tiagodelazari

@Elias Pereira Fiz 3 prints. O interessante é que quando o processo SYSTEM apareceu na lista, o cooler disparou e permaneceu disparado por vários minutos. No mesmo instante que eu acionei o mouse enquanto o cooler estava disparado, o processo SYSTEM sumiu da listagem. ANTES: o cooler não estava disparado DURANTE: depois de alguns instantes que o cooler começou a funcionar à toda velocidade DEPOIS: após eu acionar o mouse, o cooler para. fiz o print nesse momento

@Elias Pereira Muito obrigado pela atenção. A situação está como antes, desativei o simulador de mouse e o cooler dispara da mesma forma. Não sendo problema de malware, você tem alguma ideia do que pode ser? Eu já removi todos os programas possíveis da inicialização e não tem nada que aparente ser a causa

@Elias Pereira, feito: Fix result of Farbar Recovery Scan Tool (x64) Version: 25-03-2023 Ran by new (26-03-2023 22:11:09) Run:1 Running from C:\Users\new\Desktop Loaded Profiles: new Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Uninstall 23.043.0226.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\23.043.0226.0001" (No File) Task: {01F6E445-4536-4F25-AFE2-6413F0953C48} - System32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC) Task: {12B9D87A-FC82-4338-8EE1-564393BCE3B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716704 2023-03-10] (Mozilla Corporation -> Mozilla Foundation) Task: {3F67D174-3127-4E35-8267-C73D69D5E15C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {510F66DA-01C8-4741-81FE-7A48558CBD64} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {6B614712-421A-47AA-9A41-A24434C7A784} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File) Task: {7FDFA37F-7A63-4818-A8AB-AC4C1750544A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File) Task: {A7101C17-F1CE-4D4C-9282-FF8E202CF366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File) Task: {B87CF236-4E63-411D-9F52-5FBDFB51AC8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File) Task: {B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.) Task: {C7DD9CDD-CCD4-4564-AA82-9714227A4AAE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {CD921B18-63BA-48CE-94D9-1C5024308F14} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Task: {CE6DCEE4-09C3-498C-892A-1F66F36DD355} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {D5BBE5D3-9E2B-440D-A3D7-39E735CADAF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.) Task: {FFE29333-1F82-4343-8C96-0BA0C8EE4E93} - System32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC) S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe" [X] S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe" [X] FirewallRules: [{D5B220B8-B787-4F57-A348-122432CCCBDE}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\Zoom.exe => No File FirewallRules: [{C9FD64B3-8E96-44AF-9900-6090D8676B4F}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{7F175414-8172-4882-8DA9-72C59E905C9B}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [TCP Query User{2A14A24E-C029-49EE-A5FB-2F33B138DE92}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{2FA23ABA-D31E-4243-8879-890A97F36419}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File FirewallRules: [TCP Query User{D4D68022-A4DF-46C1-91D5-D06F8B51CAF0}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{DC3F6576-167E-4A9C-8556-20C7CDEFD8F7}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File FirewallRules: [TCP Query User{BDBAAC99-65E4-4706-9409-B90FE598DB48}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [UDP Query User{7D89EA86-9274-4AB6-B922-84CF0B569BBD}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [TCP Query User{6CAF497F-E00D-4012-841B-D885DF5387C2}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [UDP Query User{CB7AAAEA-79FE-441F-9177-7CC0C137A14C}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [TCP Query User{E05E512B-5894-46D9-BCFF-13C3A624D402}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{F296CCC1-A120-49CC-90EA-642295EF3737}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File FirewallRules: [TCP Query User{C512A18E-A5F3-42F7-88FF-BF11747B5C1D}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [UDP Query User{25D45B14-4E62-46AF-9269-8E1230B5309C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [TCP Query User{8031F840-5C09-4FCE-AFCF-8052B79BF03C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [UDP Query User{5885233D-76D7-44B7-805D-B1D8D656FF30}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Update Binary" => not found "HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Delete Cached Standalone Update Binary" => not found "HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall 23.043.0226.0001" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01F6E445-4536-4F25-AFE2-6413F0953C48}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F6E445-4536-4F25-AFE2-6413F0953C48}" => removed successfully C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12B9D87A-FC82-4338-8EE1-564393BCE3B6}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12B9D87A-FC82-4338-8EE1-564393BCE3B6}" => removed successfully C:\Windows\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F67D174-3127-4E35-8267-C73D69D5E15C}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F67D174-3127-4E35-8267-C73D69D5E15C}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{510F66DA-01C8-4741-81FE-7A48558CBD64}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{510F66DA-01C8-4741-81FE-7A48558CBD64}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B614712-421A-47AA-9A41-A24434C7A784}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B614712-421A-47AA-9A41-A24434C7A784}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Verification" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FDFA37F-7A63-4818-A8AB-AC4C1750544A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FDFA37F-7A63-4818-A8AB-AC4C1750544A}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7101C17-F1CE-4D4C-9282-FF8E202CF366}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7101C17-F1CE-4D4C-9282-FF8E202CF366}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B87CF236-4E63-411D-9F52-5FBDFB51AC8A}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B87CF236-4E63-411D-9F52-5FBDFB51AC8A}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F}" => removed