Ir ao conteúdo
  • Cadastre-se

Guilherme Vermelho

Membro Júnior
 Perfil  Explorar Conteúdo

  • Posts

    11

  • Cadastrado em

  • Última visita

Reputação

0
  1. Guilherme Vermelho
    Boa tarde, Os problemas iniciais foram eliminados. Muito obrigado pela ajuda!
  2. Guilherme Vermelho
    Olá, Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (05-10-2023 08:22:27) Run:6 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: C:\gitzwc C:\Perform\system.vbs C:\Netframework.4.5.2\Audio system.vbs C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk C:\Program Files\cmclient\CMClient.exe CMD: netsh advfirewall reset CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. "C:\gitzwc" pasta mover: C:\gitzwc => movido com sucesso "C:\Perform\system.vbs" => não encontrado (a) "C:\Netframework.4.5.2\Audio system.vbs" => não encontrado (a) "C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk" => não encontrado (a) C:\Program Files\cmclient\CMClient.exe => movido com sucesso ========= netsh advfirewall reset ========= Ok. ========= Fim de CMD: ========= ========= DISM /Online /Cleanup-Image /RestoreHealth ========= Ferramenta de Gerenciamento e Manuten‡Æo de Imagens de Implanta‡Æo VersÆo: 10.0.22621.1 VersÆo da Imagem: 10.0.22621.2283 [== 3.8% ] [== 4.8% ] [=== 5.7% ] [=== 6.7% ] [==== 7.7% ] [===== 8.7% ] [===== 9.4% ] [====== 10.4% ] [====== 11.4% ] [======= 12.4% ] [======= 13.4% ] [======== 14.3% ] [======== 15.3% ] [========= 16.3% ] [========== 17.3% ] [========== 18.3% ] [=========== 19.2% ] [=========== 20.2% ] [============ 20.9% ] [============ 21.9% ] [============ 22.3% ] [============= 22.5% ] [============= 23.5% ] [============== 24.5% ] [============== 25.4% ] [=============== 26.4% ] [=============== 27.4% ] [================ 28.4% ] [================ 28.9% ] [================= 29.9% ] [================= 30.9% ] [================== 31.8% ] [=================== 32.8% ] [=================== 33.8% ] [==================== 34.8% ] [==================== 35.5% ] [==================== 36.1% ] [===================== 37.1% ] [====================== 38.0% ] [====================== 39.0% ] [======================= 40.0% ] [======================= 40.5% ] [======================= 40.7% ] [======================= 41.3% ] [======================== 41.6% ] [======================== 42.3% ] [======================== 43.0% ] [========================= 43.8% ] [========================= 44.6% ] [========================== 45.6% ] [===========================46.6% ] [===========================47.5% ] [===========================48.5% ] [===========================49.5% ] [===========================50.5% ] [===========================51.5% ] [===========================52.5% ] [===========================53.3% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.3% ] [===========================54.3% ] [===========================54.4% ] [===========================54.5% ] [===========================54.9% ] [===========================54.9% ] [===========================55.1% ] [===========================55.2% ] [===========================55.3% ] [===========================55.4% ] [===========================55.5% ] [===========================55.5% ] [===========================55.6% ] [===========================55.7% ] [===========================55.8% ] [===========================55.9% ] [===========================56.1% ] [===========================56.4% ] [===========================56.5% ] [===========================56.8% ] [===========================56.9%= ] [===========================57.1%= ] [===========================57.1%= ] [===========================57.2%= ] [===========================57.9%= ] [===========================58.9%== ] [===========================59.5%== ] [===========================59.5%== ] [===========================62.3%==== ] [===========================77.4%============ ] [===========================84.9%================= ] [==========================100.0%==========================] Opera‡Æo de restaura‡Æo conclu¡da com ˆxito. A opera‡Æo foi conclu¡da com ˆxito. ========= Fim de CMD: ========= ========= SFC /scannow ========= Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído. Iniciando fase de verificação de verificação do sistema. Verificação 0% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 100% concluída. A Proteção de Recursos do Windows não encontrou nenhuma violação de integridade. ========= Fim de CMD: ========= ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== FlushDNS => completado BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7383814 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 24245252 B Windows/system/drivers => 252925 B Edge => 0 B Chrome => 707597488 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 359673 B systemprofile32 => 359673 B LocalService => 364361 B NetworkService => 364361 B guilh => 114800527 B RecycleBin => 0 B EmptyTemp: => 816.1 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 08:25:47 ====
  3. Guilherme Vermelho
    Desde a última correção não recebi mais mensagens de erro "Audio.exe" nem "grservices.exe"!
  4. Guilherme Vermelho
    Bom dia Segue o log Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (04-10-2023 08:30:34) Run:5 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: File: C:\gitzwc\gitzgame.gme StartBatch: cd C:\ dir /s /b audio.exe grservices.exe EndBatch: C:\Perform\system.vbs C:\Netframework.4.5.2\Audio system.vbs C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk C:\Program Files\cmclient\CMClient.exe HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142222176 2023-04-21] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk [2023-09-18] ShortcutTarget: Audio system.lnk -> C:\Netframework.4.5.2\Audio system.vbs () [Arquivo não assinado] Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2023-09-27] HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Google Update] => "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" (Nenhum Arquivo) Task: {5F1CB6D7-D0C5-4360-91AC-6910659D9ED3} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {ED067E53-E15E-4105-8A4A-899F205EEBD4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {55D107C6-901C-4424-8F3C-ABF145A479F7} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {6FFFABC0-6266-4279-A4D8-6F42D0EEB1E5} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A02431B2-42B3-4F0A-B3DB-B94C4234BBD4} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {01F7E411-E886-4B44-AD3E-FADF0993632B} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A40AAC01-48B9-4BA1-A2BB-F804D23E27F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {861C1CE1-0795-41E6-8580-64FDB8E95C30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {110FE0D4-14E2-40BC-BDD5-69B7F0FE89F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {40BED165-CD79-4218-94BD-1A1A62C8BB25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2B24477D-BB12-4687-8FC2-AF343EEBAFC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {8A85DBD9-2607-4BA0-A34A-C8AA8EE809BF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation) Task: {8B873C9A-4E90-4485-AB27-DEEA15A381E2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B47DF9F1-BC83-4320-AC7A-9D2601BC7F4D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D96B710F-5C35-441B-9775-871BDAF9E31B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F95AD09B-A64C-487C-A97B-48A8F0BE6777} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2CFA7857-B1EF-43B2-ACDE-C13F0579B427} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {66E3EADB-E4FA-4E77-89E8-7758C5DE92B0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {302A1CF7-4890-4F79-99A5-BC0C51BBA18A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4E4EEE33-4788-4B24-8B78-1F25937A338B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97}\localserver32 -> C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> ) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\guilh\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\116.0.5845.188\notification_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.292\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\guilh\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CMD: netsh advfirewall reset CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========================= File: C:\gitzwc\gitzgame.gme ======================== C:\gitzwc\gitzgame.gme O arquivo é assinado digitalmente MD5: 49D77A65FCC78F6C7B02C21EC3DAEB19 Data de criação e modificação: 2023-09-27 18:34 - 2020-08-15 11:47 Tamanho: 005247528 Atributos: ----A Nome Da Empresa: Porsche Consulting Ltda -> Softnyx Interno Nome: GunBound Original Nome: GunBound.gme Produto: Softnyx GunBound Project Descrição: GunBound Arquivo Versão: 0, 0, 2, 40 Produto Versão: 1, 0, 0, 1 Copyright: Copyright ⓒ Softnyx, 2002 VirusTotal: https://www.virustotal.com/gui/file/8e30d556d74b81548d1ffe7a9009a29abca43294717902ee4cae3372c553b3fc/detection/f-8e30d556d74b81548d1ffe7a9009a29abca43294717902ee4cae3372c553b3fc-1692804020 ====== Fim de File: ====== ========= Batch: ========= 䄀爀焀甀椀瘀漀 渀쎣o encontrado ========= Fim de Batch: ========= "C:\Perform\system.vbs" => não encontrado (a) C:\Netframework.4.5.2\Audio system.vbs => movido com sucesso "C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk" => não encontrado (a) C:\Program Files\cmclient\CMClient.exe => movido com sucesso "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TeamsMachineInstaller" => removido (a) com sucesso. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removido (a) com sucesso. C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk => movido com sucesso "C:\Netframework.4.5.2\Audio system.vbs" => não encontrado (a) C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk => movido com sucesso "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F1CB6D7-D0C5-4360-91AC-6910659D9ED3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F1CB6D7-D0C5-4360-91AC-6910659D9ED3}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\amwebapitriggertask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\amwebapitriggertask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED067E53-E15E-4105-8A4A-899F205EEBD4}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED067E53-E15E-4105-8A4A-899F205EEBD4}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\datupdatetask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\datupdatetask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55D107C6-901C-4424-8F3C-ABF145A479F7}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55D107C6-901C-4424-8F3C-ABF145A479F7}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\mcpcoscanner => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\mcpcoscanner" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FFFABC0-6266-4279-A4D8-6F42D0EEB1E5}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FFFABC0-6266-4279-A4D8-6F42D0EEB1E5}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\NGMCadence => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\NGMCadence" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A02431B2-42B3-4F0A-B3DB-B94C4234BBD4}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A02431B2-42B3-4F0A-B3DB-B94C4234BBD4}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\odsscheduledtask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\odsscheduledtask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{01F7E411-E886-4B44-AD3E-FADF0993632B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F7E411-E886-4B44-AD3E-FADF0993632B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\systemrebootedtask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\systemrebootedtask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A40AAC01-48B9-4BA1-A2BB-F804D23E27F0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A40AAC01-48B9-4BA1-A2BB-F804D23E27F0}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{861C1CE1-0795-41E6-8580-64FDB8E95C30}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{861C1CE1-0795-41E6-8580-64FDB8E95C30}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{110FE0D4-14E2-40BC-BDD5-69B7F0FE89F0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{110FE0D4-14E2-40BC-BDD5-69B7F0FE89F0}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40BED165-CD79-4218-94BD-1A1A62C8BB25}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40BED165-CD79-4218-94BD-1A1A62C8BB25}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Verification" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B24477D-BB12-4687-8FC2-AF343EEBAFC5}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B24477D-BB12-4687-8FC2-AF343EEBAFC5}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A85DBD9-2607-4BA0-A34A-C8AA8EE809BF}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A85DBD9-2607-4BA0-A34A-C8AA8EE809BF}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B873C9A-4E90-4485-AB27-DEEA15A381E2}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B873C9A-4E90-4485-AB27-DEEA15A381E2}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B47DF9F1-BC83-4320-AC7A-9D2601BC7F4D}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B47DF9F1-BC83-4320-AC7A-9D2601BC7F4D}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D96B710F-5C35-441B-9775-871BDAF9E31B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D96B710F-5C35-441B-9775-871BDAF9E31B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F95AD09B-A64C-487C-A97B-48A8F0BE6777}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F95AD09B-A64C-487C-A97B-48A8F0BE6777}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CFA7857-B1EF-43B2-ACDE-C13F0579B427}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFA7857-B1EF-43B2-ACDE-C13F0579B427}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66E3EADB-E4FA-4E77-89E8-7758C5DE92B0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66E3EADB-E4FA-4E77-89E8-7758C5DE92B0}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{302A1CF7-4890-4F79-99A5-BC0C51BBA18A}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{302A1CF7-4890-4F79-99A5-BC0C51BBA18A}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E4EEE33-4788-4B24-8B78-1F25937A338B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E4EEE33-4788-4B24-8B78-1F25937A338B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001" => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => removido (a) com sucesso. ========= netsh advfirewall reset ========= Ok. ========= Fim de CMD: ========= ========= DISM /Online /Cleanup-Image /RestoreHealth ========= Ferramenta de Gerenciamento e Manuten‡Æo de Imagens de Implanta‡Æo VersÆo: 10.0.22621.1 VersÆo da Imagem: 10.0.22621.2283 [== 3.8% ] [== 4.6% ] [=== 5.6% ] [=== 6.6% ] [==== 7.5% ] [==== 8.5% ] [===== 9.4% ] [====== 10.4% ] [====== 11.4% ] [======= 12.4% ] [======= 13.4% ] [======== 14.3% ] [======== 15.3% ] [========= 16.3% ] [========== 17.3% ] [========== 18.3% ] [=========== 19.2% ] [=========== 20.2% ] [============ 20.8% ] [============ 21.8% ] [============ 22.3% ] [============= 22.5% ] [============= 23.1% ] [============= 24.1% ] [============== 25.1% ] [=============== 26.0% ] [=============== 27.0% ] [================ 28.0% ] [================ 28.7% ] [================= 29.7% ] [================= 30.6% ] [================== 31.5% ] [================== 32.5% ] [=================== 33.4% ] [=================== 34.4% ] [==================== 35.3% ] [==================== 35.9% ] [==================== 36.1% ] [===================== 37.1% ] [====================== 38.0% ] [====================== 39.0% ] [======================= 40.0% ] [======================= 40.4% ] [======================= 40.7% ] [======================= 41.3% ] [======================== 41.6% ] [======================== 42.3% ] [======================== 43.0% ] [========================= 43.9% ] [========================= 44.5% ] [========================== 45.3% ] [========================== 46.3% ] [===========================47.2% ] [===========================48.2% ] [===========================49.2% ] [===========================50.2% ] [===========================51.2% ] [===========================52.2% ] [===========================53.1% ] [===========================53.3% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.3% ] [===========================54.4% ] [===========================54.5% ] [===========================54.9% ] [===========================54.9% ] [===========================55.1% ] [===========================55.2% ] [===========================55.3% ] [===========================55.4% ] [===========================55.5% ] [===========================55.5% ] [===========================55.6% ] [===========================55.7% ] [===========================55.8% ] [===========================55.9% ] [===========================56.1% ] [===========================56.5% ] [===========================56.5% ] [===========================56.8% ] [===========================56.8% ] [===========================57.1%= ] [===========================57.1%= ] [===========================57.2%= ] [===========================57.9%= ] [===========================58.9%== ] [===========================59.5%== ] [===========================59.5%== ] [===========================62.3%==== ] [===========================77.4%============ ] [===========================84.9%================= ] [==========================100.0%==========================] Opera‡Æo de restaura‡Æo conclu¡da com ˆxito. A opera‡Æo foi conclu¡da com ˆxito. ========= Fim de CMD: ========= ========= SFC /scannow ========= Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído. Iniciando fase de verificação de verificação do sistema. Verificação 0% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 100% concluída. A Proteção de Recursos do Windows não encontrou nenhuma violação de integridade. ========= Fim de CMD: ========= ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== FlushDNS => completado BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10667484 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 48619193 B Windows/system/drivers => 73792080 B Edge => 0 B Chrome => 1314481897 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 7714072 B systemprofile32 => 7714072 B LocalService => 7742200 B NetworkService => 7742200 B guilh => 211437855 B RecycleBin => 1981414641 B EmptyTemp: => 3.4 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 08:34:18 ====
  5. Guilherme Vermelho
    Bom dia, Seguem os logs: Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2023 Executado por guilh (administrador) em GUIVERMELHO (Acer Nitro AN515-58) (03-10-2023 08:24:11) Executando a partir de C:\Users\guilh\Desktop\FRST64.exe Perfis Carregados: guilh Plataforma: Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) Idioma: Português (Brasil) Navegador padrão: Chrome Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Adobe Inc. -> Adobe Systems Inc.) [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe (C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe (cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE (drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe (DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_helper.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome.exe <39> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2> (Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_734ca279c9cf8df2\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_89d541b5fe7b9dc6\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_670360bdb5a40a0d\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe (services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe <2> (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe <3> (svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\neo\core\mc-neo-host.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.2061_none_e9764a2042bb8e95\TiWorker.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe [1673008 2023-05-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) [Arquivo não assinado] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142222176 2023-04-21] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Google Update] => "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" (Nenhum Arquivo) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc) Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk [2023-09-18] ShortcutTarget: Audio system.lnk -> C:\Netframework.4.5.2\Audio system.vbs () [Arquivo não assinado] Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2023-09-27] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ================= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {5F1CB6D7-D0C5-4360-91AC-6910659D9ED3} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {ED067E53-E15E-4105-8A4A-899F205EEBD4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {55D107C6-901C-4424-8F3C-ABF145A479F7} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {6FFFABC0-6266-4279-A4D8-6F42D0EEB1E5} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A02431B2-42B3-4F0A-B3DB-B94C4234BBD4} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {01F7E411-E886-4B44-AD3E-FADF0993632B} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A40AAC01-48B9-4BA1-A2BB-F804D23E27F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {861C1CE1-0795-41E6-8580-64FDB8E95C30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {110FE0D4-14E2-40BC-BDD5-69B7F0FE89F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {40BED165-CD79-4218-94BD-1A1A62C8BB25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2B24477D-BB12-4687-8FC2-AF343EEBAFC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {8A85DBD9-2607-4BA0-A34A-C8AA8EE809BF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation) Task: {8B873C9A-4E90-4485-AB27-DEEA15A381E2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B47DF9F1-BC83-4320-AC7A-9D2601BC7F4D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D96B710F-5C35-441B-9775-871BDAF9E31B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F95AD09B-A64C-487C-A97B-48A8F0BE6777} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2CFA7857-B1EF-43B2-ACDE-C13F0579B427} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {66E3EADB-E4FA-4E77-89E8-7758C5DE92B0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {302A1CF7-4890-4F79-99A5-BC0C51BBA18A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4E4EEE33-4788-4B24-8B78-1F25937A338B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 181.213.132.2 181.213.132.3 Tcpip\..\Interfaces\{48c4d171-290d-4b41-b940-f739f8dc8093}: [DhcpNameServer] 181.213.132.2 181.213.132.3 Edge: ======= Edge Profile: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-03] Edge Extension: (Documentos Google off-line) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26] Edge Extension: (Edge relevant text changes) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-26] FireFox: ======== FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default [2023-10-03] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-09-29] CHR Extension: (Adobe Acrobat: ferramentas para editar, converter e assinar PDFs) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-26] CHR Extension: (McAfee® WebAdvisor) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-09-26] CHR Extension: (Google Docs offline) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26] CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-26] CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-26] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] Opera: ======= OPR DefaultProfile: Opera Stable OPR Profile: C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable [2023-09-27] OPR Extension: (Rich Hints Agent) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-09-12] OPR Extension: (Opera Wallet) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-09-12] OPR Extension: (Aria) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-09-12] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe [543888 2022-02-02] (Intel Corporation -> Intel Corporation) R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) S2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5f98233769cf65a5\AS\IAS\IntelAudioService.exe [539992 2023-08-22] (Intel Corporation -> Intel) R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe [2781312 2023-08-22] (Intel Corporation -> Intel Corporation) S3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2423160 2022-03-28] (Intel Corporation -> Intel) R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2883448 2022-03-28] (Intel Corporation -> Intel) R3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe [2310472 2023-09-12] (McAfee, LLC -> McAfee, LLC) S3 mc-wps-update; C:\Program Files\McAfee\WPS\1.11.279.1\mc-update.exe [5075896 2023-09-12] (McAfee, LLC -> McAfee, LLC) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-19] (McAfee, LLC -> McAfee, LLC) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) S3 PSSvc; C:\Program Files\Acer\NitroSense Service\PSSvc.exe [867176 2023-01-05] (Acer Incorporated -> Acer Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [36800 2022-05-31] (Acer Incorporated -> Acer Incorporated) S3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_e63a1a6682c5eed2\e2k68cx21x64.sys [619408 2022-03-08] (Realtek Semiconductor Corp. -> Realtek) R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2023-08-22] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2023-08-22] (Intel Corporation -> Intel Corporation) R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_5d49b801c1e48609\IntcUSB.sys [941976 