024-01-09 19:26 - 000000000 ____D C:\Users\Icebrave\Downloads\MediCat USB v21.12
2024-01-09 19:25 - 2024-01-09 19:34 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\qBittorrent
2024-01-09 19:25 - 2024-01-09 19:26 - 000000000 ____D C:\Users\Icebrave\AppData\Local\qBittorrent
2024-01-09 19:14 - 2024-01-09 21:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-01-09 19:14 - 2024-01-09 19:14 - 031394031 _____ C:\Users\Icebrave\Downloads\COMANF REVELA QUE ET DE VARGINHA FOI CAPTURADO....mp4
2024-01-09 14:03 - 2024-01-09 14:03 - 000000112 ___SH C:\bootTel.dat
2024-01-08 20:45 - 2024-01-08 20:45 - 000000428 __RSH C:\ProgramData\ntuser.pol
2024-01-08 20:44 - 2024-01-08 20:44 - 020199818 _____ (pendrivelinux.com) C:\Users\Icebrave\Downloads\YUMI-exFAT-1.0.2.4.exe
2024-01-08 20:33 - 2024-01-08 20:40 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Rufus
2024-01-08 20:31 - 2024-01-08 20:31 - 001431624 _____ (Akeo Consulting) C:\Users\Icebrave\Downloads\rufus-4.3.exe
2024-01-08 05:45 - 2024-01-08 05:45 - 000001218 _____ C:\Users\Net\Downloads\WII Pr0 N0 TPM.txt
2024-01-07 19:03 - 2024-01-07 19:03 - 000000000 ____D C:\Users\Net\AppData\Roaming\Zoom
2024-01-07 19:03 - 2024-01-07 19:03 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-01-07 19:03 - 2024-01-07 19:03 - 000000000 ____D C:\Users\Net\AppData\Local\Zoom
2024-01-05 12:35 - 2024-01-05 12:35 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Google
2024-01-04 20:22 - 2024-01-06 11:10 - 000000000 ____D C:\Users\Net\Downloads\Telegram Desktop
2024-01-04 19:46 - 2024-01-04 19:46 - 000306466 _____ C:\Users\Net\Downloads\aula-pratica-3_ydxCDWG7.mp4.html
2024-01-04 19:46 - 2024-01-04 19:46 - 000000000 ____D C:\Users\Net\Downloads\aula-pratica-3_ydxCDWG7.mp4_files
2024-01-04 19:23 - 2024-01-04 19:24 - 126534680 _____ (Digiarty, Inc.) C:\Users\Net\Downloads\videoproc-file.exe
2024-01-04 17:49 - 2024-01-12 14:00 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-01-04 17:49 - 2024-01-04 17:49 - 000000000 ____D C:\Users\Net\AppData\Local\Google
2024-01-04 17:49 - 2024-01-04 17:49 - 000000000 ____D C:\Program Files\Google
2024-01-04 17:48 - 2024-01-16 11:15 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-04 17:48 - 2024-01-04 17:48 - 001376304 _____ (Google LLC) C:\Users\Net\Downloads\ChromeSetup.exe
2024-01-04 17:48 - 2024-01-04 17:48 - 000003900 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{B258DE29-C842-47E0-828D-BFE7BD17BCEF}
2024-01-04 17:48 - 2024-01-04 17:48 - 000003776 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{EAF13226-9018-4F9F-B7C9-57AFEBE1647F}
2024-01-04 10:48 - 2024-01-04 10:48 - 000000000 ____D C:\Users\Net\AppData\Local\PrivaZer installation
2024-01-04 10:47 - 2024-01-04 10:47 - 024607200 _____ (Goversoft LLC) C:\Users\Net\Downloads\PrivaZer_free.exe
2024-01-03 14:44 - 2024-01-10 19:44 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software
2024-01-03 14:44 - 2024-01-03 14:44 - 000002167 _____ C:\Users\Net\Desktop\NCH Suite.lnk
2024-01-03 14:44 - 2024-01-03 14:44 - 000002111 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2024-01-03 14:44 - 2024-01-03 14:44 - 000001311 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debut Vídeo Capture Software.lnk
2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\Users\Net\NCH Software Suite
2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\Users\Net\AppData\Roaming\NCH Software
2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\ProgramData\NCH Software
2024-01-03 14:27 - 2024-01-11 15:41 - 000000000 ____D C:\Windows\system32\MRT
2024-01-03 14:14 - 2024-01-03 08:49 - 000000000 ____D C:\Users\Net\Downloads\DEBUT Vídeo RECORDER 6.34
2024-01-02 22:39 - 2024-01-02 22:39 - 052369784 _____ (GiliSoft.com ) C:\Users\Net\Downloads\screen-recorder.exe
2024-01-02 22:26 - 2024-01-02 22:26 - 044430256 _____ (GiliSoft.com ) C:\Users\Net\Downloads\Vídeo-editor-setup.exe
2024-01-02 15:51 - 2024-01-16 11:20 - 000000000 ____D C:\Users\Net\AppData\Local\Malwarebytes
2024-01-02 15:51 - 2024-01-02 15:51 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-01-02 15:51 - 2024-01-02 15:51 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-01-02 15:51 - 2024-01-02 15:51 - 000000000 ____D C:\Users\Net\AppData\Local\mbam
2024-01-02 15:50 - 2024-01-02 15:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-01-02 15:49 - 2024-01-02 15:50 - 000000000 ____D C:\Program Files\Malwarebytes
2024-01-01 18:04 - 2024-01-01 18:04 - 024607200 _____ (Goversoft LLC) C:\Users\Icebrave\Downloads\PrivaZer_free.exe
2024-01-01 18:03 - 2024-01-13 21:02 - 000000000 ____D C:\Users\Icebrave\AppData\Local\privazer
2024-01-01 18:03 - 2024-01-01 18:03 - 000003262 _____ C:\Windows\system32\Tasks\PrivaZer_SkipUAC
2024-01-01 18:03 - 2024-01-01 18:03 - 000000000 ____D C:\ProgramData\privazer
2024-01-01 17:13 - 2024-01-01 17:13 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Thunderbird
2024-01-01 17:13 - 2024-01-01 17:13 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Thunderbird
2024-01-01 16:28 - 2024-01-01 16:28 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2024-01-01 16:28 - 2024-01-01 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-01-01 16:28 - 2024-01-01 16:28 - 000000000 ____D C:\Program Files\VS Revo Group
