Suspeita de notebook infectado por rootkit na rede

[SnowboO]

Bom dia a todos.

A tempos atrás notei que meu PC estava tendo comportamentos estranhos (Fan da placa de vídeo aumentando sem uso, configuração da BIOS diferente setando o padrão de memória ram a 2133mhz, tela azul ao tentar fazer scan com malwarebytes usando hiren's boot, Malwarebytes premium fazendo scan em segundos)

Então resolvi criar um post aqui no fórum relatando os problemas para pedir ajuda, porém recebi uma mensagem de um usuário do fórum mencionando que poderia ser rootkit, e era para tentar alguns métodos, foi então que formatei a máquina e assim perdendo a chance de receber ajuda. Deixei de usar meu PC por receio de espalhar o problema, já que não conseguia resolver e agora comprei um notebook para trabalhar.

porém estou preocupado com a possibilidade deste note também ser infectado. Instalei o windows 10 nele e agora atualizei para o 11, só que não consegui fazer pelas atualizações automáticas mesmo aparecendo a opção para atualizar, foi onde me veio a dúvida se não pode ser caso de alguma infecção.

Na real não sei nem se este post que estou fazendo é mesmo do clube do hardware, porque meus posts antigos não estão aparecendo. Tenho medo de tudo que estou acessando ser redirecionado para páginas falsas.

Entretanto solicito ajuda dos amigos do fórum para tirar essa dúvida que está me tirando o sono a meses.

Desde já obrigado.

Segue os Scans

 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build:    01-29-2024
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-04-2024
# Duration: 00:00:05
# OS:       Windows 11 (Build 22631.3085)
# Cleaned:  0
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock
[+] Reset Windows Installer

*************************

 

AdwCleaner[S00].txt - [1420 octets] - [04/02/2024 05:17:23]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

# -------------------------------
# Malwarebytes AdwCleaner 8.4.1.0
# -------------------------------
# Build:    01-29-2024
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-04-2024
# Duration: 00:00:06
# OS:       Windows 11 (Build 22631.3085)
# Scanned:  32095
# Detected: 0

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

~ ZHPCleaner v2024.1.26.4 by Nicolas Coolman (2024/01/26)
~ Run by TRABALHO (Administrator)  (04/02/2024 05:19:08)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\TRABALHO\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\TRABALHO\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 11, 64-bit  (Build 22631)

---\\  Alternate Data Stream (ADS). (1)
FOUND file ADS: C:\Users\TRABALHO\Desktop\adwcleaner.exe:MBAM.Zone.Identifier  =>.SUP.FileADS

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (3)
FOUND file: C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default\History    =>.SUP.BrowserHistoric
FOUND folder: C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data  =>.SUP.BrowserCache
FOUND folder: C:\Users\TRABALHO\AppData\Local\Opera Software\Opera GX Stable\User Data\Default\Cache\Cache_Data  =>.SUP.BrowserCache

---\\  Hosts file (1)
~ The hosts file is legitimate (40)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (2)
FOUND file: C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>ChromiumPreference
FOUND folder: C:\Users\TRABALHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc  =>.SUP.Discord

---\\  Registry ( Key, Value, Data) (6)
FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Discord ["C:\Users\TRABALHO\AppData\Local\Discord\Update.ex]  =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-1323919425-2868841928-406510748-1001\SOFTWARE\Discord []  =>.SUP.Discord
FOUND key: HKEY_USERS\S-1-5-21-1323919425-2868841928-406510748-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r []  =>Adware.Navipromo
FOUND key: HKEY_USERS\S-1-5-21-1323919425-2868841928-406510748-1001\SOFTWARE\Classes\Discord [URL:Discord Protocol]  =>.SUP.Discord
FOUND key: HKCU\Software\Discord []  =>.SUP.Discord
FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Discord [Discord Inc.]  =>.SUP.Discord

---\\  Summary of the elements found (6)
https://nicolascoolman.eu/2018/01/04/ads-alternate-data-stream/  =>.SUP.FileADS
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/  =>.SUP.BrowserHistoric
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/  =>.SUP.BrowserCache
https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/  =>ChromiumPreference
https://nicolascoolman.eu/forum/Topic/Discord-logiciel-potentiellement-superflu-lps/  =>.SUP.Discord
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Adware.Navipromo

---\\ Result of repair
~ Any repair made
~ Microsoft Edge OK
~ Microsoft Internet Explorer OK
~ Opera GX Stable OK

---\\ Statistics
~ Items scanned : 91342
~ Items found : 13
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 10/18

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of search in 00h04mn50s

---\\  Reports (0)
ZHPCleaner-[S]-04022024-05_23_58.txt

 

~ ZHPCleaner v2024.1.26.4 by Nicolas Coolman (2024/01/26)
~ Run by TRABALHO (Administrator)  (04/02/2024 05:32:18)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\TRABALHO\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\TRABALHO\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 11, 64-bit  (Build 22631)

---\\  Alternate Data Stream (ADS). (1)
MOVED file ADS: C:\Users\TRABALHO\Desktop\adwcleaner.exe:MBAM.Zone.Identifier  =>.SUP.FileADS

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (0)

---\\  Hosts file (1)
~ The hosts file is legitimate (40)

---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\  Explorer ( File, Folder) (5)
MOVED file: C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default\History    =>.SUP.BrowserHistoric
MOVED file: C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>Préférences Chromium
MOVED folder: C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data  =>.SUP.BrowserCache
MOVED folder: C:\Users\TRABALHO\AppData\Local\Opera Software\Opera GX Stable\User Data\Default\Cache\Cache_Data  =>.SUP.BrowserCache
MOVED folder: C:\Users\TRABALHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc  =>.SUP.Discord