2023-08-22] (Intel Corporation -> Intel(R) Corporation) R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_6808233353fa1d56\ipf_acpi.sys [87168 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_cpu.sys [80512 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_lf.sys [445056 2023-08-22] (Intel Corporation -> Intel Corporation) R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [175848 2022-03-28] (Intel Corporation -> Rivet Networks, LLC.) S0 mfeelam; C:\Windows\System32\DRIVERS\mfeelam.sys [18400 2023-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R0 mfesec; C:\Windows\System32\DRIVERS\mfesec.sys [82696 2023-09-12] (McAfee, LLC -> McAfee, LLC) R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation) R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [243768 2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation) S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-09-17] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-09-05] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-05] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-10-03 08:24 - 2023-10-03 08:24 - 000024227 _____ C:\Users\guilh\Desktop\FRST.txt 2023-10-02 12:17 - 2023-10-02 12:17 - 005269765 _____ C:\Users\guilh\Desktop\LAUDO_DE_VISTROTIA_DE_ENTRADA_AV_SANTA_MARINA,_1588_-_APTO_16_BL02_.docx 1.pdf 2023-10-02 10:35 - 2023-10-02 10:35 - 000095385 _____ C:\Users\guilh\Downloads\PROPOSTA EFETIVADA.pdf 2023-10-02 08:48 - 2023-10-02 08:48 - 000163050 _____ C:\Users\guilh\Downloads\00 INFORMAÇÕES ASSOCIAR AO CLUBE DO BOSQUE 2023.pdf 2023-10-02 08:48 - 2023-10-02 08:48 - 000163050 _____ C:\Users\guilh\Downloads\00 INFORMAÇÕES ASSOCIAR AO CLUBE DO BOSQUE 2023 (1).pdf 2023-10-02 08:47 - 2023-10-02 08:47 - 000162562 _____ C:\Users\guilh\Desktop\Huahai Edoxaban Ethyl p-toluene sulfonate impurity evaluation.pdf 2023-10-02 08:29 - 2023-10-02 08:29 - 000732744 _____ C:\Windows\system32\prfh0416.dat 2023-10-02 08:29 - 2023-10-02 08:29 - 000146898 _____ C:\Windows\system32\prfc0416.dat 2023-10-02 08:18 - 2023-10-03 08:22 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2023-09-28 19:03 - 2023-09-28 19:03 - 001261502 _____ C:\Users\guilh\Downloads\Unidad 6.pdf 2023-09-28 16:59 - 2023-09-28 16:59 - 000066785 _____ C:\Users\guilh\Downloads\GpqytvF7i9Q 2023-09-28 16:55 - 2023-09-28 16:55 - 001325790 _____ C:\Users\guilh\Desktop\Vistoria.pdf 2023-09-27 18:45 - 2023-09-27 18:45 - 000000012 _____ C:\Windows\setlist.txt 2023-09-27 18:34 - 2023-09-27 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GitzWC 2023-09-27 18:33 - 2023-09-29 13:27 - 000000000 ____D C:\GitzWC 2023-09-27 18:31 - 2023-09-27 18:31 - 545525368 _____ (GitzWC, Inc. ) C:\Users\guilh\Downloads\Gitz_World_Champion_09.07.2023.exe 2023-09-27 16:28 - 2023-09-27 16:28 - 000000000 ____D C:\Program Files (x86)\Outbyte 2023-09-27 16:09 - 2023-09-27 16:27 - 000000000 ____D C:\Windows\system32\Tasks\Outbyte 2023-09-27 16:07 - 2023-09-27 16:08 - 026190888 _____ (Outbyte) C:\Users\guilh\Downloads\outbyte-pc-repair.exe 2023-09-27 15:02 - 2023-09-27 15:03 - 026190888 _____ (Outbyte) C:\Users\guilh\Downloads\Audio_exe-outbyte-pc-repair.exe 2023-09-27 12:51 - 2023-09-27 12:51 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 2023-09-26 14:58 - 2023-09-27 08:09 - 000000000 ____D C:\Users\guilh\AppData\Local\NVIDIA Corporation 2023-09-26 14:58 - 2023-09-26 14:58 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000000000 ____D C:\Users\guilh\ansel 2023-09-26 14:58 - 2023-09-26 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2023-09-26 14:58 - 2023-01-20 13:45 - 002904632 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2023-09-26 14:58 - 2023-01-20 13:45 - 002234920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2023-09-26 14:58 - 2023-01-20 13:45 - 001297464 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll 2023-09-26 14:58 - 2023-01-12 23:34 - 000086568 _____ C:\Windows\system32\FvSDK_x64.dll 2023-09-26 14:58 - 2023-01-12 23:34 - 000075304 _____ C:\Windows\SysWOW64\FvSDK_x86.dll 2023-09-26 14:58 - 2022-12-13 06:27 - 000169512 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2023-09-26 14:58 - 2022-12-13 06:27 - 000148520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2023-09-26 14:57 - 2023-09-26 14:57 - 131458368 _____ (NVIDIA Corporation) C:\Users\guilh\Downloads\GeForce_Experience_v3.27.0.112.exe 2023-09-26 14:57 - 2023-09-26 14:57 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:57 - 2023-09-26 14:57 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:57 - 2022-10-14 04:06 - 000059928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2023-09-26 14:57 - 2022-07-13 20:32 - 000060112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2023-09-26 13:52 - 2023-09-26 13:52 - 000000000 ____D C:\Users\guilh\AppData\Local\UnrealEngine 2023-09-26 13:52 - 2023-09-26 13:52 - 000000000 ____D C:\Users\guilh\AppData\Local\StateOfDecay2 2023-09-26 13:33 - 2023-09-26 13:33 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2023-09-26 11:35 - 2023-09-26 11:35 - 000000000 ____D C:\ProgramData\Tencent 2023-09-26 11:34 - 2023-09-26 11:34 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Tencent 2023-09-26 11:34 - 2023-09-26 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeChat 2023-09-26 11:33 - 2023-09-26 11:33 - 000000000 ____D C:\Program Files\Tencent 2023-09-26 11:30 - 2023-09-26 11:31 - 000000000 ____D C:\Users\guilh\AppData\Roaming\iTop Data Recovery 2023-09-26 11:30 - 2023-09-26 11:30 - 000000000 ____D C:\ProgramData\ProductData3 2023-09-26 11:29 - 2023-09-26 11:29 - 028452408 _____ (IObit ) C:\Users\guilh\Downloads\iobituninstaller.exe 2023-09-26 11:20 - 2023-09-26 11:20 - 000114088 _____ C:\Users\guilh\Downloads\darf.pdf 2023-09-26 11:19 - 2023-09-28 16:55 - 000000000 ____D C:\Users\guilh\AppData\LocalLow\Temp 2023-09-26 11:05 - 2023-10-03 08:24 - 000000000 ____D C:\FRST 2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Downloads\FRST64.exe 2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Desktop\FRST64.exe 2023-09-26 11:01 - 2023-09-26 11:01 - 000011461 _____ C:\Users\guilh\Desktop\ZHPCleaner (R).html 2023-09-26 11:00 - 2023-09-26 11:00 - 000011172 _____ C:\Users\guilh\Desktop\ZHPCleaner (S).html 2023-09-26 10:51 - 2023-09-26 11:01 - 000000000 ____D C:\Users\guilh\AppData\Roaming\ZHP 2023-09-26 10:51 - 2023-09-26 10:52 - 000000875 _____ C:\Users\guilh\Desktop\ZHPCleaner.lnk 2023-09-26 10:51 - 2023-09-26 10:51 - 003343008 _____ (Nicolas Coolman) C:\Users\guilh\Downloads\ZHPCleaner.exe 2023-09-26 10:51 - 2023-09-26 10:51 - 000000000 ____D C:\Users\guilh\AppData\Local\ZHP 2023-09-26 10:46 - 2023-09-26 10:50 - 000000000 ____D C:\AdwCleaner 2023-09-26 10:44 - 2023-09-26 10:44 - 008791352 _____ (Malwarebytes) C:\Users\guilh\Downloads\adwcleaner.exe 2023-09-26 10:43 - 2023-09-26 13:26 - 000000000 ____D C:\Users\guilh\AppData\Local\Steam 2023-09-26 10:42 - 2023-09-27 18:38 - 000000000 ____D C:\Program Files (x86)\Steam 2023-09-26 10:42 - 2023-09-26 10:42 - 002296488 _____ C:\Users\guilh\Downloads\SteamSetup.exe 2023-09-26 10:42 - 2023-09-26 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2023-09-26 06:54 - 2023-09-26 06:54 - 004847296 _____ (Husdawg, LLC) C:\Users\guilh\Downloads\Detection.exe 2023-09-22 16:20 - 2023-09-22 16:20 - 002601711 _____ C:\Users\guilh\Downloads\USO DE MÉTODOS OFICIAIS_DIURNO.pdf 2023-09-20 16:32 - 2023-09-20 16:32 - 000082065 _____ C:\Users\guilh\Downloads\extrato_conta.pdf 2023-09-13 08:23 - 2023-09-13 08:23 - 000000000 ____D C:\Users\guilh\Documents\Modelos Personalizados do Office 2023-09-13 08:22 - 2023-09-13 08:22 - 000560409 _____ C:\Users\guilh\Downloads\3- 2023 Lista Consolidada DCB jul.xlsx 2023-09-12 19:05 - 2023-10-02 16:15 - 000000000 ____D C:\Users\guilh\AppData\Local\CrashDumps 2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files\EaseUS 2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files (x86)\EaseUS 2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\Users\guilh\AppData\Local\Opera Software 2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\ProgramData\SystemAcCrux 2023-09-12 19:05 - 2022-12-29 13:34 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\EPMVolFl0.sys 2023-09-12 19:04 - 2023-09-12 19:05 - 077004880 _____ (EaseUS ) C:\Users\guilh\Downloads\epm17.9_free_B.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 001966984 _____ C:\Users\guilh\Downloads\epm_free_installer.793248.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 001767600 _____ ( ) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer_R-sI6W1.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 000098304 _____ (Hewlett-Packard Company) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Opera Software 2023-09-12 19:00 - 2023-09-12 18:59 - 000082696 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfesec.sys 2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\WPSInstallerTemp1 2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2023-09-07 10:46 - 2023-09-07 10:46 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\PowerPoint 2023-09-07 09:49 - 2023-10-02 09:06 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Excel 2023-09-06 10:49 - 2023-09-06 10:49 - 000120029 _____ C:\Users\guilh\Downloads\Escitalopram.pdf 2023-09-05 09:44 - 2023-09-21 08:25 - 000003446 _____ C:\Windows\SysWOW64\pubfreeware.ini 2023-09-05 09:14 - 2023-09-05 09:14 - 000000000 ____D C:\Users\guilh\AppData\Local\McAfee ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-10-03 08:22 - 2023-08-22 20:49 - 000000000 ____D C:\ProgramData\NVIDIA 2023-10-03 08:22 - 2023-08-22 20:42 - 000000000 ___RD C:\Users\guilh\OneDrive 2023-10-03 08:22 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-10-03 08:22 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\AppReadiness 2023-10-03 08:22 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-10-02 15:19 - 2023-08-22 21:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2023-10-02 15:19 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemTemp 2023-10-02 09:46 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\D3DSCache 2023-10-02 09:44 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps 2023-10-02 09:02 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Word 2023-10-02 08:29 - 2023-08-22 20:47 - 001682102 _____ C:\Windows\system32\PerfStringBackup.INI 2023-10-02 08:29 - 2022-05-07 02:22 - 000000000 ____D C:\Windows\INF 2023-10-02 08:21 - 2023-08-22 20:33 - 000012288 ___SH C:\DumpStack.log.tmp 2023-10-02 08:21 - 2023-08-22 20:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-10-02 08:21 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ServiceState 2023-10-02 08:21 - 2022-05-07 02:17 - 000524288 _____ C:\Windows\system32\config\BBI 2023-10-02 08:19 - 2023-08-22 20:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-29 08:01 - 2023-08-22 21:22 - 000000000 ____D C:\ProgramData\ProductData 2023-09-28 10:25 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\Packages 2023-09-27 15:15 - 2022-05-07 02:17 - 000000000 ____D C:\Windows\CbsTemp 2023-09-27 14:48 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Office 2023-09-27 14:18 - 2023-08-22 21:35 - 000000000 ___HD C:\Perform 2023-09-26 15:00 - 2023-08-22 20:49 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2023-09-26 14:58 - 2023-08-22 21:15 - 000000000 ____D C:\Users\guilh\AppData\Local\NVIDIA 2023-09-26 14:58 - 2023-08-22 20:49 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2023-09-26 14:58 - 2023-08-22 20:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2023-09-26 14:58 - 2023-08-22 20:39 - 000000000 ____D C:\Users\guilh 2023-09-26 13:51 - 2023-08-22 20:47 - 000000000 ____D C:\ProgramData\Package Cache 2023-09-26 11:35 - 2023-08-23 18:44 - 000000000 ____D C:\Users\guilh\Documents\WeChat Files 2023-09-26 11:31 - 2023-08-22 21:23 - 000000000 ____D C:\ProgramData\iTop 2023-09-26 11:30 - 2023-08-22 21:22 - 000000000 ____D C:\Program Files (x86)\IObit 2023-09-26 11:17 - 2023-08-22 21:21 - 000000000 ____D C:\ProgramData\IObit 2023-09-26 11:15 - 2023-08-22 21:12 - 000000000 ____D C:\ProgramData\Acer 2023-09-26 11:14 - 2023-08-23 18:33 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-09-26 11:01 - 2023-08-22 21:16 - 000000000 ____D C:\Users\guilh\AppData\Local\Google 2023-09-26 11:00 - 2023-08-22 21:18 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome 2023-09-26 10:50 - 2023-08-22 21:21 - 000000000 ____D C:\Users\guilh\AppData\Roaming\IObit 2023-09-26 10:50 - 2023-08-22 21:12 - 000000000 ____D C:\Program Files (x86)\Acer 2023-09-25 18:11 - 2023-08-22 20:35 - 000000000 ____D C:\ProgramData\Packages 2023-09-25 14:20 - 2023-08-22 21:51 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-09-20 19:15 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\NDF 2023-09-18 09:31 - 2023-08-22 21:35 - 000000000 ___HD C:\Netframework.4.5.2 