2024-01-01 16:27 - 2024-01-01 16:27 - 006970144 _____ (VS Revo Group ) C:\Users\Icebrave\Downloads\revosetup.exe
2024-01-01 15:09 - 2024-01-01 15:09 - 000000000 ____D C:\Users\Net\AppData\Roaming\Boilsoft
2024-01-01 07:29 - 2024-01-01 15:28 - 000000000 ____D C:\Users\Net\AppData\Roaming\Boilsoft Vídeo Splitter
2024-01-01 07:28 - 2024-01-01 07:28 - 000002491 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boilsoft Vídeo Splitter.lnk
2024-01-01 07:28 - 2024-01-01 07:28 - 000000000 ____D C:\Users\Net\AppData\Local\boilsoft-Vídeo-splitter-updater
2023-12-31 16:49 - 2023-12-31 16:49 - 000000056 _____ C:\Users\Net\Documents\EINSTEN.txt
2023-12-31 15:31 - 2023-12-31 15:31 - 000000000 ____D C:\Users\Net\Desktop\GiliSoft Vídeo Editor Pro
2023-12-31 15:26 - 2023-12-31 15:26 - 000000000 ____D C:\Users\Net\AppData\Roaming\VideoCrop
2023-12-31 15:25 - 2024-01-03 15:09 - 000000000 ____D C:\Users\Net\AppData\Roaming\GiliSoft
2023-12-30 22:36 - 2023-12-30 22:36 - 004796664 _____ C:\Users\Net\Downloads\videoeditorpro_installer.exe
2023-12-30 21:42 - 2024-01-11 18:13 - 000000000 ____D C:\AdwCleaner
2023-12-30 21:41 - 2023-12-30 21:41 - 008791352 _____ (Malwarebytes) C:\Users\Net\Desktop\adwcleaner.exe
2023-12-30 21:40 - 2023-12-30 21:40 - 002606880 _____ (Malwarebytes) C:\Users\Net\Downloads\MBSetup.exe
2023-12-30 19:47 - 2023-12-30 19:47 - 000001888 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2023-12-30 19:47 - 2023-12-30 19:47 - 000001876 _____ C:\Users\Public\Desktop\Shotcut.lnk
2023-12-30 19:47 - 2023-12-30 19:47 - 000000000 ____D C:\Users\Net\AppData\Local\Meltytech
2023-12-30 19:45 - 2023-12-30 19:47 - 000000000 ____D C:\Program Files\Shotcut
2023-12-30 19:44 - 2023-12-30 19:44 - 000000000 ____D C:\Users\Net\AppData\Local\OneDrive
2023-12-30 18:52 - 2023-12-30 18:52 - 104117240 _____ C:\Users\Net\Downloads\shotcut-win64-221221.exe
2023-12-30 16:13 - 2023-12-30 16:13 - 000000000 ____D C:\Users\Net\AppData\Local\ToastNotificationManagerCompat
2023-12-30 15:43 - 2023-12-30 15:43 - 000000062 _____ C:\Users\Net\Documents\SETE HOMENS.txt
2023-12-30 15:32 - 2023-12-30 19:37 - 000000000 ____D C:\Users\Net\AppData\Roaming\HandBrake
2023-12-30 15:31 - 2023-12-30 15:31 - 000000000 ____D C:\ProgramData\Package Cache
2023-12-30 15:31 - 2023-12-30 15:31 - 000000000 ____D C:\Program Files\dotnet
2023-12-30 15:28 - 2023-12-30 15:28 - 023627928 _____ C:\Users\Net\Downloads\HandBrake-1.7.2-x86_64-Win_GUI.exe
2023-12-30 15:28 - 2023-12-30 15:28 - 000000873 _____ C:\Users\Public\Desktop\HandBrake.lnk
2023-12-30 15:28 - 2023-12-30 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2023-12-30 15:28 - 2023-12-30 15:28 - 000000000 ____D C:\Program Files\HandBrake
2023-12-30 14:25 - 2024-01-11 18:28 - 000000000 ____D C:\Users\Net\AppData\LocalLow\Temp
2023-12-28 11:41 - 2023-12-28 11:41 - 000050543 _____ C:\Users\Net\Downloads\LIBRE-GASTOS-2023.xlsm - DEZEMBRO-1.pdf
2023-12-27 21:59 - 2023-12-27 21:59 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2023-12-27 21:58 - 2023-12-27 21:58 - 000003662 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask
2023-12-27 21:57 - 2023-12-27 21:57 - 000000000 ____D C:\Users\Net\Downloads\FormatFactory2023_12_27
2023-12-27 20:37 - 2023-12-27 20:37 - 000410926 _____ C:\Users\Net\Downloads\DCTORW-S1.zip
2023-12-27 20:37 - 2023-12-27 20:37 - 000000000 ____D C:\Users\Net\Downloads\DCTORW-S1
2023-12-27 20:31 - 2023-12-27 20:31 - 000137032 _____ (Zoom Vídeo Communications, Inc.) C:\Users\Net\Downloads\Zoom_cm_fo42anktZ9vvrZo4_mxAorGcvQzVJNRFIPcfqKGF5EwFOlFxGciA@ACkJAYQcjPhGkTvO_k446c39d91169dc49_.exe
2023-12-27 20:02 - 2023-12-27 20:04 - 000000000 ____D C:\Users\Net\Downloads\Quadrilogia - Piratas do Caribe (2003.2011) BDRip 1080p 5.1 Dublado - Douglasvip
2023-12-27 14:02 - 2023-12-27 14:02 - 000000000 ____D C:\Users\Net\AppData\Local\HP
2023-12-26 17:53 - 2023-12-26 17:53 - 000000077 _____ C:\Users\Net\Documents\Curso-Dalton.txt
2023-12-26 17:34 - 2023-12-26 17:34 - 000000000 ____D C:\Users\Net\Downloads\Tube Digger
2023-12-26 14:45 - 2023-12-26 14:46 - 000000000 ____D C:\ProgramData\ConfigData
2023-12-26 14:45 - 2023-12-26 14:45 - 003277304 _____ C:\Users\Net\Downloads\itubego_18.exe
2023-12-26 14:18 - 2023-12-26 14:18 - 000000000 ____D C:\Users\Icebrave\AppData\Local\FastStone
2023-12-26 13:44 - 2023-12-26 13:45 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\XnView
2023-12-26 13:44 - 2023-12-26 13:44 - 000001276 _____ C:\Users\Icebrave\Desktop\XnView.lnk
2023-12-26 13:32 - 2024-01-01 15:07 - 000000000 ____D C:\Users\Net\AppData\Roaming\XnView
2023-12-26 13:32 - 2023-12-26 13:32 - 000000000 ____D C:\Users\Net\Downloads\XnView-win-full
2023-12-26 13:31 - 2015-04-26 15:32 - 023352708 _____ C:\Users\Net\Downloads\XnView-win-full.zip
2023-12-26 13:08 - 2023-12-26 13:08 - 000000057 _____ C:\Users\Icebrave\Desktop\Hora.bat
2023-12-26 13:03 - 2023-12-26 13:03 - 000000440 _____ C:\Users\Icebrave\Desktop\text.reg
2023-12-26 12:33 - 2023-12-26 12:33 - 000003808 _____ C:\Windows\system32\Tasks\WpsUpdateTask_Icebrave
2023-12-26 10:19 - 2023-12-26 10:19 - 000000000 ____D C:\Users\Icebrave\AppData\Local\OneDrive
2023-12-26 10:17 - 2023-12-26 13:08 - 000000057 _____ C:\Users\Net\Desktop\Hora.bat
2023-12-25 13:20 - 2023-12-25 13:20 - 000000000 ____D C:\Users\Icebrave\AppData\Local\cache