---\\  Registry ( Key, Value, Data) (6)
DELETED key*: HKEY_USERS\S-1-5-21-1323919425-2868841928-406510748-1001\SOFTWARE\Discord []  =>.SUP.Discord
DELETED key*: HKEY_USERS\S-1-5-21-1323919425-2868841928-406510748-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r []  =>Adware.Navipromo
DELETED key*: HKEY_USERS\S-1-5-21-1323919425-2868841928-406510748-1001\SOFTWARE\Classes\Discord [URL:Discord Protocol]  =>.SUP.Discord
DELETED key**: HKCU\Software\Discord []  =>.SUP.Discord
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Discord [Discord Inc.]  =>.SUP.Discord
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Discord ["C:\Users\TRABALHO\AppData\Local\Discord\Update.ex]  =>.SUP.Discord

---\\  Summary of the elements found (6)
https://nicolascoolman.eu/2018/01/04/ads-alternate-data-stream/  =>.SUP.FileADS
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/  =>.SUP.BrowserHistoric
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Préférences Chromium
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/  =>.SUP.BrowserCache
https://nicolascoolman.eu/forum/Topic/Discord-logiciel-potentiellement-superflu-lps/  =>.SUP.Discord
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Adware.Navipromo

---\\  Other deletions. (1)
~ Registry Keys Tracing deleted (1)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Microsoft Edge OK
~ Microsoft Internet Explorer OK
~ Opera GX Stable OK

---\\ Statistics
~ Items scanned : 1007
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 10/18

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of clean in 00h00mn46s

---\\  Reports (2)
ZHPCleaner-[S]-04022024-05_23_58.txt
ZHPCleaner-[R]-04022024-05_33_04.txt
 

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 03.02.2024 01
Executado por TRABALHO (administrador) em DESKTOP-SSLIQE0 (LENOVO 81FE) (04-02-2024 05:35:48)
Executando a partir de C:\Users\TRABALHO\Desktop\FRST64.exe
Perfis Carregados: TRABALHO
Plataforma: Microsoft Windows 11 Home Single Language Versão 23H2 22631.3085 (X64) Idioma: Português (Brasil)
Navegador padrão: Opera
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391120 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2019-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Update: Restrição <==== ATENÇÃO
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\Run: [MicrosoftEdgeAutoLaunch_50410CDD4A9F1DAE2FAEDE25E7E7B27B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788840 2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4388200 2024-01-12] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37277648 2024-01-29] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\Run: [AF_uuid_2426960] => 867ea0d9-ea16-4584-88a1-b4a73e69f7a3*SystemValue.f32*ÿÿÿJþ,÷*e***’*aü* (Nenhum Arquivo)
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\Run: [AF_counter_2426960] => 3 (Nenhum Arquivo)
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\TRABALHO\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [66107808 2024-02-04] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\TRABALHO\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Nenhum Arquivo)
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\RunOnce: [Uninstall 24.010.0114.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\TRABALHO\AppData\Local\Microsoft\OneDrive\24.010.0114.0001" [0 2024-02-04] () <==== ATENÇÃO [zero byte Arquivo/Pasta]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> 

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {512B2D13-C03E-4D57-9CA2-4CEC7F43A79A} - System32\Tasks\Meta\Messenger-WSP-Helper-S-1-5-21-1323919425-2868841928-406510748-1001 => MessengerHelper.exe  --lassie (Nenhum Arquivo)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (Nenhum Arquivo)
Task: {149D86C2-871B-4866-9411-3B981EC89C59} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (Nenhum Arquivo)
Task: {638A0828-D0FC-4E83-AC15-AC26856F0708} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (Nenhum Arquivo)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Nenhum Arquivo)
Task: {199162E6-0993-4353-A231-A32CC7B2A592} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {46A87619-D840-4844-B57C-E262B6D0F328} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C3135BCB-32E9-48D5-B3A1-F0CE9E4A6A86} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CCCA5E1-BDFC-4C0F-B9CD-89F123EC8F01} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2024-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2CC086DE-6FF5-4514-8A85-770826CCD61E} - System32\Tasks\Opera GX scheduled Autoupdate 1706399164 => C:\Users\TRABALHO\AppData\Local\Programs\Opera GX\launcher.exe [2294176 2024-01-24] (Opera Norway AS -> Opera Software)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 45.179.204.210 45.179.204.212
Tcpip\..\Interfaces\{42041366-6997-4692-9972-5fe7a858278f}: [DhcpNameServer] 45.179.204.210 45.179.204.212
Tcpip\..\Interfaces\{893d0040-60c7-4743-adf3-73110ada85df}: [DhcpNameServer] 45.179.204.210 45.179.204.212