2023-09-18 09:22 - 2023-08-23 00:27 - 000000000 ____D C:\Windows\system32\MRT 2023-09-18 09:20 - 2023-08-23 00:27 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-09-18 09:20 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\AppLocker 2023-09-18 09:19 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate 2023-09-17 22:36 - 2023-08-22 21:48 - 000000000 ____D C:\Program Files\Microsoft Office 2023-09-17 22:35 - 2023-08-22 20:33 - 000496264 _____ C:\Windows\system32\FNTCACHE.DAT 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\UUS 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemResources 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\oobe 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\Dism 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\appraiser 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellExperiences 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellComponents 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Provisioning 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\bcastdvr 2023-09-17 20:51 - 2023-08-22 20:37 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-09-17 20:46 - 2023-08-23 00:24 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2023-09-13 08:21 - 2023-08-22 22:11 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\UProof 2023-09-13 08:16 - 2023-09-01 18:53 - 000000000 ____D C:\ProgramData\McAfee 2023-09-13 08:15 - 2023-09-01 18:59 - 000000000 ____D C:\Program Files\McAfee 2023-09-12 20:49 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Registration 2023-09-12 19:04 - 2022-05-07 02:24 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-09-12 19:04 - 2022-05-07 02:17 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-09-12 19:03 - 2023-09-01 18:59 - 000000000 ____D C:\Windows\system32\Tasks\McAfee 2023-09-12 19:00 - 2023-08-22 21:16 - 000002498 _____ C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-09-05 10:09 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\Panther 2023-09-05 09:00 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\Drivers\wd ==================== Arquivos na raiz de alguns diretórios ======== 2023-09-01 18:53 - 2023-09-01 19:07 - 000000051 _____ () C:\Users\guilh\AppData\Roaming\MCVi2UserDetail.ini 2023-08-22 21:35 - 2023-08-22 21:35 - 000000410 _____ () C:\Users\guilh\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (03-10-2023 08:24:55) Executando a partir de C:\Users\guilh\Desktop Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) (2023-08-22 23:35:07) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-1468474341-1498967642-3512864176-500 - Administrator - Disabled) Convidado (S-1-5-21-1468474341-1498967642-3512864176-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1468474341-1498967642-3512864176-503 - Limited - Disabled) guilh (S-1-5-21-1468474341-1498967642-3512864176-1001 - Administrator - Enabled) => C:\Users\guilh WDAGUtilityAccount (S-1-5-21-1468474341-1498967642-3512864176-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: McAfee (Enabled - Up to date) {17E6E93C-6841-5FC7-DEB8-480FDC929279} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.) Coremail Client V4.0 version 4.0.1.699 (HKLM\...\CMClient_is1) (Version: 4.0.1.699 - ) Documentos (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\547329c748b021098adbb041e9997af7) (Version: 1.0 - Google\Chrome) Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.6.0 - IObit) DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated) Dynamic Application Loader Host Interface Service (HKLM\...\{B31B8E7F-3C96-4A05-887F-78F3DB1E2FC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden Gmail (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\a3baf68a4cbc856ea0b6f162cafbe8a3) (Version: 1.0 - Google\Chrome) Google Chrome (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC) Google Drive (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\92561bab538146c8d23631a9655f2def) (Version: 1.0 - Google\Chrome) Gunbound Gitz World Champion versão 12 (HKLM-x32\...\{86521E8E-7AE9-41BA-9C01-ABA51C86DC43}_is1) (Version: 12 - GitzWC, Inc.) Intel(R) Chipset Device Software (HKLM\...\{B7BE54CB-2BAB-458E-99FF-46067A9D451E}) (Version: 10.1.18950.8297 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{128196ab-db0f-4c9e-b603-9c8d8b59934d}) (Version: 10.1.18950.8297 - Intel(R) Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2239.3.33.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{6633DA0D-F56A-42E4-9599-D37A640CAF36}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{C71B56FC-8255-4226-B3E4-6B81288A6A0B}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) ME WMI Provider (HKLM\...\{64528C16-C80F-4935-AF3A-946B86EB3EEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden McAfee (HKLM\...\McAfee.WPS) (Version: 1.11.279.1 - McAfee, LLC) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft 365 Apps para Grandes Empresas - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Teams) (Version: 1.6.00.11166 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden NitroSense Service (HKLM\...\{6FC78E80-6385-43D6-8A43-FA80094F1A2E}) (Version: 3.01.3052 - Acer Incorporated) NVIDIA Driver de áudio HD 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation) NVIDIA Driver de gráficos 512.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.74 - NVIDIA Corporation) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9309.1 - Realtek Semiconductor Corp.) Sheets (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\729e688ab6880be61f3228ca532f5f97) (Version: 1.0 - Google\Chrome) Slides (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\7457603eb1d7d66885433bf216ff532c) (Version: 1.0 - Google\Chrome) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.11166 - Microsoft Corporation) WebAdvisor da McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.836 - McAfee, LLC) WeChat (HKLM-x32\...\WeChat) (Version: 3.9.6.33 - 腾讯科技(深圳)有限公司) WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH) YouTube (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\63c9d49a6b2c600986bb89cb0948ddcd) (Version: 1.0 - Google\Chrome) Packages: ========= Acer Purified Voice Console (R) -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPurifiedVoiceConsoleR_1.0.5.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated) AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt [2023-09-17] (INTEL CORP) [Startup Task] Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3054.0_x64__48frkmn4z8aw4 [2023-08-22] (Acer Incorporated) Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-23] (Microsoft Corporation) DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2023.3.13.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.) DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.14.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.) Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1122.329.0_x64__rh07ty8m5nkag [2023-08-22] (Rivet Networks LLC) [Startup Task] McAfee® Security -> C:\Program Files\McAfee\WPS\1.11.279.1 [2023-09-12] () Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.) Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation) NitroSense_V31 -> C:\Program Files\WindowsApps\AcerIncorporated.NitroSenseV31_3.1.3052.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-22] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.294.0_x64__dt26b99r8h8gj [2023-09-05] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-01] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-29] (Spotify AB) [Startup Task] WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.) WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.986.611.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corp.) Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation) Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation) Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-17] (Microsoft Corporation) WinRAR -> C:\Program Files\WinRAR [2023-08-22] (win.rar GmbH) ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97}\localserver32 -> C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> ) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\guilh\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\116.0.5845.188\notification_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.292\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\guilh\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\nvshext.dll [2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Docs.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Documentos.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Gmail.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Google Drive.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Sheets.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Slides.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\YouTube.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ==================== Módulos Carregados (Whitelisted) ============= 2015-03-17 06:34 - 2015-03-17 06:34 - 000010240 _____ () [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\acrotray.ptb 2020-03-06 06:11 - 2020-03-06 06:11 - 000240640 _____ () [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pt_BR\Adobe Send\SendAsLinkX.PTB 2020-03-06 06:11 - 2020-03-06 06:11 - 000048128 _____ () [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pt_br\PDFMaker\PDFMOutlookAddin.PTB 2020-03-06 06:11 - 2020-03-06 06:11 - 000056320 _____ (Adobe Systems Incorporated) [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pt_br\Adobe Send\SendAsLinkAddin.PTB 2023-08-22 21:49 - 2023-08-22 21:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2023-08-22 21:49 - 2023-08-22 21:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\sharepoint.com -> hxxps://1bws5l-files.sharepoint.com ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2022-05-07 02:24 - 2022-05-07 02:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\guilh\Downloads\wallpaperbetter.com_1920x1080.jpg DNS Servers: 181.213.132.2 - 181.213.132.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{0DB1086F-4957-4369-93AC-390549F7BFDE}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{0C9C79F2-F01C-4673-86A8-CC036C066A5E}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{EDED9318-F314-42D9-8CC2-2B4B28C31208}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [UDP Query User{B66739E9-ED05-4110-969E-F71D1300A692}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{0B0B1317-5FE3-4B50-8C19-4EADEBC2417B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{C4FF3C49-FB51-4545-A9F4-93F3C96A4035}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{4299937C-71F9-4F65-998E-EEB79EF50591}C:\gitzwc\gitzgame.gme] => (Allow) C:\gitzwc\gitzgame.gme (Porsche Consulting Ltda -> Softnyx) FirewallRules: [UDP Query User{C56481BD-8DD6-4181-A32E-04D56A9E74F5}C:\gitzwc\gitzgame.gme] => (Allow) C:\gitzwc\gitzgame.gme (Porsche Consulting Ltda -> Softnyx) FirewallRules: [{D10FFBCD-A284-4B75-9A3D-7C87B4929D10}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C1302C81-1F1D-4050-A32A-B96DADAA38FE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5031A343-33F8-47E1-9212-B52796A35350}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3AC88E56-14E1-4C77-96DA-E92C3FBD8BFC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{EBB3B7C1-628E-4760-935E-1C9B5F27BCA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{B8050E1A-1353-40AD-AD24-A3F34AD34D42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E15779B8-E89D-4658-BAE8-0EA5A29BF0C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{270C1E7B-A12C-4E6B-8629-157B8AB62455}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6309F9B1-227B-407C-9F23-6FE3C8DD5075}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{DA762B30-FE27-4C94-B82B-3D7556781753}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F209C1EC-D0BE-40CB-BB83-BC14E874F270}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{D1535F5B-5CC0-4221-AE5C-F8CAD686D9ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{A90CCA73-BA19-4502-AFD6-B02C4CDE21E3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Pontos de Restauração ========================= 21-09-2023 08:25:40 Windows Update 21-09-2023 08:25:48 Windows Update 26-09-2023 11:00:27 ZHPcleaner 26-09-2023 11:30:53 WeChat restore point 27-09-2023 12:34:41 Restore Point Created by FRST 27-09-2023 14:18:15 Restore Point Created by FRST 27-09-2023 14:18:23 Restore Point Created by FRST 27-09-2023 15:15:22 Instalador de Módulos do Windows 27-09-2023 16:37:24 Ponto de restauração do PC Repair 27-09-2023 16:52:50 Ponto de restauração do PC Repair 29-09-2023 13:20:06 Restore Point Created by FRST 02-10-2023 08:20:49 Restore Point Created by FRST ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (10/02/2023 04:15:26 