2023-12-24 19:32 - 2023-12-24 19:33 - 003776223 _____ C:\Users\Icebrave\Downloads\Dism++10.1.1002.1.zip
2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\Documents\FormatFactory
2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\AppData\Local\FTMod
2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\AppData\Local\cache
2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\AppData\Local\BrightData
2023-12-24 16:47 - 2023-12-24 16:55 - 000000000 ____D C:\Users\Icebrave\Downloads\Dism++10.1.1002.1
2023-12-24 16:47 - 2023-12-24 16:47 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\WinRAR
2023-12-24 13:01 - 2023-12-24 13:01 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\MPC-HC
2023-12-23 15:04 - 2023-12-23 15:04 - 000046520 _____ C:\Users\Net\Downloads\LIBRE-GASTOS-2023.xlsm - DEZEMBRO.pdf
2023-12-23 13:53 - 2023-12-23 13:53 - 000000000 ____D C:\Users\Net\Downloads\Piratas do Caribe 3 No Fim Do Mundo
2023-12-23 13:49 - 2023-12-23 13:50 - 000000000 ____D C:\Users\Net\Downloads\Piratas do Caribe 2 O Baú Da Morte
2023-12-22 15:59 - 2024-01-12 14:44 - 000000000 ____D C:\Users\Net\AppData\Roaming\Telegram Desktop
2023-12-22 15:59 - 2023-12-22 15:59 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2023-12-22 15:51 - 2023-12-22 15:53 - 042681512 _____ (Telegram FZ-LLC ) C:\Users\Net\Downloads\tsetup-x64.4.12.2.exe
2023-12-21 21:51 - 2023-12-21 21:51 - 006671414 _____ (TheBestWare Studio) C:\Users\Net\Downloads\RadioSure-2.2.1046-setup.exe
2023-12-21 21:51 - 2023-12-21 21:51 - 000001207 _____ C:\Users\Net\Desktop\RadioSure.lnk
2023-12-21 21:51 - 2023-12-21 21:51 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioSure
2023-12-21 21:51 - 2023-12-21 21:51 - 000000000 ____D C:\Users\Net\AppData\Local\RadioSure
2023-12-21 09:57 - 2023-12-21 09:57 - 000000000 ____D C:\ProgramData\PLUG
2023-12-21 09:18 - 2023-12-21 09:18 - 000000000 ____D C:\Program Files\RUXIM
2023-12-21 06:40 - 2024-01-16 11:15 - 000000000 ____D C:\Windows\SystemTemp
2023-12-21 06:40 - 2023-12-21 06:41 - 000000000 ____D C:\Windows\InboxApps
2023-12-21 06:40 - 2023-12-21 06:40 - 000000000 ____D C:\Windows\system32\Drivers\mde
2023-12-20 13:53 - 2023-12-20 13:53 - 000000000 ____D C:\Windows\system32\appmgmt
2023-12-20 11:39 - 2024-01-02 13:50 - 000000000 ___HD C:\Users\Net\Documents\WPS Cloud Files
2023-12-20 11:36 - 2023-12-20 11:36 - 000000000 ____D C:\Users\Net\AppData\Local\CEF
2023-12-20 11:35 - 2024-01-15 04:46 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2023-12-20 11:35 - 2023-12-27 14:15 - 000003788 _____ C:\Windows\system32\Tasks\WpsUpdateTask_Net
2023-12-20 11:35 - 2023-12-20 11:35 - 000000000 ___HD C:\Users\Net\Documents\KingsoftData
2023-12-20 11:34 - 2023-12-20 11:38 - 000000000 ____D C:\Users\Net\AppData\Roaming\kingsoft
2023-12-20 11:34 - 2023-12-20 11:34 - 000000000 ____D C:\Users\Net\AppData\Local\Kingsoft
2023-12-20 11:33 - 2023-12-20 11:34 - 223112928 _____ (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Net\Downloads\WPSOffice_12.2.0.13359.exe
2023-12-19 10:09 - 2023-12-19 10:09 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-12-19 09:27 - 2023-12-19 09:27 - 000000000 ____D C:\Users\Net\AppData\Roaming\Foxit Software
2023-12-19 09:26 - 2023-12-19 09:26 - 000000000 ____D C:\Users\Public\Foxit Software
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Foxit Software
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Foxit AgentInformation
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\ProgramData\Foxit Software
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2023-12-19 09:24 - 2023-12-19 09:24 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2023-12-19 09:22 - 2023-12-19 09:23 - 153014392 _____ (Foxit Software Inc. ) C:\Users\Icebrave\Downloads\FoxitPDFReader20233_L10N_Setup_Prom.exe
2023-12-19 08:33 - 2023-12-19 08:33 - 000003140 _____ C:\Windows\system32\Tasks\Toolbox.exe_{F4605C66-F9F4-4736-ABE8-8C2CB0E34B31}
2023-12-19 08:33 - 2023-12-19 08:33 - 000002289 _____ C:\Users\Public\Desktop\HP DeskJet 2130 series.lnk
2023-12-19 08:33 - 2023-12-19 08:33 - 000001236 _____ C:\Users\Public\Desktop\Comprar suprimentos - HP DeskJet 2130 series.lnk
2023-12-19 08:33 - 2023-12-19 08:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2023-12-19 08:32 - 2023-12-19 08:33 - 000000000 ____D C:\Program Files (x86)\HP
2023-12-19 08:32 - 2023-12-19 08:32 - 000000000 ____D C:\Program Files\HP
2023-12-19 08:31 - 2023-12-19 08:31 - 000000000 ____D C:\Users\Icebrave\AppData\Local\HP
2023-12-19 08:30 - 2023-12-19 08:31 - 144964672 _____ C:\Users\Icebrave\Downloads\Full_Webpack-40.15.1230-DJ2130_Full_Webpack.exe
2023-12-19 08:28 - 2023-12-19 08:28 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\HP_Easy_Start
2023-12-19 08:26 - 2023-12-19 08:32 - 000000000 ____D C:\ProgramData\HP
2023-12-19 08:25 - 2017-04-14 07:17 - 003744256 _____ (Hewlett-Packard Development Company, LP) C:\Windows\SysWOW64\HPScanTRDrv_DJ2130.dll
2023-12-19 08:25 - 2017-04-14 07:17 - 003744256 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPScanTRDrv_DJ2130.dll
2023-12-19 08:25 - 2017-04-14 07:17 - 002952840 _____ (HP Inc.) C:\Windows\system32\hpinkinsE111.exe
2023-12-19 08:25 - 2017-04-14 07:17 - 000583168 _____ (Hewlett-Packard) C:\Windows\system32\HPWia2_DJ2130.dll
2023-12-19 08:25 - 2017-04-14 07:17 - 000393352 _____ (HP Inc.) C:\Windows\system32\hpinkstsE111LM.dll