successfully C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7DD9CDD-CCD4-4564-AA82-9714227A4AAE}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7DD9CDD-CCD4-4564-AA82-9714227A4AAE}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD921B18-63BA-48CE-94D9-1C5024308F14}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD921B18-63BA-48CE-94D9-1C5024308F14}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Office\Office Performance Monitor => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Performance Monitor" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CE6DCEE4-09C3-498C-892A-1F66F36DD355}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE6DCEE4-09C3-498C-892A-1F66F36DD355}" => removed successfully C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5BBE5D3-9E2B-440D-A3D7-39E735CADAF2}" => not found C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFE29333-1F82-4343-8C96-0BA0C8EE4E93}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFE29333-1F82-4343-8C96-0BA0C8EE4E93}" => removed successfully C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1}" => removed successfully HKLM\System\CurrentControlSet\Services\WdNisSvc => could not remove, key could be protected HKLM\System\CurrentControlSet\Services\WinDefend => could not remove, key could be protected "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D5B220B8-B787-4F57-A348-122432CCCBDE}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9FD64B3-8E96-44AF-9900-6090D8676B4F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F175414-8172-4882-8DA9-72C59E905C9B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2A14A24E-C029-49EE-A5FB-2F33B138DE92}D:\tryd6\jre\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2FA23ABA-D31E-4243-8879-890A97F36419}D:\tryd6\jre\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4D68022-A4DF-46C1-91D5-D06F8B51CAF0}D:\tryd_novo\jre\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DC3F6576-167E-4A9C-8556-20C7CDEFD8F7}D:\tryd_novo\jre\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{BDBAAC99-65E4-4706-9409-B90FE598DB48}D:\pppoker\database\pppoker.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7D89EA86-9274-4AB6-B922-84CF0B569BBD}D:\pppoker\database\pppoker.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6CAF497F-E00D-4012-841B-D885DF5387C2}D:\pppoker\database\pppoker.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CB7AAAEA-79FE-441F-9177-7CC0C137A14C}D:\pppoker\database\pppoker.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E05E512B-5894-46D9-BCFF-13C3A624D402}D:\tryd_btg\jre\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F296CCC1-A120-49CC-90EA-642295EF3737}D:\tryd_btg\jre\bin\javaw.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C512A18E-A5F3-42F7-88FF-BF11747B5C1D}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{25D45B14-4E62-46AF-9269-8E1230B5309C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8031F840-5C09-4FCE-AFCF-8052B79BF03C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5885233D-76D7-44B7-805D-B1D8D656FF30}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe" => removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= Restore point was successfully created. =========== EmptyTemp: ========== FlushDNS => completed BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 299835708 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B Windows/system/drivers => 43242127 B Edge => 0 B Chrome => 361037015 B Firefox => 88022548 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 867112 B new => 388159697 B RecycleBin => 25115777 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-03-2023 22:15:16) Result of scheduled keys to remove after reboot: HKLM\System\CurrentControlSet\Services\WdNisSvc => could not remove, key could be protected HKLM\System\CurrentControlSet\Services\WinDefend => could not remove, key could be protected ==== End of Fixlog 22:15:16 ====

@Elias Pereira Segue abaixo e anexo: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-03-2023 Ran by new (administrator) on VAIO-TIAGO (VAIO VJF155F11X-B0311B) (21-03-2023 10:43:01) Running from C:\Users\new\Desktop Loaded Profiles: new Platform: Microsoft Windows 10 Home Single Language Version 22H2 19045.2604 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (explorer.exe ->) (ellabi) C:\Program Files\WindowsApps\1258EllAbi.MoveMouse_4.16.2.0_x64__hjfwaxvfbwh7t\Source\Move Mouse.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14> (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (services.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) D:\DU Meter\DUMeterSvc.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) D:\AnyDesk\AnyDesk.exe <2> (svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (svchost.exe ->) (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) D:\DU Meter\DUMeter.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23012.167.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2300_none_7e14edbc7c88b7d5\TiWorker.