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23247.1113.2398.2671, carimbo de data/hora: 0x650d683e Nome do módulo com falha: msteamsupdate.exe, versão: 23247.1113.2398.2671, carimbo de data/hora: 0x650d683e Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000006885f ID do processo com falha: 0x0x41bc Hora de início do aplicativo com falha: 0x0x1d9f564bdee29e1 Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe ID do Relatório: 3d4de099-0812-4ede-87b6-8165389ff145 Nome completo do pacote com falha: MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (10/02/2023 01:48:02 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23247.1113.2398.2671, carimbo de data/hora: 0x650d683e Nome do módulo com falha: msteamsupdate.exe, versão: 23247.1113.2398.2671, carimbo de data/hora: 0x650d683e Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000063ddb ID do processo com falha: 0x0x2d3c Hora de início do aplicativo com falha: 0x0x1d9f55033e86f8e Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe ID do Relatório: 350fff20-bfb2-43c4-b195-f6d9361e5b3a Nome completo do pacote com falha: MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (10/02/2023 08:24:20 AM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x1194 Hora de início do aplicativo com falha: 0x0x1d9f52296237137 Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: 43a76586-9877-4ebd-9b98-ad9814b882d8 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (10/02/2023 08:20:49 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {713f0ae9-cfeb-4d0c-8d7d-096c18ee58a5} Error: (09/29/2023 02:53:56 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: gitzgame.gme, versão: 0.0.2.40, carimbo de data/hora: 0x7375705f Nome do módulo com falha: gitzgame.gme, versão: 0.0.2.40, carimbo de data/hora: 0x7375705f Código de exceção: 0xc0000005 Deslocamento da falha: 0x000c7df0 ID do processo com falha: 0x0x3fe4 Hora de início do aplicativo com falha: 0x0x1d9f2f1dc071904 Caminho do aplicativo com falha: C:\GitzWC\gitzgame.gme Caminho do módulo com falha: C:\GitzWC\gitzgame.gme ID do Relatório: 000f860f-0741-44a4-95a4-588e45966b5f Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/29/2023 01:26:36 PM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x37d4 Hora de início do aplicativo com falha: 0x0x1d9f2f179b23ce8 Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: dc950cca-75a5-456f-92c7-ab7af7179cf3 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/29/2023 01:24:30 PM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x3a18 Hora de início do aplicativo com falha: 0x0x1d9f2f0f3c95f60 Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: 892c248f-b10f-4db4-b182-da7023f72663 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/29/2023 01:21:00 PM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x114c Hora de início do aplicativo com falha: 0x0x1d9f2f0e6881fe3 Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: 19fd93f7-f6fb-4c18-9519-94fe79673c71 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Erros de Sistema: ============= Error: (10/03/2023 08:24:03 AM) (Source: DCOM) (EventID: 10010) (User: GUIVERMELHO) Description: O servidor {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/02/2023 08:24:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço McAfee Framework Host foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (10/02/2023 08:21:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: O serviço Intel(R) Audio Service terminou com o seguinte erro específico de serviço: A operação foi concluída com êxito. Error: (10/02/2023 08:21:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player terminou com o erro: Tentativa de fazer referência a uma token não existente. Error: (10/02/2023 08:21:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT) Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\IntelIHVRouter12.dll Error: (10/02/2023 08:21:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT) Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\IntelIHVRouter12.dll Error: (10/02/2023 08:21:04 AM) (Source: DCOM) (EventID: 10010) (User: GUIVERMELHO) Description: O servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/02/2023 08:21:04 AM) (Source: DCOM) (EventID: 10010) (User: GUIVERMELHO) Description: O servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} não se registrou no DCOM dentro do tempo limite necessário. Windows Defender: ================ Date: 2023-10-02 12:52:13 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {7F5E270C-D100-4D60-88D3-38CD655419B0} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2023-08-23 06:48:13 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Contebrew.A!ml&threatid=251873&enterprise=0 Nome: Program:Win32/Contebrew.A!ml Gravidade: Alto Categoria: Modificador de Configurações Caminho: file:_C:\Users\guilh\Downloads\Adobe.Acrobat.Pro.DC.v2022.001.20085.exe Origem da Detecção: Computador local Tipo da Detecção: FastPath Fonte da Detecção: Proteção em Tempo Real Usuário: GuiVermelho\guilh Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.395.1105.0, AS: 1.395.1105.0, NIS: 1.395.1105.0 Versão do Mecanismo: AM: 1.1.23070.1005, NIS: 1.1.23070.1005  CodeIntegrity: =============== Date: 2023-10-03 08:24:22 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.11.279.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: Insyde Corp. V2.05 04/12/2023 placa-mãe: ADL Jimny_ADH Processador: 12th Gen Intel(R) Core(TM) i5-12450H Percentagem de memória em uso: 73% RAM física total: 7901.05 MB RAM física disponível: 2054.71 MB Virtual Total: 12509.05 MB Virtual disponível: 4696.71 MB ==================== Drives ================================ Drive () (Fixed) (Total:397.15 GB) (Free:284.87 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS Drive d: (WINDRIVER) (Fixed) (Total:20 GB) (Free:5.64 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS \\?\Volume{babfb7f2-327b-47f8-bc2c-f4b7eabdc326}\ (EFI) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 0FC3CF86) Partition: GPT. ==================== Fim de Addition.txt =======================
  6. Guilherme Vermelho
    Bom dia, Segue o log. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (02-10-2023 08:20:48) Run:4 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: StartBatch: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig" /s reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s EndBatch: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========= Batch: ========= HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneDrive REG_SZ "C:\Program Files\Microsoft OneDrive\OneDrive.exe" /background Google Update REG_SZ "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D REG_SZ "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\state ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SecurityHealth REG_EXPAND_SZ %windir%\system32\SecurityHealthSystray.exe RtkAudUService REG_SZ "C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe" -background AdobeGCInvoker-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" AdobeAAMUpdater-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Acrobat Assistant 8.0 REG_SZ "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" TeamsMachineInstaller REG_EXPAND_SZ %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado. ========= Fim de Batch: ========= O sistema precisou ser reiniciado. ==== Fim de Fixlog 08:21:01 ====
  7. Guilherme Vermelho
    Olá, Não encontrei o botão de SEARCH ou BUSCAR no FRST64.exe. No programa só havia as opções ANALISAR, PESQUISAR ARQUIVOS, PESQUISAR REGISTRO e CORRIGIR. Realizei o mesmo procedimento da etapa anterior, clicando na opção de CORRIGIR. Ao finalizar o procedimento, o computador foi reiniciado e o erro Audio.exe persiste. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (29-09-2023 13:20:05) Run:3 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: StartBatch: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig" /s reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s EndBatch: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========= Batch: ========= HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneDrive REG_SZ "C:\Program Files\Microsoft OneDrive\OneDrive.exe" /background Google Update REG_SZ "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D REG_SZ "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\state ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SecurityHealth REG_EXPAND_SZ %windir%\system32\SecurityHealthSystray.exe RtkAudUService REG_SZ "C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe" -background AdobeGCInvoker-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" AdobeAAMUpdater-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Acrobat Assistant 8.0 REG_SZ "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" TeamsMachineInstaller REG_EXPAND_SZ %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado. ========= Fim de Batch: ========= O sistema precisou ser reiniciado. ==== Fim de Fixlog 13:20:16 ====
  8. Guilherme Vermelho
    Olá, Testei com as duas opções, PESQUISAR ARQUIVOS e PESQUISAR REGISTRO. Segue o Log do PESQUISAR ARQUIVOS Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (28-09-2023 14:20:13) Executando a partir de C:\Users\guilh\Desktop Modo da Inicialização: Normal ================== Pesquisar Arquivos: "SearchAll: audio.exe,grservices.exe" ============= Arquivo: ======== pasta: ======== Registro: ======== ====== Fim de Pesquisar ====== Segue o log do PESQUISAR REGISTRO Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (28-09-2023 14:23:51) Executando a partir de C:\Users\guilh\Desktop Modo da Inicialização: Normal ================== Pesquisar Registro: "SearchAll: audio.exe,grservices.exe" =========== ====== Fim de Pesquisar ======
  9. Guilherme Vermelho
    Olá, Não encontrei o botão de SEARCH ou BUSCAR no FRST64.exe. No programa só havia as opções ANALISAR, PESQUISAR ARQUIVOS, PESQUISAR REGISTRO e CORRIGIR. Realizei o mesmo procedimento da etapa anterior, clicando na opção de CORRIGIR. Ao finalizar o procedimento, o computador foi reiniciado e o erro Audio.exe persiste. Não recebi mais o erro "grservices.exe". Segue o log gerado: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (27-09-2023 14:18:14) Run:2 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: C:\Perform\system.vbs C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk SearchAll: audio.exe,grservices.exe CMD: ipconfig /flushdns CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. C:\Perform\system.vbs => movido com sucesso C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk => movido com sucesso SearchAll: audio.exe,grservices.exe => Erro: Nenhuma correção automática foi encontrada para esta entrada. ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= Ponto de Restauração criado com sucesso. O sistema precisou ser reiniciado. ==== Fim de Fixlog 14:18:28 ====
  10. Guilherme Vermelho