2023-12-19 08:25 - 2017-04-14 07:17 - 000328328 _____ (HP Inc.) C:\Windows\system32\hpinkcoiE111.dll
2023-12-18 17:43 - 2023-12-18 17:45 - 000000000 ____D C:\Users\Net\Downloads\Esquadrão Suicida 720p WWW.TORRENTDOSFIMES.COM
2023-12-18 17:20 - 2024-01-01 18:26 - 000000000 ____D C:\FFOutput
2023-12-18 17:20 - 2023-12-18 17:20 - 000000000 ____D C:\Users\Icebrave\Documents\FormatFactory
2023-12-18 17:20 - 2023-12-18 17:20 - 000000000 ____D C:\Users\Icebrave\AppData\Local\FTMod
2023-12-18 17:18 - 2023-12-27 21:58 - 000000000 ____D C:\Users\Icebrave\AppData\Local\BrightData
2023-12-18 17:18 - 2023-12-27 21:58 - 000000000 ____D C:\ProgramData\BrightData
2023-12-18 17:18 - 2023-12-18 17:18 - 000000000 ____D C:\Users\Icebrave\AppData\Local\PeerDistRepub
2023-12-18 17:17 - 2023-12-27 21:58 - 000000000 ____D C:\Program Files\FormatFactory
2023-12-18 17:16 - 2023-12-18 17:17 - 102072624 _____ (Free Time Co., Ltd) C:\Users\Net\Downloads\FFSetup5.16.0.0.exe
2023-12-18 17:00 - 2023-12-18 17:03 - 000000000 ____D C:\Users\Net\Downloads\X-Men 2 2003 WWW.BLUDV.COM
2023-12-18 16:56 - 2024-01-14 10:03 - 000000000 ____D C:\Users\Net\AppData\Roaming\qBittorrent
2023-12-18 16:56 - 2023-12-18 16:57 - 000000000 ____D C:\Users\Net\AppData\Local\qBittorrent
2023-12-18 16:56 - 2023-12-18 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2023-12-18 16:56 - 2023-12-18 16:56 - 000000000 ____D C:\Program Files\qBittorrent
2023-12-18 16:32 - 2023-12-18 16:32 - 000000000 ____D C:\Users\Net\AppData\Local\FastStone
2023-12-18 16:31 - 2023-12-18 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2023-12-18 16:31 - 2023-12-18 16:31 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2023-12-18 04:51 - 2024-01-12 14:16 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-12-18 04:51 - 2023-12-18 04:51 - 000000000 ____D C:\Users\Net\AppData\Roaming\Thunderbird
2023-12-18 04:51 - 2023-12-18 04:51 - 000000000 ____D C:\Users\Net\AppData\Local\Thunderbird
2023-12-17 19:45 - 2024-01-16 12:25 - 000000000 ____D C:\Users\Net\AppData\Roaming\Notepad++
2023-12-17 18:59 - 2024-01-15 11:50 - 000000000 ____D C:\Users\Net\AppData\Local\PrivaZer
2023-12-17 18:59 - 2023-12-17 18:59 - 000002126 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2023-12-17 18:59 - 2023-12-17 18:59 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2023-12-17 17:25 - 2023-12-17 17:25 - 000000000 __SHD C:\found.000
2023-12-17 17:00 - 2024-01-14 09:56 - 000000000 ____D C:\Users\Net\AppData\Roaming\MPC-HC
2023-12-17 11:04 - 2023-12-17 11:04 - 000004110 _____ C:\Windows\system32\Tasks\infatica_p2b
2023-12-17 11:04 - 2023-12-17 11:04 - 000003300 _____ C:\Windows\system32\Tasks\klcp_update
2023-12-17 11:04 - 2023-12-17 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2023-12-17 11:04 - 2023-12-17 11:04 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2023-12-17 11:04 - 2023-12-17 11:04 - 000000000 ____D C:\Program Files (x86)\Infatica P2B
2023-12-17 11:04 - 2019-12-28 07:00 - 000784384 _____ C:\Windows\system32\xvidcore.dll
2023-12-17 11:04 - 2019-12-28 07:00 - 000681984 _____ C:\Windows\SysWOW64\xvidcore.dll
2023-12-17 11:04 - 2019-12-28 07:00 - 000310784 _____ C:\Windows\system32\xvidvfw.dll
2023-12-17 11:04 - 2019-12-28 07:00 - 000284160 _____ C:\Windows\SysWOW64\xvidvfw.dll
2023-12-17 11:04 - 2017-07-30 08:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2023-12-17 11:04 - 2017-07-30 08:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2023-12-17 11:04 - 2012-07-21 08:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2023-12-17 11:04 - 2012-07-21 08:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2023-12-17 11:04 - 2011-12-07 15:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2023-12-17 11:04 - 2011-12-07 15:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\WinRAR
2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Office
2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Excel
2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\AddIns
2023-12-17 10:55 - 2024-01-04 17:37 - 000000000 ___HD C:\Users\Icebrave\Documents\WPS Cloud Files
2023-12-17 10:51 - 2023-12-17 10:51 - 000004100 _____ C:\Windows\system32\Tasks\WpsExternal_Icebrave_20231217105152
2023-12-17 10:51 - 2023-12-17 10:51 - 000002551 _____ C:\Users\Icebrave\Desktop\WPS PDF.lnk
2023-12-17 10:51 - 2023-12-17 10:51 - 000002459 _____ C:\Users\Icebrave\Desktop\WPS Office.lnk
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ___HD C:\Users\Icebrave\Documents\KingsoftData
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Kingsoft
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\CEF
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\ProgramData\Kingsoft
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Program Files (x86)\Kingsoft
2023-12-17 10:50 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\kingsoft
2023-12-17 10:50 - 2023-12-17 10:50 - 223112928 _____ (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Icebrave\Downloads\WPSOffice_12.2.0.13359.exe
2023-12-17 10:31 - 2023-12-17 10:31 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-12-17 10:31 - 2023-12-17 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-12-17 10:31 - 2023-12-17 10:31 - 000000000 ____D C:\Program Files (x86)\WinRAR