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3326348feda52885\RtkAudUService64.exe [1232240 2021-02-01] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => D:\itunes\iTunesHelper.exe [366944 2022-12-08] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [EpicPen] => C:\Program Files (x86)\Epic Pen\EpicPen.exe [543120 2023-03-02] (Tank Studios (Tank Studios Limited) -> Tank Studios Limited) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\Run: [DU Meter] => D:\DU Meter\DUMeter.exe [9798824 2018-02-11] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (No File) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\RunOnce: [Uninstall 23.043.0226.0001] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\new\AppData\Local\Microsoft\OneDrive\23.043.0226.0001" (No File) HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\111.0.5563.65\Installer\chrmstp.exe [2023-03-10] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2021-03-23] ShortcutTarget: AnyDesk.lnk -> D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01F6E445-4536-4F25-AFE2-6413F0953C48} - System32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC) Task: {12B9D87A-FC82-4338-8EE1-564393BCE3B6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716704 2023-03-10] (Mozilla Corporation -> Mozilla Foundation) Task: {3F67D174-3127-4E35-8267-C73D69D5E15C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {510F66DA-01C8-4741-81FE-7A48558CBD64} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26296808 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {6B614712-421A-47AA-9A41-A24434C7A784} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (No File) Task: {7FDFA37F-7A63-4818-A8AB-AC4C1750544A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (No File) Task: {A7101C17-F1CE-4D4C-9282-FF8E202CF366} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (No File) Task: {B87CF236-4E63-411D-9F52-5FBDFB51AC8A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (No File) Task: {B9BBCF23-ECD0-4EF9-8412-CF91DE865F3F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.) Task: {C7DD9CDD-CCD4-4564-AA82-9714227A4AAE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {CD921B18-63BA-48CE-94D9-1C5024308F14} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [168840 2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Task: {CE6DCEE4-09C3-498C-892A-1F66F36DD355} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144232 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) Task: {D5BBE5D3-9E2B-440D-A3D7-39E735CADAF2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.) Task: {FFE29333-1F82-4343-8C96-0BA0C8EE4E93} - System32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2023-03-10] (Google LLC -> Google LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 213.228.129.69 213.228.129.70 Tcpip\..\Interfaces\{c8384b8e-4dba-4927-be92-e988793dfe81}: [DhcpNameServer] 213.228.129.69 213.228.129.70 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default [2023-03-21] Edge DownloadDir: Default -> C:\Users\new\Desktop Edge Extension: (AdBlock — best ad blocker) - C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2023-02-21] FireFox: ======== FF DefaultProfile: j14ehhyy.default FF ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\j14ehhyy.default [2023-01-12] FF ProfilePath: C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\u8ugabfx.default-release [2023-03-10] FF Extension: (Language: Português (BR)) - C:\Users\new\AppData\Roaming\Mozilla\Firefox\Profiles\u8ugabfx.default-release\Extensions\[email protected] [2023-03-10] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-03-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> D:\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> D:\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.18 -> D:\VLC\npvlc.dll [2022-10-25] (VideoLAN -> VideoLAN) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default [2023-03-19] CHR Extension: (Urban VPN Proxy) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\eppiocemhmnlbhjplcgkofciiegomcon [2023-03-16] CHR Extension: (Google Docs Offline) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-03-10] CHR Extension: (AdBlock — best ad blocker) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-03-12] CHR Extension: (Chrome Web Store Payments) - C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-03-10] CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-03-13] CHR Profile: C:\Users\new\AppData\Local\Google\Chrome\User Data\System Profile [2023-03-13] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-02-01] (Adobe Inc. -> Adobe Inc.) R2 AnyDesk; D:\AnyDesk\AnyDesk.exe [3853384 2022-08-17] (philandro Software GmbH -> AnyDesk Software GmbH) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103280 2022-09-01] (Apple Inc. -> Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12512768 2023-03-16] (Microsoft Corporation -> Microsoft Corporation) R2 DUMeterSvc; D:\DU Meter\DUMeterSvc.exe [5836968 2018-02-11] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) S4 FolderSize; D:\folder size\FolderSizeSvc.exe [163840 2013-02-13] (Brio) [File not signed] S4 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [299680 2021-10-09] (HP Inc. -> HP Inc.) S4 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] S4 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S4 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [10752 2022-05-02] () [File not signed] S3 WdNisSvc; "%ProgramData%\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe" [X] S2 WinDefend; "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe" [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R3 DUMeterDrv; D:\DU Meter\DUMETR64.SYS [31312 2018-02-11] (Hagel Technologies Ltd. -> Hagel Technologies Ltd.) S3 MpKsl2f9a9643; C:\Windows\system32\MpEngineStore\MpKslDrv.sys [134376 2022-01-14] (Microsoft Windows -> Microsoft Corporation) S3 Netaapl; C:\Windows\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2022-07-05] (CACE Technologies, Inc. -> CACE Technologies, Inc.) R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software) S3 tap0901; C:\Windows\System32\drivers\tap0901.sys [41008 2021-02-04] (McAfee, LLC. -> The