    Bom dia, Obrigado pela ajuda! Ao fim da correção o computador foi reiniciado e quando foi iniciado recebi as mesmas mensagens de erro. Segue o log gerado: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (27-09-2023 12:34:41) Run:1 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: File: C:\Perform\system.vbs File: C:\Netframework.4.5.2\Audio system.vbs File: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk File: C:\Program Files\cmclient\CMClient.exe HKLM-x32\...\Run: [] => [X] S2 ACCSvc; "C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe" [X] Task: {AB28516B-FCD3-481C-8EDA-D26FA8816B97} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (Nenhum Arquivo) Task: {03768D52-5397-46F6-9404-AC20EC436D5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Nenhum Arquivo) Task: {65532448-C145-49C5-B05D-389973E60B07} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {CF26937B-FE54-41A5-B8A3-D5986CF41D59} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {AF75F4D6-2296-498C-B976-586DCC5CFD9A} - System32\Tasks\audio system => C:\Perform\update.vbs (Nenhum Arquivo) Task: {0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D} - System32\Tasks\Driver Booster SkipUAC (guilh) => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\DriverBooster.exe [8966120 2023-07-27] (IObit CO., LTD -> IObit) Task: {1866B25B-8067-4F5F-8B61-D3B8888F581C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\AutoUpdate.exe [2516968 2023-06-13] (IObit CO., LTD -> IObit) Task: {C59F40E0-7B31-49F5-8CC4-8BF0537D2407} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Nenhum Arquivo) Task: {5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (Nenhum Arquivo) Task: {C8C25885-F528-475C-8C7D-C61CD10197D5} - System32\Tasks\iTop Summer Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopsump23.exe" /sum (Nenhum Arquivo) Task: {475868C0-5FC0-427B-B5AB-3472F6BF6892} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {88D56762-D568-4F5B-A809-C403A6C827A3} - System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\WPS\1.11.279.1\dad\mc-dad.exe [4379528 2023-09-12] (McAfee, LLC -> McAfee, LLC) Task: {C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A155A82B-9E51-48CF-A477-D10075016515} - System32\Tasks\McAfee\WPS\McAfee Sustainability => C:\Program Files\McAfee\WPS\1.11.279.1\sustainability\mc-sustainability.exe [778816 2023-09-12] (McAfee, LLC -> McAfee, LLC) Task: {5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {1283FDD0-291D-4775-A11D-2B6EE2D9A2DA} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {B54F2BA6-417F-437E-B81C-265EE5A1C6B3} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {56EFF8C7-F360-4B48-B402-1ABF6763AB84} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {2BB25299-DD12-4A55-A8F2-871A76A0A421} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2} Task: {7E4F884A-4B65-4572-95C8-75A72035EC76} - System32\Tasks\McAfee\WPS\WPSPush => \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe [819400 2023-09-12] (McAfee, LLC -> ) Task: {470FD3C7-F7B6-430C-9160-31C3D0723EF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {89DB786A-3BCD-4ED9-9A28-4E689B55B665} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {7DD50F2E-9467-4B35-8754-5F0DC7FB8A26} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {71136401-2E5A-477F-8C50-D95564CDEA05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {EA0F5D0F-DBA1-46DC-B35A-FE00325EF813} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-22] (Microsoft Corporation -> Microsoft Corporation) Task: {7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-09-17] (Microsoft Windows -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Nenhum Arquivo) Task: {A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3} - System32\Tasks\NitroSense => C:\Program Files\Acer\NitroSense Service\PSLauncher.exe [609640 2023-01-05] (Acer Incorporated -> Acer Incorporated) Task: {C937BDAE-E1AF-438E-BF9D-115E21D7BB91} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {EF5DDFC7-50BD-4989-B899-33CC98D12EA6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {4CB4A7E3-1E03-42BB-AE20-88C0F397B181} - System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\guilh\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {37E30BB7-8F3B-4D5D-AB99-07F690D33DCC} - System32\Tasks\Opera scheduled Autoupdate 1694556305 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo) Task: {1F1F8B45-A057-40EF-80B6-113D793A9A7A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-02] (Acer Incorporated -> Acer Incorporated) CMD: ipconfig /flushdns CMD: netsh advfirewall reset CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========================= File: C:\Perform\system.vbs ======================== C:\Perform\system.vbs Arquivo não assinado MD5: 41E008FA98C4431C4CEBEA068FC38D05 Data de criação e modificação: 2023-08-22 21:35 - 2022-03-31 01:58 Tamanho: 000000075 Atributos: ---AH Nome Da Empresa: Interno Nome: Original Nome: Produto: Descrição: Arquivo Versão: Produto Versão: Copyright: VirusTotal: https://www.virustotal.com/gui/file/f1693021ac9058a21c7c2836f38aa4c3e35c34cacb61ecbe6844ea46d3222a08/detection/f-f1693021ac9058a21c7c2836f38aa4c3e35c34cacb61ecbe6844ea46d3222a08-1694813476 ====== Fim de File: ====== ========================= File: C:\Netframework.4.5.2\Audio system.vbs ======================== C:\Netframework.4.5.2\Audio system.vbs Arquivo não assinado MD5: 261EBC81437C78656A3E089EEF3FBE0B Data de criação e modificação: 2023-08-22 21:35 - 2023-01-29 22:20 Tamanho: 000000146 Atributos: ----A Nome Da Empresa: Interno Nome: Original Nome: Produto: Descrição: Arquivo Versão: Produto Versão: Copyright: VirusTotal: https://www.virustotal.com/gui/file/b5fdf55c965f25abfc79009b5764106fbf9e55fa56f1d559b1a173e4850dc00e/detection/f-b5fdf55c965f25abfc79009b5764106fbf9e55fa56f1d559b1a173e4850dc00e-1692882467 ====== Fim de File: ====== ========================= File: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk ======================== C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk Arquivo não assinado MD5: 59E5E63C66D400F6C1AF35DCC1C7702A Data de criação e modificação: 2023-08-22 21:35 - 2023-09-18 09:41 Tamanho: 000000740 Atributos: ----A Nome Da Empresa: Interno Nome: Original Nome: Produto: Descrição: Arquivo Versão: Produto Versão: Copyright: VirusTotal: 0 ====== Fim de File: ====== ========================= File: C:\Program Files\cmclient\CMClient.exe ======================== C:\Program Files\cmclient\CMClient.exe O arquivo é assinado digitalmente MD5: FA953E3714AE54DF88FF18B90220F4BA Data de criação e modificação: 2023-08-22 22:05 - 2023-07-29 15:25 Tamanho: 033426480 Atributos: ----A Nome Da Empresa: 广东盈世计算机科技有限公司 -> Interno Nome: Original Nome: Produto: Descrição: Arquivo Versão: Produto Versão: Copyright: VirusTotal: https://www.virustotal.com/gui/file/0ba87b1eb30d56e221479368568e6d6e9f13148e2d3bcd2f43a11daf18e228ac/detection/f-0ba87b1eb30d56e221479368568e6d6e9f13148e2d3bcd2f43a11daf18e228ac-1693544730 ====== Fim de File: ====== "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\ACCSvc => removido (a) com sucesso. ACCSvc => o serviço removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB28516B-FCD3-481C-8EDA-D26FA8816B97}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB28516B-FCD3-481C-8EDA-D26FA8816B97}" => removido (a) com sucesso. C:\Windows\System32\Tasks\ACC => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACC" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03768D52-5397-46F6-9404-AC20EC436D5C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03768D52-5397-46F6-9404-AC20EC436D5C}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65532448-C145-49C5-B05D-389973E60B07}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65532448-C145-49C5-B05D-389973E60B07}" => removido (a) com sucesso. C:\Windows\System32\Tasks\AdobeGCInvoker-1.0 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF26937B-FE54-41A5-B8A3-D5986CF41D59}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF26937B-FE54-41A5-B8A3-D5986CF41D59}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe-Genuine-Software-Integrity-Scheduler-1.0" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AF75F4D6-2296-498C-B976-586DCC5CFD9A}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF75F4D6-2296-498C-B976-586DCC5CFD9A}" => removido (a) com sucesso. C:\Windows\System32\Tasks\audio system => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\audio system" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Driver Booster SkipUAC (guilh) => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (guilh)" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1866B25B-8067-4F5F-8B61-D3B8888F581C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1866B25B-8067-4F5F-8B61-D3B8888F581C}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Driver Booster Update => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C59F40E0-7B31-49F5-8CC4-8BF0537D2407}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C59F40E0-7B31-49F5-8CC4-8BF0537D2407}" => removido (a) com sucesso. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50}" => removido (a) com sucesso. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8C25885-F528-475C-8C7D-C61CD10197D5}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8C25885-F528-475C-8C7D-C61CD10197D5}" => removido (a) com sucesso. C:\Windows\System32\Tasks\iTop Summer Task (One-Time) => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTop Summer Task (One-Time)" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{475868C0-5FC0-427B-B5AB-3472F6BF6892}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{475868C0-5FC0-427B-B5AB-3472F6BF6892}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\amwebapitriggertask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\amwebapitriggertask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88D56762-D568-4F5B-A809-C403A6C827A3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D56762-D568-4F5B-A809-C403A6C827A3}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\DAD.WPS.Execute.Updates" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\datupdatetask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\datupdatetask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A155A82B-9E51-48CF-A477-D10075016515}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A155A82B-9E51-48CF-A477-D10075016515}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\McAfee Sustainability => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Sustainability" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\mcpcoscanner => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\mcpcoscanner" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1283FDD0-291D-4775-A11D-2B6EE2D9A2DA}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1283FDD0-291D-4775-A11D-2B6EE2D9A2DA}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\NGMCadence => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\NGMCadence" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B54F2BA6-417F-437E-B81C-265EE5A1C6B3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B54F2BA6-417F-437E-B81C-265EE5A1C6B3}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\odsscheduledtask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\odsscheduledtask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{56EFF8C7-F360-4B48-B402-1ABF6763AB84}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56EFF8C7-F360-4B48-B402-1ABF6763AB84}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\systemrebootedtask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\systemrebootedtask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BB25299-DD12-4A55-A8F2-871A76A0A421}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB25299-DD12-4A55-A8F2-871A76A0A421}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\Update => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\Update" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E4F884A-4B65-4572-95C8-75A72035EC76}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E4F884A-4B65-4572-95C8-75A72035EC76}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\WPSPush => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\WPSPush" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{470FD3C7-F7B6-430C-9160-31C3D0723EF0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{470FD3C7-F7B6-430C-9160-31C3D0723EF0}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89DB786A-3BCD-4ED9-9A28-4E689B55B665}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89DB786A-3BCD-4ED9-9A28-4E689B55B665}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DD50F2E-9467-4B35-8754-5F0DC7FB8A26}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DD50F2E-9467-4B35-8754-5F0DC7FB8A26}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{71136401-2E5A-477F-8C50-D95564CDEA05}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71136401-2E5A-477F-8C50-D95564CDEA05}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA0F5D0F-DBA1-46DC-B35A-FE00325EF813}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA0F5D0F-DBA1-46DC-B35A-FE00325EF813}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Performance Monitor => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Performance Monitor" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppxDeploymentClient\UCPD velocity" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NitroSense => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NitroSense" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C937BDAE-E1AF-438E-BF9D-115E21D7BB91}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C937BDAE-E1AF-438E-BF9D-115E21D7BB91}" => removido (a) com sucesso. C:\Windows\System32\Tasks\OneDrive Per-Machine Standalone Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Per-Machine Standalone Update Task" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF5DDFC7-50BD-4989-B899-33CC98D12EA6}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF5DDFC7-50BD-4989-B899-33CC98D12EA6}" => removido (a) com sucesso. C:\Windows\System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CB4A7E3-1E03-42BB-AE20-88C0F397B181}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB4A7E3-1E03-42BB-AE20-88C0F397B181}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1694556311" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37E30BB7-8F3B-4D5D-AB99-07F690D33DCC}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E30BB7-8F3B-4D5D-AB99-07F690D33DCC}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1694556305 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1694556305" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F1F8B45-A057-40EF-80B6-113D793A9A7A}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F1F8B45-A057-40EF-80B6-113D793A9A7A}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Software Update Application => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Update Application" => removido (a) com sucesso. ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Fim de CMD: ========= ========= DISM /Online /Cleanup-Image /RestoreHealth ========= Ferramenta de Gerenciamento e Manuten‡Æo de Imagens de Implanta‡Æo VersÆo: 10.0.22621.1 VersÆo da Imagem: 10.0.22621.2283 [== 3.8% ] [== 4.8% ] [=== 5.7% ] [=== 6.7% ] [==== 7.7% ] [===== 8.7% ] [===== 9.4% ] [====== 10.4% ] [====== 11.4% ] [======= 12.4% ] [======= 13.4% ] [======== 14.3% ] [======== 15.3% ] [========= 16.3% ] [========== 17.3% ] [========== 18.3% ] [=========== 19.2% ] [=========== 20.2% ] [============ 20.9% ] [============ 21.9% ] [============= 22.4% ] [============= 22.5% ] [============= 23.5% ] [============== 24.5% ] [============== 25.4% ] [=============== 26.4% ] [=============== 27.4% ] [================ 28.4% ] [================ 29.1% ] [================= 30.0% ] [================= 31.0% ] [================== 32.0% ] [=================== 33.0% ] [=================== 34.0% ] [==================== 34.9% ] [==================== 35.5% ] [==================== 35.8% ] [==================== 36.1% ] [===================== 37.1% ] [====================== 38.0% ] [====================== 39.0% ] [======================= 40.0% ] [======================= 40.7% ] [======================= 41.1% ] [======================== 41.6% ] [======================== 42.1% ] [======================== 42.3% ] [======================== 43.0% ] [========================= 43.7% ] [========================= 44.3% ] [========================== 45.1% ] [========================== 46.0% ] [===========================47.0% ] [===========================48.0% ] [===========================49.0% ] [===========================50.0% ] [===========================50.9% ] [===========================51.9% ] [===========================52.9% ] [===========================53.2% ] [===========================53.3% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.3% ] [===========================54.3% ] [===========================54.4% ] [===========================54.5% ] [===========================54.8% ] [===========================54.9% ] [===========================55.0% ] [===========================55.1% ] [===========================55.2% ] [===========================55.3% ] [===========================55.4% ] [===========================55.4% ] [===========================55.5% ] [===========================55.6% ] [===========================55.6% ] [===========================55.7% ] [===========================55.8% ] [===========================55.8% ] [===========================55.9% ] [===========================56.0% ] [===========================56.3% ] [===========================56.5% ] [===========================56.6% ] [===========================56.8% ] [===========================56.8% ] [===========================57.1%= ] [===========================57.1%= ] [===========================57.1%= ] [===========================57.8%= ] [===========================58.8%== ] [===========================59.5%== ] [===========================59.5%== ] [===========================62.3%==== ] [===========================77.4%============ ] [===========================84.9%================= ] [==========================100.0%==========================] Opera‡Æo de restaura‡Æo conclu¡da com ˆxito. A opera‡Æo foi conclu¡da com ˆxito. ========= Fim de CMD: ========= ========= SFC /scannow ========= Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído. Iniciando fase de verificação de verificação do sistema. Verificação 0% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 100% concluída. A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito. Para reparos online, os detalhes são incluídos no arquivo de log CBS localizado em windir\Logs\CBS\CBS.log. Por exemplo, C:\Windows\Logs\CBS\CBS.log. Para reparos offline, os detalhes são incluídos no arquivo de log fornecido pelo sinalizador /OFFLOGFILE. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== FlushDNS => completado BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16925342 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 54427303 B Windows/system/drivers => 142143177 B Edge => 0 B Chrome => 1322279796 B Firefox => 0 B Opera => 13434917 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 11912107 B systemprofile32 => 11912129 B LocalService => 11960341 B NetworkService => 11983497 B guilh => 298996539 B RecycleBin => 54676143 B EmptyTemp: => 1.8 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 12:51:00 ====
  11. Guilherme Vermelho começou a seguir Computador travando e com mensagem de erro.
  12. Guilherme Vermelho
    Olá, Meu notebook foi recentemente adquirido, novo e após instalar algumas extensões do chrome e programas duvidosos comecei a receber mensagens de erro a respeito de "audio.exe" e "grservices.exe". Acredito que a máquina esteja infectada. Peço a ajuda de vocês para avaliar meus logs e confirmar minha suspeita. Seguem os logs. Obrigado. # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2023-07-19.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-26-2023 # Duration: 00:00:01 # OS: Windows 11 (Build 22621.2283) # Cleaned: 29 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\Tencent Deleted C:\ProgramData\IObit\Advanced SystemCare Deleted C:\ProgramData\Tencent Deleted C:\Users\guilh\AppData\Roaming\IObit\Advanced SystemCare Deleted C:\Users\guilh\AppData\Roaming\Tencent ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER ***** [ Registry ] ***** Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63557FD5-7F8E-4799-905D-C475871A78AA} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{65815CA8-768E-4592-B813-050581E5DAC0} Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted Search By ZoneAlarm Deleted http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br Deleted http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br Deleted http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br Deleted http://istart.webssearches.com/?type=hp&ts=1414538147&from=bxk1&uid=WDCXWD5000BPVT-60HXZT3_WD-WXN1E32NKVMSNKVMS Deleted http://istart.webssearches.com/?type=hp&ts=1414538147&from=bxk1&uid=WDCXWD5000BPVT-60HXZT3_WD-WXN1E32NKVMSNKVMS Deleted http://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=dde72d04ab3c4cd6853d3bb14dc531f5&tu=10GXy009a2B0CO0&sku=&tstsId=&ver=& ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE23B3FD-B9D1-4EBD-8CD9-9F0887DDB597} Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80434D54-1596-4D78-B6C4-CEE2D8653B2B} Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE23B3FD-B9D1-4EBD-8CD9-9F0887DDB597} Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication Deleted Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED} Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION Deleted Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [4461 octets] - [26/09/2023 10:49:32] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ~ ZHPCleaner v2023.9.26.45 by Nicolas Coolman (2023/09/26) ~ Run by guilh (Administrator) (26/09/2023 10:52:38) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\guilh\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\guilh\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 22621) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (5) FOUND file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\History =>.SUP.BrowserHistoric FOUND file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\History =>.SUP.BrowserHistoric FOUND folder: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache FOUND folder: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache FOUND folder: C:\Users\guilh\AppData\Local\Opera Software\Opera Stable\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (4) FOUND file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference FOUND folder: C:\Users\guilh\AppData\Local\Google\Update =>Heuristic.Suspect FOUND folder: C:\ProgramData\IObit\ASCDownloader =>SUP.Optional.AdvancedSystemCare ---\\ Registry ( Key, Value, Data) (4) FOUND key: HKEY_USERS\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r [] =>Adware.Navipromo FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48c4d171-290d-4b41-b940-f739f8dc8093}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ecebae50-4f24-4c4b-ace0-ab3467d323e9}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser ---\\ Summary of the elements found (7) https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/wp-content/uploads/2017/12/26/sup-advancedsystemcare/ =>SUP.Optional.AdvancedSystemCare https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Adware.Navipromo https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser ---\\ Result of repair ~ Any repair made ~ Google Chrome OK ~ Microsoft Edge OK ~ Microsoft Internet Explorer OK ~ Opera Stable OK ---\\ Statistics ~ Items scanned : 97382 ~ Items found : 16 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 10/18 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of search in 00h07mn23s ---\\ Reports (0) ZHPCleaner-[S]-26092023-11_00_01.txt ~ ZHPCleaner v2023.9.26.45 by Nicolas Coolman (2023/09/26) ~ Run by guilh (Administrator) (26/09/2023 11:01:12) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\guilh\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\guilh\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 22621) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (9) MOVED file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\History =>.SUP.BrowserHistoric MOVED file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\History =>.SUP.BrowserHistoric MOVED file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium MOVED folder: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\guilh\AppData\Local\Opera Software\Opera Stable\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\guilh\AppData\Local\Google\Update =>Heuristic.Suspect MOVED folder: C:\ProgramData\IObit\ASCDownloader =>SUP.Optional.AdvancedSystemCare ---\\ Registry ( Key, Value, Data) (4) DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48c4d171-290d-4b41-b940-f739f8dc8093}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ecebae50-4f24-4c4b-ace0-ab3467d323e9}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser DELETED key*: HKEY_USERS\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r [] =>Adware.Navipromo ---\\ Summary of the elements found (7) https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/wp-content/uploads/2017/12/26/sup-advancedsystemcare/ =>SUP.Optional.AdvancedSystemCare https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Adware.Navipromo ---\\ Other deletions. (0) ~ Registry Keys Tracing deleted (0) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Microsoft Edge OK ~ Microsoft Internet Explorer OK ~ Opera Stable OK ---\\ Statistics ~ Items scanned : 1043 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 10/18 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2023 Executado por guilh (administrador) em GUIVERMELHO (Acer Nitro AN515-58) (26-09-2023 11:05:07) Executando a partir de C:\Users\guilh\Desktop\FRST64.exe Perfis Carregados: guilh Plataforma: Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) Idioma: Português (Brasil) Navegador padrão: Chrome Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAdminAgent.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAgent.exe (C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE <2> (DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_helper.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2> (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe <2> (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe <2> (svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\neo\core\mc-neo-host.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.986.611.0_x64__8wekyb3d8bbwe\PushNotificationsLongRunningTask.