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-04]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-02-04]
Edge Extension: (Documentos Google off-line) - C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-27]
Edge Extension: (Edge relevant text changes) - C:\Users\TRABALHO\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-27]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-1323919425-2868841928-406510748-1001) Opera GXStable - "C:\Users\TRABALHO\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S3 LibreOfficeMaintenance; C:\Program Files\LibreOffice\program\update_service.exe [123320 2024-01-29] (The Document Foundation -> The Document Foundation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-02] (Malwarebytes Inc. -> Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [13405720 2023-12-27] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-01-27] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Arquivo não assinado]
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl3c3004dc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9722245-4129-42BF-96A0-F1DBEF9176C8}\MpKslDrv.sys [263560 2024-02-04] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2024-01-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2024-01-27] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2024-01-27] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Três meses (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2024-02-04 05:35 - 2024-02-04 05:36 - 000011607 _____ C:\Users\TRABALHO\Desktop\FRST.txt
2024-02-04 05:35 - 2024-02-04 05:36 - 000000000 ____D C:\FRST
2024-02-04 05:33 - 2024-02-04 05:33 - 000010738 _____ C:\Users\TRABALHO\Desktop\ZHPCleaner (R).html
2024-02-04 05:33 - 2024-02-04 05:33 - 000003743 _____ C:\Users\TRABALHO\Desktop\ZHPCleaner (R).txt
2024-02-04 05:23 - 2024-02-04 05:23 - 000010444 _____ C:\Users\TRABALHO\Desktop\ZHPCleaner (S).html
2024-02-04 05:23 - 2024-02-04 05:23 - 000003558 _____ C:\Users\TRABALHO\Desktop\ZHPCleaner (S).txt
2024-02-04 05:18 - 2024-02-04 05:33 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\ZHP
2024-02-04 05:18 - 2024-02-04 05:18 - 000000878 _____ C:\Users\TRABALHO\Desktop\ZHPCleaner.lnk
2024-02-04 05:18 - 2024-02-04 05:18 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\ZHP
2024-02-04 05:14 - 2024-02-04 05:14 - 002389504 _____ (Farbar) C:\Users\TRABALHO\Desktop\FRST64.exe
2024-02-04 05:11 - 2024-02-04 05:11 - 003363488 _____ (Nicolas Coolman) C:\Users\TRABALHO\Desktop\ZHPCleaner.exe
2024-02-04 05:06 - 2024-02-04 05:17 - 000000000 ____D C:\AdwCleaner
2024-02-04 05:06 - 2024-02-04 05:06 - 008797968 _____ (Malwarebytes) C:\Users\TRABALHO\Desktop\adwcleaner.exe
2024-02-04 04:37 - 2024-02-04 04:37 - 000000000 ___HD C:\OneDriveTemp
2024-02-04 04:26 - 2024-02-04 04:26 - 000000000 ____H C:\Users\TRABALHO\Documents\Default.rdp
2024-02-04 04:17 - 2024-02-04 04:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Meta
2024-02-04 03:34 - 2024-02-04 03:34 - 000731272 _____ C:\WINDOWS\system32\prfh0416.dat
2024-02-04 03:34 - 2024-02-04 03:34 - 000146442 _____ C:\WINDOWS\system32\prfc0416.dat
2024-02-04 03:27 - 2024-02-04 03:27 - 000000000 ____D C:\WINDOWS\Panther
2024-02-04 03:18 - 2024-02-04 03:18 - 000000000 ____D C:\Users\TRABALHO\.android
2024-02-04 02:45 - 2024-02-04 02:45 - 000000000 ___RD C:\Users\TRABALHO\Documents\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe!App
2024-02-04 02:19 - 2024-02-04 02:19 - 000000000 ____D C:\Users\TRABALHO\Downloads\Telegram Desktop
2024-02-03 02:40 - 2024-02-03 02:40 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\com.com2us.smon.pc.steam.global.normal
2024-02-03 02:40 - 2023-12-27 16:22 - 013405720 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2024-02-03 02:39 - 2024-02-03 20:33 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\SummonersWarSteam
2024-02-03 02:39 - 2024-02-03 02:40 - 000000000 ____D C:\ProgramData\SummonersWarSteam
2024-02-03 02:39 - 2024-02-03 02:39 - 000000016 _____ C:\ProgramData\mntemp
2024-02-03 02:39 - 2024-02-03 02:39 - 000000000 ____D C:\Program Files\Common Files\INCA Shared
2024-02-03 02:36 - 2024-02-03 02:36 - 000000223 _____ C:\Users\TRABALHO\Desktop\Summoners War.url
2024-02-03 01:51 - 2024-02-03 01:51 - 000019222 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-03 01:49 - 2024-02-03 01:49 - 000019222 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-03 01:25 - 2024-02-04 03:34 - 001682094 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-03 01:25 - 2024-02-03 01:25 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2024-02-03 01:23 - 2024-02-04 04:37 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1323919425-2868841928-406510748-1001
2024-02-03 01:23 - 2024-02-04 04:37 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1323919425-2868841928-406510748-1001
2024-02-03 01:23 - 2024-02-04 03:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-03 01:23 - 2024-02-03 01:23 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2024-02-03 01:23 - 2024-02-03 01:23 - 000011433 _____ C:\WINDOWS\diagerr.xml
2024-02-03 01:23 - 2024-02-03 01:23 - 000003602 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-03 01:23 - 2024-02-03 01:23 - 000003548 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1706399164
2024-02-03 01:23 - 2024-02-03 01:23 - 000003378 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-03 01:23 - 2024-02-03 01:23 - 000000020 ___SH C:\Users\TRABALHO\ntuser.ini
2024-02-03 01:20 - 2024-02-03 01:20 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2024-02-03 01:20 - 2024-02-03 01:20 - 000000000 ____D C:\ProgramData\Dolby
2024-02-03 01:20 - 2024-02-03 01:20 - 000000000 ____D C:\Program Files\Dolby
2024-02-03 01:19 - 2024-02-03 01:19 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2024-02-03 01:18 - 2024-02-04 03:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-03 01:18 - 2024-02-04 03:26 - 000001527 _____ C:\WINDOWS\system32\config\VSMIDK
2024-02-03 01:18 - 2024-02-03 02:11 - 000445920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-03 01:12 - 2024-02-03 01:18 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Microsoft\Crypto
2024-02-03 01:12 - 2024-02-03 01:12 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Microsoft\SystemCertificates
2024-02-03 01:12 - 2024-02-03 01:12 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Microsoft\Network
2024-02-03 01:10 - 2024-02-03 01:18 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2024-02-03 01:09 - 2024-02-04 03:27 - 000000000 ____D C:\Users\TRABALHO
2024-02-03 01:09 - 2024-02-03 01:25 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Microsoft\Windows
2024-02-03 01:09 - 2024-02-03 01:23 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Microsoft\Spelling
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Modelos
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Meus Documentos
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Menu Iniciar
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Documents\Minhas Músicas
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Documents\Minhas Imagens
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Documents\Meus Vídeos
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Dados de Aplicativos
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Configurações Locais
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\AppData\Local\Histórico
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\AppData\Local\Dados de Aplicativos
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Ambiente de Rede
2024-02-03 01:09 - 2024-02-03 01:09 - 000000000 _SHDL C:\Users\TRABALHO\Ambiente de Impressão
2024-02-03 01:08 - 2024-02-03 01:10 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2024-02-03 00:59 - 2024-02-03 00:59 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2024-02-03 00:48 - 2024-02-03 00:51 - 000000036 _____ C:\WINDOWS\progress.ini
2024-02-03 00:41 - 2024-02-03 00:41 - 000000000 ____D C:\CLientes IPTV
2024-02-03 00:40 - 2024-02-03 00:48 - 000000000 ___HD C:\$GetCurrent