OpenVPN Project) S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project) S3 usbscan; C:\Windows\system32\DRIVERS\usbscan.sys [49152 2020-11-19] (Microsoft Corporation) [File not signed] S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2022-02-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [438520 2022-02-11] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90360 2022-02-11] (Microsoft Windows -> Microsoft Corporation) S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [29592 2022-04-29] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC) S3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-12] (Microsoft Corporation -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-03-21 10:43 - 2023-03-21 10:43 - 000015844 _____ C:\Users\new\Desktop\FRST.txt 2023-03-21 10:41 - 2023-03-21 10:41 - 002378752 _____ (Farbar) C:\Users\new\Desktop\FRST64.exe 2023-03-16 20:00 - 2023-03-16 20:00 - 000000000 ____D C:\Users\new\AppData\Local\Psiphon3 2023-03-12 07:15 - 2023-03-21 10:43 - 000000000 ____D C:\FRST 2023-03-10 23:34 - 2023-03-10 23:34 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-03-10 23:33 - 2023-03-10 23:33 - 000003496 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{1861DB40-009E-43E4-A49A-06AF75D0C3D1} 2023-03-10 23:33 - 2023-03-10 23:33 - 000003372 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{9EF0A38D-E5FD-4531-BD73-2839F12C5468} 2023-03-10 23:33 - 2023-03-10 23:33 - 000002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-03-10 23:24 - 2023-03-10 23:24 - 000000000 ____D C:\KVRT2020_Data 2023-03-10 23:22 - 2023-03-10 23:22 - 000000000 ____D C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2023-03-10 23:22 - 2023-03-10 23:22 - 000000000 ____D C:\Users\new\AppData\Local\Zoom 2023-03-10 23:19 - 2023-03-10 23:19 - 000000000 ____D C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2023-03-10 23:19 - 2023-03-10 23:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2023-03-10 23:16 - 2023-03-10 23:35 - 000000000 ____D C:\SecurityCheck 2023-03-10 22:19 - 2023-03-10 22:19 - 000001389 _____ C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2023-03-10 22:19 - 2023-03-10 22:19 - 000000000 ____D C:\Users\new\AppData\Local\ESET 2023-03-07 18:17 - 2023-03-19 16:17 - 000000124 _____ C:\Users\new\Desktop\netempregos.txt 2023-03-04 16:37 - 2023-03-05 21:05 - 000000000 ____D C:\Users\new\AppData\Roaming\Epic Pen 2023-03-04 16:37 - 2023-03-04 16:38 - 000000000 ____D C:\Program Files (x86)\Epic Pen 2023-03-04 16:37 - 2023-03-04 16:37 - 000000000 ____D C:\Users\new\AppData\Local\BrightData 2023-03-04 16:37 - 2023-03-04 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Pen 2023-03-04 16:37 - 2023-03-04 16:37 - 000000000 ____D C:\ProgramData\BrightData 2023-03-02 18:14 - 2023-03-02 18:14 - 000002367 _____ C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk 2023-03-02 18:13 - 2023-03-02 18:15 - 000000000 ____D C:\Users\new\AppData\Local\SquirrelTemp 2023-03-01 21:15 - 2023-03-01 21:15 - 000000000 ___HD C:\$WinREAgent 2023-02-23 20:44 - 2023-02-23 20:44 - 000166900 _____ C:\Users\new\Desktop\CV Tiago Delazari - EN.pdf 2023-02-23 20:43 - 2023-02-23 20:43 - 000167431 _____ C:\Users\new\Desktop\CV Tiago Delazari - PT.pdf 2023-02-20 19:11 - 2023-03-18 11:19 - 000000091 _____ C:\Users\new\Desktop\datas.txt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-03-21 10:42 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\AppReadiness 2023-03-21 10:41 - 2021-03-23 10:55 - 000000000 ____D C:\Program Files (x86)\Google 2023-03-21 10:39 - 2021-12-12 17:27 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1842628812-1090097327-1321332273-1002 2023-03-21 10:39 - 2021-05-04 11:12 - 000003366 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1842628812-1090097327-1321332273-1002 2023-03-21 10:39 - 2021-05-04 11:12 - 000002386 _____ C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-03-21 10:39 - 2019-12-07 09:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-03-19 21:58 - 2021-03-22 19:35 - 000841010 _____ C:\Windows\system32\PerfStringBackup.INI 2023-03-19 21:58 - 2019-12-07 09:13 - 000000000 ____D C:\Windows\INF 2023-03-19 21:54 - 2021-03-22 19:28 - 000008192 ___SH C:\DumpStack.log.tmp 2023-03-19 21:54 - 2020-11-18 23:29 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-03-19 21:54 - 2019-12-07 09:03 - 000786432 _____ C:\Windows\system32\config\BBI 2023-03-19 21:31 - 2021-12-24 01:38 - 000000000 ____D C:\Users\new\AppData\Roaming\ZHP 2023-03-19 18:28 - 2019-12-07 09:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-03-19 15:26 - 2020-11-18 23:31 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-03-18 12:59 - 2023-01-12 14:08 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-03-18 12:59 - 2023-01-12 14:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-03-18 12:59 - 2021-04-05 00:14 - 000000000 ____D C:\Program Files\WinRAR 2023-03-16 18:49 - 2021-04-27 13:28 - 000000000 ____D C:\Program Files\Microsoft Office 2023-03-12 09:26 - 2020-11-18 23:28 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-03-12 07:11 - 2022-03-27 16:11 - 000000000 ____D C:\ProgramData\Package Cache 2023-03-11 00:22 - 2021-06-09 01:39 - 000007624 _____ C:\Users\new\AppData\Local\Resmon.ResmonCfg 2023-03-11 00:16 - 2019-12-07 09:03 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-03-10 23:34 - 2023-01-12 14:08 - 000001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-03-10 23:34 - 2023-01-12 14:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-03-10 23:34 - 2021-09-13 16:35 - 000000000 ____D C:\Users\new\AppData\LocalLow\Mozilla 2023-03-10 23:33 - 2021-04-27 19:17 - 000000000 ____D C:\Users\new\AppData\Local\Google 2023-03-10 23:31 - 2023-02-10 13:09 - 000000000 ____D C:\Users\new\AppData\Local\Lacuna Software 2023-03-10 23:31 - 2022-05-03 20:28 - 000000000 ____D C:\Program Files (x86)\SpeedFan 2023-03-10 23:26 - 2021-03-23 16:42 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2023-03-10 23:25 - 2022-10-17 20:38 - 000002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2023-03-10 23:22 - 2021-04-30 12:56 - 000000000 ____D C:\Users\new\AppData\Roaming\Zoom 2023-03-10 23:21 - 2021-04-27 20:32 - 000000000 ____D C:\Users\new\AppData\Roaming\vlc 2023-03-08 00:00 - 2021-04-27 19:17 - 000000000 ____D C:\Users\new\AppData\Local\PlaceholderTileLogoFolder 2023-03-08 00:00 - 2021-04-27 19:17 - 000000000 ____D C:\Users\new\AppData\Local\Packages 2023-03-08 00:00 - 2020-11-18 23:32 - 000000000 ____D C:\ProgramData\Packages 2023-03-06 20:25 - 2020-11-18 23:31 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-03-06 20:25 - 2020-11-18 23:31 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-03-05 16:03 - 2021-04-27 20:02 - 000000000 ____D C:\Users\new\AppData\Roaming\obs-studio 2023-03-04 16:44 - 2021-04-28 15:53 - 000000000 ____D C:\Users\new\AppData\Local\D3DSCache 2023-03-02 11:13 - 2020-11-18 23:28 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT 2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\SystemResources 2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\system32\setup 2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\ServiceState 2023-03-02 11:13 - 2019-12-07 09:14 - 000000000 ____D C:\Windows\bcastdvr 2023-03-01 21:21 - 2019-12-07 09:03 - 000000000 ____D C:\Windows\CbsTemp 2023-03-01 21:20 - 2020-11-18 23:31 - 003015680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-03-01 18:48 - 2021-03-22 23:25 - 000000000 ____D C:\Windows\system32\MRT 2023-03-01 18:46 - 2021-03-22 23:25 - 149955784 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-02-28 21:40 - 2020-11-18 23:32 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-02-19 18:48 - 2023-02-15 19:08 - 000000052 _____ C:\Users\new\Desktop\linkedin link.txt ==================== Files in the root of some directories ======== 2021-06-09 01:39 - 2023-03-11 00:22 - 000007624 _____ () C:\Users\new\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-03-2023 Ran by new (21-03-2023 10:43:45) Running from C:\Users\new\Desktop Microsoft Windows 10 Home Single Language Version 22H2 19045.2604 (X64) (2021-03-22 19:30:50) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1842628812-1090097327-1321332273-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1842628812-1090097327-1321332273-503 - Limited - Disabled) Guest (S-1-5-21-1842628812-1090097327-1321332273-501 - Limited - Disabled) humbe (S-1-5-21-1842628812-1090097327-1321332273-1003 - Limited - Disabled) new (S-1-5-21-1842628812-1090097327-1321332273-1002 - Administrator - Enabled) => C:\Users\new tiago (S-1-5-21-1842628812-1090097327-1321332273-1004 - Administrator - Disabled) WDAGUtilityAccount (S-1-5-21-1842628812-1090097327-1321332273-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 23.001.20064 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601042}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.0.14 - philandro Software GmbH) Aplicativo Itaú (HKLM-x32\...\{215CACF7-0910-4B53-83BE-B54A2C9BD0B7}) (Version: 1.0.179 - Banco Itaú) Aplicativo Itaú (HKLM-x32\...\{4B6778AC-BABE-44D4-BDF3-1BA382F7D580}) (Version: 1.0.162 - Banco Itaú) Apple Mobile Device Support (HKLM\...\{065D0CC8-C382-48AF-8A88-0DD3366EB26C}) (Version: 16.0.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Coldmind Aplicativo para windows (HKLM-x32\...\{695AFF57-2B8F-4764-BDA6-73A57BAA6F32}) (Version: 2.001 - Coldmind) DU Meter (HKLM-x32\...\DUMeter3_is1) (Version: 7.30 - Hagel Technologies Ltd.) Epic Pen (HKLM-x32\...\Epic Pen_is1) (Version: v3.11.50.0 - Tank Studios ltd) Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 111.0.5563.65 - Google LLC) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 25.20.100.6518 - Intel Corporation) iTunes (HKLM\...\{D309D5F1-21A1-4DB3-BDFF-A60E40ABC1F6}) (Version: 12.12.7.1 - Apple Inc.) Microsoft 365 - en-gb (HKLM\...\O365HomePremRetail - en-gb) (Version: 16.0.16130.20306 - Microsoft Corporation) Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.16130.20306 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.44 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 111.0.1661.44 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\OneDriveSetup.exe) (Version: 23.048.0305.0002 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\Teams) (Version: 1.6.00.1381 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 110.0.1 (x64 en-US)) (Version: 110.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 108.0.2 - Mozilla) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 26.1.1 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden plugin Autenticação.Gov (HKLM-x32\...\{53B4E1E3-E963-4B23-9AE8-D7F5D5871CBE}) (Version: 2.0.63 - Agência para a Modernização Administrativa) TurboTop 2.8 (HKLM-x32\...\TurboTop_is1) (Version: 2.8.0.21 - Savard Software) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.18 - VideoLAN) WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\ZoomUMX) (Version: 5.13.11 (13434) - Zoom vídeo Communications, Inc.) Packages: ========= AV1 vídeo Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2023-03-03] (Microsoft Corporation) Move Mouse -> C:\Program Files\WindowsApps\1258EllAbi.MoveMouse_4.16.2.0_x64__hjfwaxvfbwh7t [2023-03-08] (ellabi) [Startup Task] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.23.242.0_x64__dt26b99r8h8gj [2021-04-27] (Realtek Semiconductor Corp) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-22] (Microsoft Corporation) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x64__8wekyb3d8bbwe [2023-02-27] (Microsoft Corporation) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.777.2143.0_x86__8wekyb3d8bbwe [2023-02-27] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1842628812-1090097327-1321332273-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\new\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22349.