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2024-01-16 14:13 - 2023-12-16 18:13 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-16 14:13 - 2020-09-23 15:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-01-16 12:24 - 2023-12-16 17:21 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-16 11:43 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-15 20:36 - 2023-12-16 15:29 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2024-01-15 20:36 - 2019-12-07 06:03 - 000786432 _____ C:\Windows\system32\config\BBI
2024-01-15 19:14 - 2020-09-23 15:16 - 001741824 _____ C:\Windows\system32\PerfStringBackup.INI
2024-01-15 19:14 - 2019-12-07 11:54 - 000752436 _____ C:\Windows\system32\prfh0416.dat
2024-01-15 19:14 - 2019-12-07 11:54 - 000148550 _____ C:\Windows\system32\prfc0416.dat
2024-01-15 19:14 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF
2024-01-15 13:57 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness
2024-01-15 05:02 - 2023-12-16 17:32 - 000000000 ____D C:\Users\Net
2024-01-14 14:04 - 2020-09-23 15:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-01-14 13:56 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-14 13:52 - 2023-12-16 17:34 - 000000000 ____D C:\Users\Net\AppData\Local\D3DSCache
2024-01-14 03:01 - 2023-12-16 16:33 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Everything
2024-01-14 03:01 - 2023-12-16 16:27 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Everything
2024-01-14 02:40 - 2023-12-16 16:02 - 000000000 ____D C:\Users\Icebrave
2024-01-14 01:17 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-01-12 17:10 - 2023-12-16 18:19 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-12 17:00 - 2023-12-16 17:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-01-12 13:53 - 2020-09-23 15:05 - 000445928 _____ C:\Windows\system32\FNTCACHE.DAT
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr
2024-01-11 20:06 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp
2024-01-09 19:42 - 2023-12-16 17:21 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-01-08 20:32 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2024-01-08 20:03 - 2023-12-16 16:07 - 000000000 ____D C:\Users\Icebrave\AppData\Local\D3DSCache
2024-01-08 15:01 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Packages
2024-01-04 19:55 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\ConnectedDevicesPlatform
2024-01-04 17:35 - 2023-12-16 16:44 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Notepad++
2024-01-04 17:31 - 2023-12-16 16:44 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-01-02 15:50 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-01-01 18:02 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Publishers
2024-01-01 18:02 - 2020-09-23 15:09 - 000000000 ____D C:\ProgramData\Packages
2024-01-01 18:01 - 2023-12-16 16:07 - 000000000 ____D C:\Users\Icebrave\AppData\Local\PlaceholderTileLogoFolder
2024-01-01 18:01 - 2020-09-23 15:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-01-01 17:58 - 2023-12-16 16:10 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Excel
2023-12-26 12:34 - 2023-12-16 16:41 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Publisher Building Blocks
2023-12-25 13:20 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\AMD
2023-12-24 17:08 - 2023-12-16 17:32 - 000000000 ____D C:\Users\Net\AppData\Local\AMD
2023-12-23 11:20 - 2023-12-16 16:06 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Teams
2023-12-23 11:19 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-12-22 16:21 - 2023-12-16 17:32 - 000000000 ____D C:\Users\Net\AppData\Local\Packages
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Sysprep
2023-12-21 06:41 - 2020-09-23 17:00 - 000000000 ___SD C:\Windows\system32\AppV
2023-12-21 06:41 - 2020-09-23 17:00 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-12-21 06:41 - 2019-12-07 11:57 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-12-21 06:41 - 2019-12-07 11:57 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\F12
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lv-LV
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lt-LT
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Keywords
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\et-EE
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Com
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellComponents
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\Provisioning
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\IME
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\DiagTrack
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-12-21 06:41 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\servicing
2023-12-21 06:40 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemApps
2023-12-21 06:40 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\appcompat
2023-12-20 11:39 - 2019-12-07 11:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-12-20 11:39 - 2019-12-07 11:57 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-12-20 11:39 - 2019-12-07 06:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-12-20 11:39 - 2019-12-07 06:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-12-19 10:08 - 2020-09-23 15:07 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-12-19 09:14 - 2023-12-16 16:07 - 000003580 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-702104581-954937399-490591429-1002
2023-12-19 09:13 - 2023-12-16 16:06 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-702104581-954937399-490591429-1002
2023-12-19 09:13 - 2023-12-16 16:02 - 000002390 _____ C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-12-18 17:06 - 2020-09-23 15:04 - 000000000 ____D C:\Windows\Panther
2023-12-18 16:29 - 2023-12-16 17:37 - 000000000 ____D C:\Users\Net\AppData\Local\PlaceholderTileLogoFolder
2023-12-17 18:33 - 2023-12-16 17:33 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Teams
2023-12-17 17:21 - 2023-12-16 17:34 - 000003580 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-702104581-954937399-490591429-1003
2023-12-17 17:21 - 2023-12-16 17:34 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-702104581-954937399-490591429-1003
2023-12-17 17:21 - 2023-12-16 17:32 - 000002375 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-12-17 17:20 - 2023-12-16 17:40 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Spelling