2024-02-03 00:40 - 2024-02-03 00:48 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2024-02-03 00:33 - 2024-02-03 00:33 - 000001360 _____ C:\Users\TRABALHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2024-02-03 00:33 - 2024-02-03 00:33 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\PCHealthCheck
2024-02-02 22:00 - 2024-02-02 22:00 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\GOG.com
2024-02-02 21:59 - 2024-02-02 21:59 - 000000000 ____D C:\Program Files (x86)\Microsoft XNA
2024-02-02 21:57 - 2024-02-02 23:17 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\StardewValley
2024-02-02 21:56 - 2024-02-03 02:36 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-02-02 21:56 - 2024-02-02 21:56 - 000000222 _____ C:\Users\TRABALHO\Desktop\Stardew Valley.url
2024-02-02 20:24 - 2024-02-02 20:24 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\LibreOffice
2024-02-02 20:23 - 2024-02-03 01:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 24.2
2024-02-02 20:23 - 2024-02-02 20:23 - 000001207 _____ C:\Users\Public\Desktop\LibreOffice 24.2.lnk
2024-02-02 20:20 - 2024-02-02 20:21 - 000000000 ____D C:\Program Files\LibreOffice
2024-02-02 20:12 - 2024-02-03 00:41 - 000000000 ____D C:\Users\TRABALHO\Desktop\CLientes IPTV
2024-02-02 02:49 - 2024-02-02 02:56 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Fing
2024-02-02 02:48 - 2024-02-02 02:48 - 000000000 ____D C:\Program Files\RUXIM
2024-02-02 02:47 - 2024-02-02 02:47 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\FingAgent
2024-02-02 02:46 - 2024-02-02 02:56 - 000000000 ____D C:\Program Files\Npcap
2024-02-02 02:46 - 2024-02-02 02:46 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\fing-updater
2024-02-02 02:35 - 2024-02-02 02:35 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\mbam
2024-02-02 02:33 - 2024-02-04 03:27 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\Malwarebytes
2024-02-02 02:33 - 2024-02-02 02:33 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-02 02:33 - 2024-02-02 02:33 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-02 02:32 - 2024-02-02 02:32 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-02 02:32 - 2024-02-02 02:32 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-02 02:17 - 2024-02-02 02:17 - 000000017 _____ C:\Users\TRABALHO\AppData\Local\resmon.resmoncfg
2024-02-02 00:10 - 2024-02-02 00:13 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-01-30 12:55 - 2024-02-03 00:41 - 000000000 ____D C:\Users\TRABALHO\Documents\Nova pasta
2024-01-30 00:56 - 2024-02-02 02:39 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\ElevatedDiagnostics
2024-01-29 19:34 - 2024-02-04 03:12 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\purpleiptv
2024-01-29 15:35 - 2024-01-29 15:35 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\NVIDIA Corporation
2024-01-29 15:34 - 2024-02-03 02:39 - 000000000 ____D C:\ProgramData\Package Cache
2024-01-29 15:32 - 2024-01-29 15:32 - 000001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2024-01-29 15:32 - 2024-01-29 15:32 - 000001280 _____ C:\Users\Public\Desktop\Epic Games Launcher.lnk
2024-01-29 15:32 - 2024-01-29 15:32 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\UnrealEngineLauncher
2024-01-29 15:32 - 2024-01-29 15:32 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\UnrealEngine
2024-01-29 15:32 - 2024-01-29 15:32 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\EpicGamesLauncher
2024-01-29 15:32 - 2024-01-29 15:32 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\Epic Games
2024-01-29 15:31 - 2024-01-29 15:35 - 000000000 ____D C:\ProgramData\Epic
2024-01-29 15:31 - 2024-01-29 15:32 - 000000000 ____D C:\Program Files (x86)\Epic Games
2024-01-29 15:27 - 2024-02-04 05:11 - 000000000 ____D C:\Program Files (x86)\Steam
2024-01-29 15:27 - 2024-02-03 01:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2024-01-29 15:27 - 2024-01-29 15:33 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\Steam
2024-01-29 15:27 - 2024-01-29 15:27 - 000001032 _____ C:\Users\Public\Desktop\Steam.lnk
2024-01-29 15:27 - 2024-01-29 15:27 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\CEF
2024-01-29 13:42 - 2024-02-02 23:30 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\discord
2024-01-29 13:42 - 2024-02-02 22:56 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\Discord
2024-01-29 13:42 - 2024-02-02 21:49 - 000002242 _____ C:\Users\TRABALHO\Desktop\Discord.lnk
2024-01-29 13:42 - 2024-01-29 13:42 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\SquirrelTemp
2024-01-29 12:47 - 2024-01-29 12:47 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\cache
2024-01-29 12:42 - 2024-02-04 03:34 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Telegram Desktop
2024-01-29 12:42 - 2024-02-03 01:18 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2024-01-29 12:42 - 2024-01-29 12:42 - 000001041 _____ C:\Users\TRABALHO\Desktop\Telegram.lnk
2024-01-27 21:44 - 2024-01-27 21:44 - 000000000 ____D C:\ProgramData\PLUG
2024-01-27 20:52 - 2024-02-04 03:19 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\D3DSCache
2024-01-27 20:52 - 2024-02-03 01:38 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2024-01-27 20:51 - 2020-03-29 23:48 - 000464832 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDUninstall.exe
2024-01-27 20:51 - 2019-05-09 19:49 - 000185232 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSS2_I2C.sys
2024-01-27 20:47 - 2024-02-04 03:27 - 000000000 __SHD C:\Users\TRABALHO\IntelGraphicsProfiles
2024-01-27 20:47 - 2024-01-27 21:45 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\Intel
2024-01-27 20:47 - 2024-01-27 20:47 - 000000000 ____D C:\ProgramData\Intel
2024-01-27 20:46 - 2024-01-27 20:46 - 000001447 _____ C:\Users\TRABALHO\Desktop\Navegador Opera GX.lnk
2024-01-27 20:46 - 2024-01-27 20:46 - 000001437 _____ C:\Users\TRABALHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera GX.lnk
2024-01-27 20:46 - 2024-01-27 20:46 - 000000000 ____D C:\Users\TRABALHO\AppData\LocalLow\Intel
2024-01-27 20:46 - 2024-01-27 20:46 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\Opera Software
2024-01-27 20:44 - 2022-08-31 20:15 - 000048896 _____ (Lenovo Group Ltd.) C:\WINDOWS\system32\Drivers\AcpiVpc.sys
2024-01-27 20:44 - 2020-10-12 07:15 - 000338432 _____ (Intel Corporation) C:\WINDOWS\system32\JHI64.dll
2024-01-27 20:44 - 2020-10-12 07:15 - 000322560 _____ (Intel Corporation) C:\WINDOWS\system32\TEEManagement64.dll
2024-01-27 20:44 - 2020-10-12 07:15 - 000273408 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\JHI.dll
2024-01-27 20:44 - 2020-10-12 07:15 - 000260608 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\TEEManagement.dll
2024-01-27 20:42 - 2024-01-27 20:42 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Opera Software
2024-01-27 20:41 - 2024-02-04 03:27 - 000000000 ____D C:\Intel
2024-01-27 20:41 - 2024-01-27 20:41 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2024-01-27 20:40 - 2024-01-27 20:40 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\OneDrive
2024-01-27 20:38 - 2021-01-25 08:44 - 001790200 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-01-27 20:38 - 2021-01-25 08:44 - 001790200 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-01-27 20:38 - 2021-01-25 08:44 - 001386232 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-01-27 20:38 - 2021-01-25 08:44 - 001386232 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-01-27 20:38 - 2021-01-25 08:44 - 001096288 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-01-27 20:38 - 2021-01-25 08:44 - 001096288 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-01-27 20:38 - 2021-01-25 08:44 - 000949344 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-01-27 20:38 - 2021-01-25 08:44 - 000949344 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-01-27 20:38 - 2021-01-25 08:44 - 000306000 _____ C:\WINDOWS\system32\libmfxhw64.dll
2024-01-27 20:38 - 2021-01-25 08:44 - 000254528 _____ C:\WINDOWS\SysWOW64\libmfxhw32.dll
2024-01-27 20:38 - 2021-01-25 08:44 - 000171472 _____ (Intel Corporation) C:\WINDOWS\system32\intel_gfx_api-x64.dll
2024-01-27 20:38 - 2021-01-25 08:44 - 000146760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\intel_gfx_api-x86.dll
2024-01-27 20:37 - 2024-02-03 01:18 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-01-27 20:34 - 2024-02-04 04:11 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\PlaceholderTileLogoFolder