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1842628812-1090097327-1321332273-1002_Classes\CLSID\{272D2E65-05FB-4500-BD7B-5905D5B0A1B8}\localserver32 -> C:\Users\new\AppData\Roaming\Nelogica\Profit\profitchart.exe => No File ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\shellext.dll -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\shellext.dll -> No File ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Windows Defender\shellext.dll -> No File ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_23508498288091ea\igfxDTCM.dll [2019-01-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2021-04-27 19:44 - 2018-02-11 18:16 - 000578216 _____ (Hagel Technologies Ltd. -> SQLite Development Team) [File not signed] D:\DU Meter\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData:chnpbmzkyg [370] AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [2834] AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [370] AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [2834] AlternateDataStreams: C:\ProgramData\Application Data:chnpbmzkyg [370] AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [2834] ==================== Safe Mode (Whitelisted) ================== ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-03-03] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 09:14 - 2021-03-23 16:49 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKCU\Environment\\Path -> %USERPROFILE%\AppData\Local\Microsoft\WindowsApps HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\Control Panel\Desktop\\Wallpaper -> D:\OneDrive\Viagens\2021-11 - Austria\20211128_112234968_iOS.jpg DNS Servers: 213.228.129.69 - 213.228.129.70 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0) HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\SOFTWARE\Microsoft\Windows Security Health\State => (AppAndBrowser_StoreAppsSmartScreenOff: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: cplspcon => 2 MSCONFIG\Services: edgeupdate => 2 MSCONFIG\Services: edgeupdatem => 3 MSCONFIG\Services: Fax => 3 MSCONFIG\Services: FolderSize => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HPPrintScanDoctorService => 2 MSCONFIG\Services: ibtsiva => 2 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) TPM Provisioning Service => 2 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: lfsvc => 3 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MapsBroker => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: Net Driver HPZ12 => 2 MSCONFIG\Services: NordUpdaterService => 2 MSCONFIG\Services: nordvpn-service => 2 MSCONFIG\Services: Pml Driver HPZ12 => 2 MSCONFIG\Services: RtkAudioUniversalService => 2 MSCONFIG\Services: SDRSVC => 3 MSCONFIG\Services: SetupARService => 2 MSCONFIG\Services: SynTPEnhService => 2 MSCONFIG\Services: TapiSrv => 3 MSCONFIG\Services: Themes => 2 MSCONFIG\Services: WbioSrvc => 3 MSCONFIG\Services: WpcMonSvc => 3 MSCONFIG\Services: WSearch => 2 MSCONFIG\Services: wuauserv => 3 MSCONFIG\Services: XblAuthManager => 3 MSCONFIG\Services: XblGameSave => 3 MSCONFIG\Services: XboxGipSvc => 3 MSCONFIG\Services: XboxNetApiSvc => 3 HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "EpicPen" HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\StartupApproved\StartupFolder: => "Valid Agent Server - Cliente.lnk" HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_16B04F625458F19E7BAFDD89867ECCBC" HKU\S-1-5-21-1842628812-1090097327-1321332273-1002\...\StartupApproved\Run: => "NordVPN" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D5B220B8-B787-4F57-A348-122432CCCBDE}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\Zoom.exe => No File FirewallRules: [{C9FD64B3-8E96-44AF-9900-6090D8676B4F}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{7F175414-8172-4882-8DA9-72C59E905C9B}] => (Allow) C:\Users\tiago\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [TCP Query User{5B6AD09D-3F33-4F31-A566-9704FBE01F37}D:\tryd\jre\bin\javaw.exe] => (Allow) D:\tryd\jre\bin\javaw.exe FirewallRules: [UDP Query User{DCEA9890-A2A3-4BD7-AE2E-BE028E54B5F5}D:\tryd\jre\bin\javaw.exe] => (Allow) D:\tryd\jre\bin\javaw.exe FirewallRules: [TCP Query User{2A14A24E-C029-49EE-A5FB-2F33B138DE92}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{2FA23ABA-D31E-4243-8879-890A97F36419}D:\tryd6\jre\bin\javaw.exe] => (Allow) D:\tryd6\jre\bin\javaw.exe => No File FirewallRules: [{26A76D04-999E-4F7B-827E-A2FD536C2D4B}] => (Allow) C:\Users\new\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom vídeo Communications, Inc. -> Zoom vídeo Communications, Inc.) FirewallRules: [{CF2C59E7-9453-4391-9D71-FFFE2789879B}] => (Allow) C:\Users\new\AppData\Roaming\Zoom\bin\airhost.exe (Zoom vídeo Communications, Inc. -> Zoom vídeo Communications, Inc.) FirewallRules: [{21E54F97-DF44-48B2-87B6-FCD7AEB2A3D1}] => (Allow) C:\Users\new\AppData\Roaming\Zoom\bin\airhost.exe (Zoom vídeo Communications, Inc. -> Zoom vídeo Communications, Inc.) FirewallRules: [TCP Query User{D4D68022-A4DF-46C1-91D5-D06F8B51CAF0}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{DC3F6576-167E-4A9C-8556-20C7CDEFD8F7}D:\tryd_novo\jre\bin\javaw.exe] => (Allow) D:\tryd_novo\jre\bin\javaw.exe => No File FirewallRules: [{7CB32806-A2EF-4D71-A28B-444C2557E301}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F2C844AB-B469-4C1C-8256-842306D42DDC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4C1961E6-DE63-4BCC-932B-D48C8DEB44E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{ADC2D47E-F7F0-40CF-947F-F8552FC2C08A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{BDBAAC99-65E4-4706-9409-B90FE598DB48}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [UDP Query