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 16.01.2024
Executado por Icebrave (16-01-2024 12:38:46)
Executando a partir de C:\Users\Net\Desktop
Microsoft Windows 10 Pro Versão 22H2 19045.3930 (X64) (2023-12-16 18:23:59)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-702104581-954937399-490591429-500 - Administrator - Disabled)
Convidado (S-1-5-21-702104581-954937399-490591429-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-702104581-954937399-490591429-503 - Limited - Disabled)
Icebrave (S-1-5-21-702104581-954937399-490591429-1002 - Administrator - Enabled) => C:\Users\Icebrave
Net (S-1-5-21-702104581-954937399-490591429-1003 - Limited - Enabled) => C:\Users\Net
WDAGUtilityAccount (S-1-5-21-702104581-954937399-490591429-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Boilsoft Vídeo Splitter 8.3.3 (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\cfc26c2a-150b-5ef7-9bdf-a41433ec180c) (Version: 8.3.3 - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Debut Vídeo Capture Software (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Debut) (Version: 9.46 - NCH Software)
Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools)
FastStone Image Viewer 7.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.8 - FastStone Corporation)
FormatFactory 5.16.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.16.0.0 - Free Time)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2023.3.0.23028 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.217 - Google LLC)
HandBrake 1.7.2 (HKLM-x32\...\HandBrake) (Version: 1.7.2 - )
HP DeskJet 2130 series Software básico do dispositivo (HKLM\...\{30135B68-7334-4D1B-8AB4-A79EF84ECDE1}) (Version: 40.15.1230.21319 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{8533E879-3794-426D-96B1-B010B56B03F5}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32\...\{57E78C1A-6BCB-42E9-B3A5-54A05CA85E1C}) (Version: 40.13.54.81239 - HP)
Infatica P2B Network (HKLM-x32\...\{C989163F-E0E5-4DE3-B7F5-46C77F411451}_is1) (Version: 1.1.4.0 - )
K-Lite Mega Codec Pack 18.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 18.0.0 - KLCP)
Malwarebytes version 4.6.7.301 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.7.301 - Malwarebytes)
Microsoft .NET Host - 6.0.25 (x64) (HKLM\...\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM\...\{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.25 (x64) (HKLM\...\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.133 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.133 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-702104581-954937399-490591429-1002\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM\...\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32\...\{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation)
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 121.0.1 (x64 pt-BR)) (Version: 121.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.5.2 - Mozilla)
Mozilla Thunderbird (x64 pt-BR) (HKLM\...\Mozilla Thunderbird 115.6.1 (x64 pt-BR)) (Version: 115.6.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6 - Notepad++ Team)
PrivaZer (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\PrivaZer) (Version: 4.0.81.0 - Goversoft LLC)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.2 - The qBittorrent project)
RadioSure (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\RadioSure) (Version: - )
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Shotcut (HKLM\...\Shotcut) (Version: 22.12.21 - Meltytech, LLC)
Telegram Desktop (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.14.4 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WPS Office (12.2.0.13359) (HKU\S-1-5-21-702104581-954937399-490591429-1002\...\Kingsoft Office) (Version: 12.2.0.13359 - Kingsoft Corp.)
WPS Office (12.2.0.13412) (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Kingsoft Office) (Version: 12.2.0.13412 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\ZoomUMX) (Version: 5.17.1 (28914) - Zoom Vídeo Communications, Inc.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.1.1087.0_x64__v10z8vjag6ke6 [2024-01-08] (HP Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-12-23] (Microsoft Studios) [MS Ad]