2024-01-27 20:33 - 2020-03-29 23:48 - 001269184 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDCtrl.exe
2024-01-27 20:33 - 2020-03-29 23:48 - 000743872 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2024-01-27 20:33 - 2020-03-29 23:48 - 000642496 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDCmds.dll
2024-01-27 20:33 - 2020-03-29 23:48 - 000509376 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\ETDApix.dll
2024-01-27 20:33 - 2020-03-29 23:48 - 000470976 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDFavorite.dll
2024-01-27 20:33 - 2020-03-29 23:48 - 000464832 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDUn_inst.exe
2024-01-27 20:33 - 2020-03-29 23:48 - 000431040 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\ETDApi.dll
2024-01-27 20:33 - 2020-03-29 23:48 - 000427456 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\LenovoAPI.dll
2024-01-27 20:33 - 2020-03-29 23:48 - 000399296 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDCtrlHelper.exe
2024-01-27 20:33 - 2020-03-29 23:48 - 000254912 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDService.exe
2024-01-27 20:33 - 2020-03-29 23:48 - 000134080 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDTouch.exe
2024-01-27 20:32 - 2024-02-03 01:20 - 000527912 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2024-01-27 20:32 - 2024-02-03 01:20 - 000000000 ____D C:\WINDOWS\system32\DAX3
2024-01-27 20:32 - 2024-02-03 01:20 - 000000000 ____D C:\WINDOWS\system32\DAX2
2024-01-27 20:32 - 2024-02-03 01:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2024-01-27 20:32 - 2024-02-03 01:19 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2024-01-27 20:32 - 2024-02-03 01:10 - 000000000 ____D C:\Program Files\Realtek
2024-01-27 20:32 - 2024-02-01 23:48 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Microsoft\MMC
2024-01-27 20:32 - 2024-01-27 20:32 - 000000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2024-01-27 20:32 - 2024-01-27 20:32 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2024-01-27 20:32 - 2024-01-27 20:32 - 000000000 ____D C:\Program Files (x86)\Realtek
2024-01-27 20:31 - 2020-03-29 23:48 - 000030144 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETDHCF.sys
2024-01-27 20:31 - 2019-10-21 07:36 - 007178576 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 007101848 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 006840616 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2024-01-27 20:31 - 2019-10-21 07:36 - 005347120 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 004120032 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 003819928 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 003677176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2024-01-27 20:31 - 2019-10-21 07:36 - 003340512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 003159880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 002930256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 001971472 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 001544384 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 001372488 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 001353424 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 001259832 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 001159280 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000453376 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000406552 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000378488 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000343808 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000333112 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000278376 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000193112 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000157448 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000139864 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000122424 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000090272 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2024-01-27 20:31 - 2019-10-21 07:36 - 000023800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2024-01-24 09:42 - 2024-01-29 13:33 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\Comms
2024-01-23 14:17 - 2024-02-04 04:37 - 000000000 ___RD C:\Users\TRABALHO\OneDrive
2024-01-23 14:15 - 2024-02-04 05:08 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\Packages
2024-01-23 14:15 - 2024-02-04 05:08 - 000000000 ____D C:\ProgramData\Packages
2024-01-23 14:15 - 2024-02-04 04:20 - 000000000 ___SD C:\Users\TRABALHO\AppData\Roaming\Microsoft\Credentials
2024-01-23 14:15 - 2024-02-03 01:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-01-23 14:15 - 2024-01-30 11:57 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\ConnectedDevicesPlatform
2024-01-23 14:15 - 2024-01-27 20:42 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\Publishers
2024-01-23 14:15 - 2024-01-23 14:15 - 000000000 ___SD C:\Users\TRABALHO\AppData\Roaming\Microsoft\Protect
2024-01-23 14:15 - 2024-01-23 14:15 - 000000000 ___RD C:\Users\TRABALHO\3D Objects
2024-01-23 14:15 - 2024-01-23 14:15 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Microsoft\Vault
2024-01-23 14:15 - 2024-01-23 14:15 - 000000000 ____D C:\Users\TRABALHO\AppData\Roaming\Adobe
2024-01-23 14:15 - 2024-01-23 14:15 - 000000000 ____D C:\Users\TRABALHO\AppData\Local\VirtualStore
2024-01-23 14:14 - 2024-02-04 04:37 - 000002394 _____ C:\Users\TRABALHO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-01-23 14:10 - 2024-02-02 00:14 - 000000000 ____D C:\WINDOWS\SoftwareDistribution.old
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Usuário Padrão
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Todos os Usuários
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Public\Documents\Minhas Músicas
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Public\Documents\Minhas Imagens
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Public\Documents\Meus Vídeos
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Modelos
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Meus Documentos
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Menu Iniciar
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Documents\Minhas Músicas
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Documents\Minhas Imagens
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Documents\Meus Vídeos
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Dados de Aplicativos
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Configurações Locais
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\AppData\Local\Histórico
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\AppData\Local\Dados de Aplicativos
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Ambiente de Rede
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Users\Default\Ambiente de Impressão
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\ProgramData\Modelos
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programas
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\ProgramData\Menu Iniciar
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\ProgramData\Documentos
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\ProgramData\Dados de Aplicativos
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Program Files\Common Files\Sistema
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Program Files\Arquivos Comuns
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Documents and Settings
2024-01-23 14:10 - 2024-01-23 14:10 - 000000000 _SHDL C:\Arquivos de Programas
2024-01-23 14:09 - 2024-02-03 01:20 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-23 14:09 - 2024-02-03 01:20 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-01-23 14:09 - 2024-01-27 20:42 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-01-23 14:09 - 2024-01-23 14:09 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2024-01-23 14:08 - 2024-02-04 03:26 - 000012288 ___SH C:\DumpStack.log.tmp
2023-12-03 23:53 - 2024-02-03 02:09 - 000000000 ____D C:\WINDOWS\InboxApps