User{7D89EA86-9274-4AB6-B922-84CF0B569BBD}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [TCP Query User{6CAF497F-E00D-4012-841B-D885DF5387C2}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [UDP Query User{CB7AAAEA-79FE-441F-9177-7CC0C137A14C}D:\pppoker\database\pppoker.exe] => (Allow) D:\pppoker\database\pppoker.exe => No File FirewallRules: [TCP Query User{E05E512B-5894-46D9-BCFF-13C3A624D402}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File FirewallRules: [UDP Query User{F296CCC1-A120-49CC-90EA-642295EF3737}D:\tryd_btg\jre\bin\javaw.exe] => (Allow) D:\tryd_btg\jre\bin\javaw.exe => No File FirewallRules: [TCP Query User{C512A18E-A5F3-42F7-88FF-BF11747B5C1D}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [UDP Query User{25D45B14-4E62-46AF-9269-8E1230B5309C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [TCP Query User{8031F840-5C09-4FCE-AFCF-8052B79BF03C}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [UDP Query User{5885233D-76D7-44B7-805D-B1D8D656FF30}C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe] => (Allow) C:\users\new\appdata\roaming\valid\valid agent server - cliente\vagent.exe => No File FirewallRules: [{AFD3AAF7-DFC3-4F4A-8A91-655F8CEF5F08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{72D27552-E169-41F4-B4AA-EA5DB56081D2}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.) FirewallRules: [{C82283E1-F033-4F2D-8E63-BAF5DFDBBBD0}] => (Allow) C:\HP\Diagnostics\PSDR\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.) FirewallRules: [{ABDF6C39-F96A-4F49-AE7F-B620D06D93DF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{12373063-44B1-4EE9-B42E-C53AF66D4BF9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3B6EF6EA-D5CF-4940-90EB-66F57F498623}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CD8E1674-B3A4-4C8D-9E0D-67D30EC778B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{98996901-111B-448B-8E80-10999744DB78}] => (Allow) D:\itunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1B969E85-D2E8-4E44-B636-EBD1246C2BE1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D4982ED5-49CE-45D9-B56C-1E39A4B9B333}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{BF1637E5-3144-4844-B739-9FBFE966E9FA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{75D3BB61-54F5-4909-A3FE-805A66EACF2A}] => (Allow) C:\Users\new\AppData\Local\Temp\utorrent\utorrent.exe (Rainberry Inc -> BitTorrent Inc.) FirewallRules: [{204CB1E2-F054-44CE-A577-293BA13D3AF4}] => (Allow) C:\Users\new\AppData\Local\Temp\utorrent\utorrent.exe (Rainberry Inc -> BitTorrent Inc.) FirewallRules: [{8AC32740-DE7C-44D0-A410-17D301896DD6}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.44\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0D32948B-3DEC-4AA1-B91B-F5AECAB804A5}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{3DBEC96B-7F0A-4173-8961-9D8E9931400A}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{B9819D22-D4B1-4360-8F58-B9751D6A2E0B}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{3CD4B02A-85C6-4EBE-8BC4-E6A9FE093218}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{65362C77-3BD8-4C0E-BFDC-D8D59D4EDA14}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{52BEDD8C-B2B2-4B4B-80E5-A424F6367D18}] => (Allow) D:\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) ==================== Restore Points ========================= 16-03-2023 19:39:14 MS 19-03-2023 21:31:29 ZHPcleaner ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (03/16/2023 10:32:08 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (03/16/2023 10:32:07 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (03/16/2023 10:32:07 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (03/16/2023 10:32:07 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (03/16/2023 10:32:07 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (03/16/2023 10:32:07 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (03/16/2023 10:32:07 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 Error: (03/16/2023 10:32:07 AM) (Source: AnyDesk) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (03/19/2023 09:54:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinDefend service failed to start due to the following error: The system cannot find the file specified. Error: (03/19/2023 09:21:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The DU Meter Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/19/2023 09:21:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Serviço Clique para Executar do Microsoft Office service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (03/19/2023 09:21:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (03/19/2023 09:21:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Serviço do Bonjour service terminated unexpectedly. It has done this 1 time(s). Error: (03/18/2023 10:09:37 PM) (Source: Netwtw04) (EventID: 5010) (User: ) Description: Intel(R) Dual Band Wireless-AC 3165 : The network adapter has returned an invalid value to the driver. 5010 - Driver DBG_ASSERT - instead of BSOD Error: (03/18/2023 01:03:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinDefend service failed to start due to the following error: The system cannot find the file specified. Error: (03/18/2023 12:59:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WinDefend service failed to start due to the following error: The system cannot find the file specified. Windows Defender: ================ Date: 2022-03-08 17:43:42 Description: The window cannot act on the sent message. Date: 2022-03-07 19:56:17 Description: The window cannot act on the sent message. Date: 2022-02-22 18:37:34 Description: The window cannot act on the sent message. Date: 2022-02-15 15:53:43 Description: The window cannot act on the sent message. Date: 2022-02-07 19:27:43 Description: The window cannot act on the sent message. Event[0]: Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. Date: 2022-02-02 08:38:57 Description: The specified driver is invalid. CodeIntegrity: =============== Date: 2023-03-21 10:42:26 Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume7\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== BIOS: Positivo Informatica SA 1.07.09X 06/13/2018 Motherboard: Positivo Informatica SA N250JU Processor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz Percentage of memory in use: 43% Total physical RAM: 8081.73 MB Available physical RAM: 4583.19 MB Total Virtual: 9361.73 MB Available Virtual: 6140.78 MB ==================== Drives ================================ Drive (SSD 120Gb) (Fixed) (Total:111.18 GB) (Free:61.19 GB) (Model: KINGSTON SA400M8120G) NTFS Drive d: (SATA 1Tb) (Fixed) (Total:930.88 GB) (Free:746.74 GB) (Model: WDC WD10SPZX-00Z10T0) NTFS \\?