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1002_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1002_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [Arquivo não assinado]
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13412\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{9ed26d04-bb53-4559-a405-a0245d494b44}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Nenhum Arquivo
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2023-07-21] (Free Time) [Arquivo não assinado]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [Arquivo não assinado]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [Arquivo não assinado]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2023-07-21] (Free Time) [Arquivo não assinado]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [Arquivo não assinado]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [Arquivo não assinado]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [Arquivo não assinado]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [Arquivo não assinado]
ContextMenuHandlers1_S-1-5-21-702104581-954937399-490591429-1002: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-702104581-954937399-490591429-1002: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers1_S-1-5-21-702104581-954937399-490591429-1003: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-702104581-954937399-490591429-1003: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Arquivo não assinado]

==================== Atalhos & WMI ========================

==================== Módulos Carregados (Whitelisted) =============

2023-12-17 10:31 - 2008-06-20 00:41 - 000062464 _____ () [Arquivo não assinado] C:\Program Files (x86)\WinRAR\rarext64.dll
2023-07-21 09:20 - 2023-07-21 09:20 - 000344064 _____ (Free Time) [Arquivo não assinado] C:\Program Files\FormatFactory\ShellEx_108.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Users\Net\Desktop\FRST64.exe:MBAM.Zone.Identifier [193]
AlternateDataStreams: C:\Users\Net\Desktop\ZHPCleaner.exe:MBAM.Zone.Identifier [172]