==================== Três meses (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2024-02-04 05:35 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-04 05:27 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-04 05:27 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-04 05:27 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-04 04:41 - 2022-05-07 02:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-04 04:16 - 2022-05-07 02:22 - 000000000 ____D C:\WINDOWS\INF
2024-02-04 01:31 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-02-03 04:47 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\appcompat
2024-02-03 02:21 - 2022-05-07 02:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-02-03 02:09 - 2023-10-01 04:04 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\UUS
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-03 02:09 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Common Files\System
2024-02-03 02:09 - 2022-05-07 02:17 - 000000000 ____D C:\WINDOWS\servicing
2024-02-03 02:05 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-03 01:57 - 2022-05-07 07:40 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2024-02-03 01:57 - 2022-05-07 02:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2024-02-03 01:57 - 2022-05-07 02:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2024-02-03 01:57 - 2022-05-07 02:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2024-02-03 01:57 - 2022-05-07 02:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2024-02-03 01:23 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Windows NT
2024-02-03 01:23 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Windows Defender
2024-02-03 01:23 - 2022-05-07 02:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-03 01:21 - 2022-05-07 02:24 - 000000000 __RHD C:\Users\Public\Libraries
2024-02-03 01:21 - 2022-05-07 02:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-02-03 01:19 - 2022-05-07 02:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2024-02-03 01:18 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2024-02-03 01:18 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\system32\spool
2024-02-03 01:18 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-02-03 01:18 - 2022-05-07 02:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-02-03 01:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-02-03 01:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2024-02-03 01:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2024-02-03 01:09 - 2022-05-07 02:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2024-02-03 01:08 - 2022-05-07 02:28 - 000000000 ____D C:\WINDOWS\Setup
2024-01-23 14:12 - 2019-12-07 11:55 - 000000000 ____D C:\WINDOWS\system32\FxsTmp