\Volume{a538e4a4-2cb0-414f-be1d-3f4932b4f711}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS \\?\Volume{719602c9-de27-4ce1-9e4f-e938067adffa}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS \\?\Volume{226041bf-672f-4d6e-b1e4-02eb14e33fc4}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.05 GB) FAT32 \\?\Volume{d39a4b69-93bf-404f-b14e-29e153748236}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 3B76CB12) Partition: GPT. ========================================================== Disk: 1 (Size: 111.8 GB) (Disk ID: 41BBEF3E) Partition: GPT. ==================== End of Addition.txt ======================= Addition.txt FRST.txt

@Elias Pereira obrigado pelo retorno, o ZHP gerou dois logs. seguem os 3 logs abaixo e anexo # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2022-10-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-19-2023 # Duration: 00:00:00 # OS: Windows 10 (Build 19045.2604) # Cleaned: 0 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1422 octets] - [24/12/2021 01:36:17] AdwCleaner[S01].txt - [1481 octets] - [12/03/2023 07:13:38] AdwCleaner[C01].txt - [1671 octets] - [12/03/2023 07:13:57] AdwCleaner[S02].txt - [1603 octets] - [19/03/2023 21:20:11] AdwCleaner[S03].txt - [1664 octets] - [19/03/2023 21:21:03] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C03].txt ########## ~ ZHPCleaner v2023.3.14.13 by Nicolas Coolman (2023/03/14) ~ Run by new (Administrator) (19/03/2023 21:23:29) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Type : Scan ~ Report : C:\Users\new\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\new\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home Single Language, 64-bit (Build 19045) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (22) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (2) FOUND file: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference ---\\ Registry ( Key, Value, Data) (1) FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX [Adobe Systems Incorporated] =>Riskware.FlashPlayer ---\\ Summary of the elements found (2) https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/ =>Riskware.FlashPlayer ---\\ Result of repair ~ Any repair made ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ---\\ Statistics ~ Items scanned : 101248 ~ Items found : 3 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of search in 00h07mn17s ---\\ Reports (3) ZHPCleaner-[R]-24122021-01_47_18.txt ZHPCleaner-[S]-24122021-01_46_03.txt ZHPCleaner-[S]-19032023-21_30_46.txt ~ ZHPCleaner v2023.3.14.13 by Nicolas Coolman (2023/03/14) ~ Run by new (Administrator) (19/03/2023 21:31:43) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Type : Repair ~ Report : C:\Users\new\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\new\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home Single Language, 64-bit (Build 19045) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (22) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (2) MOVED file: C:\Users\new\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\new\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium ---\\ Registry ( Key, Value, Data) (1) DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX [Adobe Systems Incorporated] =>Riskware.FlashPlayer ---\\ Summary of the elements found (2) https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/ =>Riskware.FlashPlayer ---\\ Other deletions. (2) ~ Registry Keys Tracing deleted (0) ~ Remove the old reports ZHPCleaner. (2) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ---\\ Statistics ~ Items scanned : 1401 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/17 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of clean in 00h00mn11s ---\\ Reports (2) ZHPCleaner-[S]-19032023-21_30_46.txt ZHPCleaner-[R]-19032023-21_31_54.txt AdwCleaner[C03].txt ZHPCleaner (R).txt ZHPCleaner (S).txt

Não tentei, queria deixar isso como última tentativa

Eu imaginei que poderia ser isso, desativei todas as atualizações e inativei o defender. O problema continua

Olá à todos. Desde muito tempo meu note acaba disparando o cooler depois de alguns minutos sem atividade. No task manager não identifico nenhum novo programa quando isso acontece, apenas o "system" que aumenta o consumo de CPU. Cansei de tentar resolver e achei um paliativo ao instalar um programa para simular movimento do mouse de tempos em tempos (Move Mouse). Resolveu, mas gostaria de ver se há algo a fazer para resolver em definitivo, por favor.

Olá à todos. Desde muito tempo meu note acaba disparando o cooler depois de alguns minutos sem atividade. Cansei de tentar resolver e achei um paliativo ao instalar um programa para simular movimento do mouse de tempos em tempos (Move Mouse). No task manager não identifico nenhum novo programa quando isso acontece, apenas o "system" que aumenta o consumo de CPU. Resolveu, mas gostaria de ver se há algo a fazer para resolver em definitivo, por favor. Addition.txt AdwCleaner[C01].txt FRST.txt