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

Handler: mso-minsb-roaming.16 - Nenhum Valor CLSID
Handler: mso-minsb.16 - Nenhum Valor CLSID
Handler: osf-roaming.16 - Nenhum Valor CLSID
Handler: osf.16 - Nenhum Valor CLSID

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2019-12-07 06:14 - 2024-01-03 14:48 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-702104581-954937399-490591429-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-702104581-954937399-490591429-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: O Suporte não está conectado à internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKU\S-1-5-21-702104581-954937399-490591429-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_DE42051A7061B4E326E1FAAC622AFB84"
HKU\S-1-5-21-702104581-954937399-490591429-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-702104581-954937399-490591429-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_4F469AB9D1336CB61BA9F80E8F2FF34A"
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{C72086E9-20EC-41B7-B93A-4A41281BB9D4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => Nenhum Arquivo
FirewallRules: [{E11EED0C-28DC-41E3-A86C-732347E676DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => Nenhum Arquivo
FirewallRules: [{9354F41F-CE9E-40B2-B496-D8F77F543E72}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ECD57F3B-6C35-4B81-8A04-5F7B94AEF261}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0AC9FBB3-AA69-440F-B89F-4B9263CC9B0B}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wps.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [{BE929A88-4ECB-407F-B05F-2E32C8E00C36}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpscloudsvr.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [{B65D91CC-DC47-473F-9288-7ECC671493D6}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\promecefpluginhost.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [{903536E5-925A-4C71-ABA0-56EC3B96D3D8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [{8F1997F6-0D78-4DCA-B232-6E0B9CB675B7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [{18E257FE-20BF-41D2-8155-1D584FA20E10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{647CDAA6-F9F7-4074-839C-9DF0B7A35C97}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E7A89E0-811A-46B0-9A15-727EE08BD25A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{69C3EA7D-9647-4D5F-9895-739EE48C21B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7056C802-9E87-43A5-88A6-81FD770A91EA}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{E5E4D007-00A9-484F-B0CF-39CE558546E6}] => (Allow) C:\Users\Net\AppData\Local\Temp\7zS4823\HP.EasyStart.exe => Nenhum Arquivo
FirewallRules: [{CC08EF41-5A84-4988-8B5D-3964E7AD9813}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{D68557E5-1363-4609-BC52-DCFDEDC3D62A}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{B9415BBD-E501-463F-9EED-A36A6ECE3923}] => (Allow) C:\Users\Icebrave\AppData\Local\Temp\7zS4C2F\HP.EasyStart.exe (HP Inc. -> HP)
FirewallRules: [TCP Query User{844943BF-F5A1-4CEC-83B9-3050C6F93F38}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [UDP Query User{CF5FCAF9-7F8A-4562-B600-E4494FF286E5}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [{2EA5C0AF-013B-400E-BD3D-5C129EC63237}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{87BCE124-CFB1-4234-AF99-1726E72E7478}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8C8A6240-24CC-46FC-96E4-865B3CCF8CDB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.133\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Pontos de Restauração =========================

16-01-2024 12:08:11 ZHPcleaner

==================== Dispositivos Apresentando Falhas No Gerenciador ============

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (01/16/2024 11:16:11 AM) (Source: Firefox Notification Server) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/14/2024 09:18:33 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (01/09/2024 10:22:07 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Não é possível inicializar o monitoramento de desempenho não para o objeto coletor, pois os contadores não estão carregados ou o objeto de memória compartilhado não pode ser aberto. Isso afeta somente a disponibilidade dos contadores de desempenho. Reinicie o computador.

Contexto: Aplicativo , Catálogo SystemIndex

Error: (01/09/2024 07:05:57 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (01/08/2024 08:02:07 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (01/08/2024 03:06:43 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (01/07/2024 01:54:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em FILES (E:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (01/06/2024 11:15:43 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Erros de Sistema:
=============
Error: (01/16/2024 11:36:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Foxit PDF Reader Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (01/16/2024 11:36:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço AMD External Events Utility foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (01/14/2024 10:45:24 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NPVV5ON)
Description: O servidor {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} não se registrou no DCOM dentro do tempo limite necessário.

Error: (01/14/2024 01:52:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento do sistema que ocorreu às 01:12:12 do dia ‎14/‎01/‎2024 não era esperado.

Error: (01/12/2024 11:35:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (01/12/2024 11:35:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Foxit PDF Reader Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (01/12/2024 11:35:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço AMD External Events Utility foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (01/11/2024 06:13:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

==================== Informações da Memória ===========================

BIOS: American Megatrends Inc. 0701 06/23/2014
placa-mãe: ASUSTeK COMPUTER INC. A58M-A/BR
Processador: AMD A8-7650K Radeon R7, 10 Compute Cores 4C+6G
Percentagem de memória em uso: 59%
RAM física total: 7110.45 MB
RAM física disponível: 2860.32 MB
Virtual Total: 8262.45 MB
Virtual disponível: 3302.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:540.12 GB) (Free:442.96 GB) (Model: ST31000524AS) NTFS
Drive d: (Novo volume) (Fixed) (Total:292.96 GB) (Free:219.59 GB) (Model: ST31000524AS) exFAT

\\?\Volume{759ddace-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.57 GB) (Free:0.15 GB) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 759DDACE)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=540.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.9 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt =======================

Desde já agradeço por alguma ajuda e fico no aguardo de mais procedimentos.

Att. Alexander Cunha