==================== Arquivos na raiz de alguns diretórios ========

2024-02-02 02:17 - 2024-02-02 02:17 - 000000017 _____ () C:\Users\TRABALHO\AppData\Local\resmon.resmoncfg

==================== SigCheckExt =========================

2024-02-04 05:14 - 2024-02-04 05:14 - 002389504 _____ (Farbar) C:\Users\TRABALHO\Desktop\FRST64.exe
2024-02-04 05:11 - 2024-02-04 05:11 - 003363488 _____ (Nicolas Coolman) C:\Users\TRABALHO\Desktop\ZHPCleaner.exe

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== BCD ================================

Gerenciador de Inicialização de Firmware
----------------------------------------
identificador           {fwbootmgr}
displayorder            {bootmgr}
                        {38ee30e3-ba11-11ee-b30e-85e67bcc19f1}
                        {38ee30e4-ba11-11ee-b30e-85e67bcc19f1}
                        {38ee30e5-ba11-11ee-b30e-85e67bcc19f1}
timeout                 0

Gerenciador de Inicialização do Windows
---------------------------------------
identificador           {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  pt-BR
inherit                 {globalsettings}
default                 {current}
resumeobject            {1eed8d3d-c24b-11ee-a9bc-6432a873510e}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Aplicativo de Firmware (101fffff)
---------------------------------
identificador           {38ee30e3-ba11-11ee-b30e-85e67bcc19f1}
description             EFI USB Device

Aplicativo de Firmware (101fffff)
---------------------------------
identificador           {38ee30e4-ba11-11ee-b30e-85e67bcc19f1}
description             EFI DVD/CDROM

Aplicativo de Firmware (101fffff)
---------------------------------
identificador           {38ee30e5-ba11-11ee-b30e-85e67bcc19f1}
description             EFI Network

Aplicativo de Firmware (101fffff)
---------------------------------
identificador           {38ee30e6-ba11-11ee-b30e-85e67bcc19f1}
description             EFI Network 0 for IPv6 (64-1C-67-A5-55-22) 

Aplicativo de Firmware (101fffff)
---------------------------------
identificador           {38ee30e7-ba11-11ee-b30e-85e67bcc19f1}
device                  unknown
description             EFI USB Device (Generic Flash Disk)

Carregador de Inicialização do Windows
--------------------------------------
identificador           {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.efi
description             Windows 11
locale                  pt-BR
inherit                 {bootloadersettings}
recoverysequence        {1eed8d40-c24b-11ee-a9bc-6432a873510e}
displaymessageoverride  Recovery
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {1eed8d3d-c24b-11ee-a9bc-6432a873510e}
nx                      OptIn
bootmenupolicy          Standard

Carregador de Inicialização do Windows
--------------------------------------
identificador           {1eed8d40-c24b-11ee-a9bc-6432a873510e}
device                  ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{1eed8d41-c24b-11ee-a9bc-6432a873510e}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  pt-BR
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume4]\Recovery\WindowsRE\Winre.wim,{1eed8d41-c24b-11ee-a9bc-6432a873510e}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Carregador de Inicialização do Windows
--------------------------------------
identificador           {38ee30ea-ba11-11ee-b30e-85e67bcc19f1}
device                  ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{38ee30eb-ba11-11ee-b30e-85e67bcc19f1}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  pt-br
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{38ee30eb-ba11-11ee-b30e-85e67bcc19f1}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Continuar da Hibernação
-----------------------
identificador           {1eed8d3d-c24b-11ee-a9bc-6432a873510e}
device                  partition=C:
path                    \WINDOWS\system32\winresume.efi
description             Windows Resume Application
locale                  pt-BR
inherit                 {resumeloadersettings}
recoverysequence        {1eed8d40-c24b-11ee-a9bc-6432a873510e}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
custom:21000026         partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Testador de Memória do Windows
------------------------------
identificador           {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \EFI\Microsoft\Boot\memtest.efi
description             Diagnóstico de Memória do Windows
locale                  pt-BR
inherit                 {globalsettings}
badmemoryaccess         Yes

Configurações de EMS
--------------------
identificador           {emssettings}
bootems                 No

Configurações do Depurador
--------------------------
identificador           {dbgsettings}
debugtype               Local

Defeitos de RAM
---------------
identificador           {badmemory}

Configurações Globais
---------------------
identificador           {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Configurações do Carregador de Inicialização
--------------------------------------------
identificador           {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Configurações do Hypervisor
---------------------------
identificador           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Configurações do Carregador de Retorno
--------------------------------------
identificador           {resumeloadersettings}
inherit                 {globalsettings}

Opções de dispositivo
---------------------
identificador           {1eed8d41-c24b-11ee-a9bc-6432a873510e}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume4
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

==================== Fim de FRST.txt ========================

 

 

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 03.02.2024 01
Executado por TRABALHO (04-02-2024 05:38:33)
Executando a partir de C:\Users\TRABALHO\Desktop
Microsoft Windows 11 Home Single Language Versão 23H2 22631.3085 (X64) (2024-02-03 04:23:22)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-1323919425-2868841928-406510748-500 - Administrator - Disabled)
Convidado (S-1-5-21-1323919425-2868841928-406510748-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-1323919425-2868841928-406510748-503 - Limited - Disabled)
TRABALHO (S-1-5-21-1323919425-2868841928-406510748-1001 - Administrator - Enabled) => C:\Users\TRABALHO
WDAGUtilityAccount (S-1-5-21-1323919425-2868841928-406510748-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Assistente de Instalação do Windows 11 (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.3630 - Microsoft Corporation)
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{2F1303E1-450D-4C17-86F8-CBE1F8F1A683}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LibreOffice 24.2.0.3 (HKLM\...\{5A433714-C509-4707-BF0C-410D3FBCE8B3}) (Version: 24.2.0.3 - The Document Foundation)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.98 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.98 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\OneDriveSetup.exe) (Version: 24.010.0114.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (HKLM-x32\...\{8bdfe669-9705-4184-9368-db9ce581e0e7}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (HKLM-x32\...\{410c0ee1-00bb-41b6-9772-e12c2828b02f}) (Version: 14.36.32532.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (HKLM\...\{0025DD72-A959-45B5-A0A3-7EFEB15A8050}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (HKLM\...\{D5D19E2F-7189-42FE-8103-92CD1FA457C2}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (HKLM-x32\...\{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (HKLM-x32\...\{73F77E4E-5A17-46E5-A5FC-8A061047725F}) (Version: 14.36.32532 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Opera GX Stable 106.0.4998.61 (HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\Opera GX 106.0.4998.61) (Version: 106.0.4998.61 - Opera Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Telegram Desktop (HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.14.13 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
Verificação de integridade do PC Windows (HKLM\...\{28DD96C4-D58E-4F60-BC47-5A3E45BA0169}) (Version: 3.7.2204.15001 - Microsoft Corporation)

Packages:
=========
Centro de comando de gráficos Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5287.0_x64__8j3eq9eme6ctt [2024-01-27] (INTEL CORP) [Startup Task]
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1000.389.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corp.)
Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.91.0_x64__8wekyb3d8bbwe [2024-02-03] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-02-03] (Microsoft Corporation)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0 [2024-02-03] (Spotify AB) [Startup Task]
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_4.14.9.0_x64__t4vj0pshhgkwm [2024-02-04] (Telegram Messenger LLP) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm [2024-02-04] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-03] (Microsoft Corporation)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-02] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Atalhos & WMI ========================

==================== Módulos Carregados (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Modo de Segurança (Whitelisted) ==================

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2019-12-07 06:14 - 2024-02-04 05:17 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-1323919425-2868841928-406510748-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img19.jpg
DNS Servers: 45.179.204.210 - 45.179.204.212
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_50410CDD4A9F1DAE2FAEDE25E7E7B27B"
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\StartupApproved\Run: => "AF_uuid_2426960"
HKU\S-1-5-21-1323919425-2868841928-406510748-1001\...\StartupApproved\Run: => "AF_counter_2426960"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Pontos de Restauração =========================

03-02-2024 01:24:16 Instalador de Módulos do Windows
04-02-2024 05:31:58 ZHPcleaner

==================== Dispositivos Apresentando Falhas No Gerenciador ============

Name: Intel(R) Dual Band Wireless-AC 3165
Description: Intel(R) Dual Band Wireless-AC 3165
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (02/04/2024 05:07:49 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1018) (User: DESKTOP-SSLIQE0)
Description: Coleta de dados de contador de desempenho desabilitada nesta seção do serviço "Lsa" porque a biblioteca de contadores de desempenho desse serviço gerou um ou mais erros. Os erros que forçaram essa ação foram gravados no log de eventos do aplicativo.

Error: (02/04/2024 05:07:49 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1005) (User: DESKTOP-SSLIQE0)
Description: A tentativa de localizar o procedimento Open "OpenLsaPerformanceData" na DLL "C:\Windows\System32\Secur32.dll" para o serviço "Lsa" falhou com o código de erro do Win32 127. Os dados de desempenho desse serviço não estarão disponíveis.

Error: (02/04/2024 04:17:30 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1018) (User: DESKTOP-SSLIQE0)
Description: Coleta de dados de contador de desempenho desabilitada nesta seção do serviço "Lsa" porque a biblioteca de contadores de desempenho desse serviço gerou um ou mais erros. Os erros que forçaram essa ação foram gravados no log de eventos do aplicativo.

Error: (02/04/2024 04:17:30 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1005) (User: DESKTOP-SSLIQE0)
Description: A tentativa de localizar o procedimento Open "OpenLsaPerformanceData" na DLL "C:\Windows\System32\Secur32.dll" para o serviço "Lsa" falhou com o código de erro do Win32 127. Os dados de desempenho desse serviço não estarão disponíveis.

Error: (02/04/2024 04:15:25 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1018) (User: DESKTOP-SSLIQE0)
Description: Coleta de dados de contador de desempenho desabilitada nesta seção do serviço "Lsa" porque a biblioteca de contadores de desempenho desse serviço gerou um ou mais erros. Os erros que forçaram essa ação foram gravados no log de eventos do aplicativo.

Error: (02/04/2024 04:15:25 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1005) (User: DESKTOP-SSLIQE0)
Description: A tentativa de localizar o procedimento Open "OpenLsaPerformanceData" na DLL "C:\Windows\System32\Secur32.dll" para o serviço "Lsa" falhou com o código de erro do Win32 127. Os dados de desempenho desse serviço não estarão disponíveis.

Erros de Sistema:
=============
Error: (02/04/2024 05:17:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Dolby DAX2 API Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/04/2024 05:17:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Steam Client Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/04/2024 05:17:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Intel(R) Content Protection HECI Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/04/2024 05:17:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Intel(R) Graphics Command Center Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/04/2024 05:17:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Intel(R) Storage Middleware Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/04/2024 05:17:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Intel(R) Dynamic Application Loader Host Interface Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/04/2024 05:17:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Intel(R) HD Graphics Control Panel Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (02/04/2024 05:17:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço ELAN Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

==================== Informações da Memória =========================== 

BIOS: LENOVO 8TCN51WW 12/08/2018
placa-mãe: LENOVO LNVNB161216
Processador: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentagem de memória em uso: 30%
RAM física total: 12197.22 MB
RAM física disponível: 8486.3 MB
Virtual Total: 20901.22 MB
Virtual disponível: 17487.23 MB

==================== Drives ================================

Drive () (Fixed) (Total:222.68 GB) (Free:156.5 GB) (Model: KINGSTON SA400S37240G) NTFS

\\?\Volume{4741ef42-8391-4495-93c1-462e98182f8d}\ () (Fixed) (Total:0.77 GB) (Free:0.07 GB) NTFS
\\?\Volume{4e2c36fa-9453-43a4-9d3c-e7fa77db8a6e}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 0BC4A28F)

Partition: GPT.

==================== Fim de Addition.txt =======================

 

 

AdwCleaner[C00].txt AdwCleaner[S00].txt Addition.txt FRST.txt Shortcut.txt ZHPCleaner (R).txt ZHPCleaner (S).txt