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe [1673008 2023-05-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) [Arquivo não assinado] HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142222176 2023-04-21] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Google Update] => "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" (Nenhum Arquivo) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4374888 2023-09-11] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210232 2023-09-23] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc) Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk [2023-09-18] ShortcutTarget: Audio system.lnk -> C:\Netframework.4.5.2\Audio system.vbs () [Arquivo não assinado] Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2023-09-26] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk [2023-09-18] ShortcutTarget: system.lnk -> C:\Perform\system.vbs () [Arquivo não assinado] ==================== Tarefas Agendadas (Whitelisted) ================= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {AB28516B-FCD3-481C-8EDA-D26FA8816B97} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (Nenhum Arquivo) Task: {03768D52-5397-46F6-9404-AC20EC436D5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Nenhum Arquivo) Task: {65532448-C145-49C5-B05D-389973E60B07} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {CF26937B-FE54-41A5-B8A3-D5986CF41D59} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {AF75F4D6-2296-498C-B976-586DCC5CFD9A} - System32\Tasks\audio system => C:\Perform\update.vbs (Nenhum Arquivo) Task: {0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D} - System32\Tasks\Driver Booster SkipUAC (guilh) => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\DriverBooster.exe [8966120 2023-07-27] (IObit CO., LTD -> IObit) Task: {1866B25B-8067-4F5F-8B61-D3B8888F581C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\AutoUpdate.exe [2516968 2023-06-13] (IObit CO., LTD -> IObit) Task: {C59F40E0-7B31-49F5-8CC4-8BF0537D2407} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Nenhum Arquivo) Task: {5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (Nenhum Arquivo) Task: {C8C25885-F528-475C-8C7D-C61CD10197D5} - System32\Tasks\iTop Summer Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopsump23.exe" /sum (Nenhum Arquivo) Task: {475868C0-5FC0-427B-B5AB-3472F6BF6892} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {88D56762-D568-4F5B-A809-C403A6C827A3} - System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\WPS\1.11.279.1\dad\mc-dad.exe [4379528 2023-09-12] (McAfee, LLC -> McAfee, LLC) Task: {C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A155A82B-9E51-48CF-A477-D10075016515} - System32\Tasks\McAfee\WPS\McAfee Sustainability => C:\Program Files\McAfee\WPS\1.11.279.1\sustainability\mc-sustainability.exe [778816 2023-09-12] (McAfee, LLC -> McAfee, LLC) Task: {5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {1283FDD0-291D-4775-A11D-2B6EE2D9A2DA} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {B54F2BA6-417F-437E-B81C-265EE5A1C6B3} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {56EFF8C7-F360-4B48-B402-1ABF6763AB84} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {2BB25299-DD12-4A55-A8F2-871A76A0A421} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2} Task: {7E4F884A-4B65-4572-95C8-75A72035EC76} - System32\Tasks\McAfee\WPS\WPSPush => \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe [819400 2023-09-12] (McAfee, LLC -> ) Task: {470FD3C7-F7B6-430C-9160-31C3D0723EF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {89DB786A-3BCD-4ED9-9A28-4E689B55B665} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {7DD50F2E-9467-4B35-8754-5F0DC7FB8A26} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {71136401-2E5A-477F-8C50-D95564CDEA05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {EA0F5D0F-DBA1-46DC-B35A-FE00325EF813} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-22] (Microsoft Corporation -> Microsoft Corporation) Task: {7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-09-17] (Microsoft Windows -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Nenhum Arquivo) Task: {A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3} - System32\Tasks\NitroSense => C:\Program Files\Acer\NitroSense Service\PSLauncher.exe [609640 2023-01-05] (Acer Incorporated -> Acer Incorporated) Task: {C937BDAE-E1AF-438E-BF9D-115E21D7BB91} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {EF5DDFC7-50BD-4989-B899-33CC98D12EA6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {4CB4A7E3-1E03-42BB-AE20-88C0F397B181} - System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\guilh\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {37E30BB7-8F3B-4D5D-AB99-07F690D33DCC} - System32\Tasks\Opera scheduled Autoupdate 1694556305 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo) Task: {1F1F8B45-A057-40EF-80B6-113D793A9A7A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-02] (Acer Incorporated -> Acer Incorporated) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Edge: ======= Edge Profile: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-26] Edge Extension: (Google Docs Offline) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-17] Edge Extension: (Edge relevant text changes) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-13] FireFox: ======== FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default [2023-09-26] CHR Extension: (Adobe Acrobat: ferramentas para editar, converter e assinar PDFs) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-26] CHR Extension: (McAfee® WebAdvisor) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-09-26] CHR Extension: (Google Docs offline) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26] CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-26] CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-26] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] Opera: ======= OPR DefaultProfile: Opera Stable OPR Profile: C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable [2023-09-12] OPR Extension: (Rich Hints Agent) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-09-12] OPR Extension: (Opera Wallet) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-09-12] OPR Extension: (Aria) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-09-12] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe [543888 2022-02-02] (Intel Corporation -> Intel Corporation) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) S2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5f98233769cf65a5\AS\IAS\IntelAudioService.exe [539992 2023-08-22] (Intel Corporation -> Intel) R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe [2781312 2023-08-22] (Intel Corporation -> Intel Corporation) S3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) S2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2423160 2022-03-28] (Intel Corporation -> Intel) S2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2883448 2022-03-28] (Intel Corporation -> Intel) S3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe [2310472 2023-09-12] (McAfee, LLC -> McAfee, LLC) S3 mc-wps-update; C:\Program Files\McAfee\WPS\1.11.279.1\mc-update.exe [5075896 2023-09-12] (McAfee, LLC -> McAfee, LLC) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-19] (McAfee, LLC -> McAfee, LLC) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) S3 PSSvc; C:\Program Files\Acer\NitroSense Service\PSSvc.exe [867176 2023-01-05] (Acer Incorporated -> Acer Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) S2 ACCSvc; "C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe" [X] R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [36800 2022-05-31] (Acer Incorporated -> Acer Incorporated) S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Arquivo não assinado] S3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_e63a1a6682c5eed2\e2k68cx21x64.sys [619408 2022-03-08] (Realtek Semiconductor Corp. -> Realtek) R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2023-08-22] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2023-08-22] (Intel Corporation -> Intel Corporation) R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_5d49b801c1e48609\IntcUSB.sys [941976 2023-08-22] (Intel Corporation -> Intel(R) Corporation) R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_6808233353fa1d56\ipf_acpi.sys [87168 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_cpu.sys [80512 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_lf.sys [445056 2023-08-22] (Intel Corporation -> Intel Corporation) R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [175848 2022-03-28] (Intel Corporation -> Rivet Networks, LLC.) S0 mfeelam; C:\Windows\System32\DRIVERS\mfeelam.sys [18400 2023-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R0 mfesec; C:\Windows\System32\DRIVERS\mfesec.sys [82696 2023-09-12] (McAfee, LLC -> McAfee, LLC) R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [243768 2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation) S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-09-17] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-09-05] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-05] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-09-26 11:05 - 2023-09-26 11:05 - 000023635 _____ C:\Users\guilh\Desktop\FRST.txt 2023-09-26 11:05 - 2023-09-26 11:05 - 000000000 ____D C:\FRST 2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Downloads\FRST64.exe 2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Desktop\FRST64.exe 2023-09-26 11:01 - 2023-09-26 11:01 - 000011461 _____ C:\Users\guilh\Desktop\ZHPCleaner (R).html 2023-09-26 11:01 - 2023-09-26 11:01 - 000004138 _____ C:\Users\guilh\Desktop\ZHPCleaner (R).txt 2023-09-26 11:00 - 2023-09-26 11:00 - 000011172 _____ C:\Users\guilh\Desktop\ZHPCleaner (S).html 2023-09-26 11:00 - 2023-09-26 11:00 - 000003958 _____ C:\Users\guilh\Desktop\ZHPCleaner (S).txt 2023-09-26 10:55 - 2023-09-26 10:50 - 000004429 _____ C:\Users\guilh\Desktop\AdwCleaner[C00].txt 2023-09-26 10:51 - 2023-09-26 11:01 - 000000000 ____D C:\Users\guilh\AppData\Roaming\ZHP 2023-09-26 10:51 - 2023-09-26 10:52 - 000000875 _____ C:\Users\guilh\Desktop\ZHPCleaner.lnk 2023-09-26 10:51 - 2023-09-26 10:51 - 003343008 _____ (Nicolas Coolman) C:\Users\guilh\Downloads\ZHPCleaner.exe 2023-09-26 10:51 - 2023-09-26 10:51 - 000000000 ____D C:\Users\guilh\AppData\Local\ZHP 2023-09-26 10:46 - 2023-09-26 10:50 - 000000000 ____D C:\AdwCleaner 2023-09-26 10:44 - 2023-09-26 10:44 - 008791352 _____ (Malwarebytes) C:\Users\guilh\Downloads\adwcleaner.exe 2023-09-26 10:43 - 2023-09-26 10:43 - 000000000 ____D C:\Users\guilh\AppData\Local\Steam 2023-09-26 10:42 - 2023-09-26 10:46 - 000000000 ____D C:\Program Files (x86)\Steam 2023-09-26 10:42 - 2023-09-26 10:42 - 002296488 _____ C:\Users\guilh\Downloads\SteamSetup.exe 2023-09-26 10:42 - 2023-09-26 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2023-09-26 07:57 - 2023-09-26 07:57 - 000732744 _____ C:\Windows\system32\prfh0416.dat 2023-09-26 07:57 - 2023-09-26 07:57 - 000146898 _____ C:\Windows\system32\prfc0416.dat 2023-09-26 06:54 - 2023-09-26 06:54 - 004847296 _____ (Husdawg, LLC) C:\Users\guilh\Downloads\Detection.exe 2023-09-22 16:20 - 2023-09-22 16:20 - 002601711 _____ C:\Users\guilh\Downloads\USO DE MÉTODOS OFICIAIS_DIURNO.pdf 2023-09-20 16:32 - 2023-09-20 16:32 - 000082065 _____ C:\Users\guilh\Downloads\extrato_conta.pdf 2023-09-13 08:23 - 2023-09-13 08:23 - 000000000 ____D C:\Users\guilh\Documents\Modelos Personalizados do Office 2023-09-13 08:22 - 2023-09-13 08:22 - 000560409 _____ C:\Users\guilh\Downloads\3- 2023 Lista Consolidada DCB jul.xlsx 2023-09-12 19:05 - 2023-09-25 20:14 - 000000000 ____D C:\Users\guilh\AppData\Local\CrashDumps 2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files\EaseUS 2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files (x86)\EaseUS 2023-09-12 19:05 - 2023-09-12 19:05 - 000004440 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1694556311 2023-09-12 19:05 - 2023-09-12 19:05 - 000004192 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1694556305 2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\Users\guilh\AppData\Local\Opera Software 2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\ProgramData\SystemAcCrux 2023-09-12 19:05 - 2022-12-29 13:34 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\EPMVolFl0.sys 2023-09-12 19:04 - 2023-09-12 19:05 - 077004880 _____ (EaseUS ) C:\Users\guilh\Downloads\epm17.9_free_B.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 001966984 _____ C:\Users\guilh\Downloads\epm_free_installer.793248.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 001767600 _____ ( ) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer_R-sI6W1.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 000098304 _____ (Hewlett-Packard Company) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Opera Software 2023-09-12 19:00 - 2023-09-12 18:59 - 000082696 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfesec.sys 2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\WPSInstallerTemp1 2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2023-09-07 10:46 - 2023-09-07 10:46 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\PowerPoint 2023-09-07 09:49 - 2023-09-25 16:46 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Excel 2023-09-06 10:49 - 2023-09-06 10:49 - 000120029 _____ C:\Users\guilh\Downloads\Escitalopram.pdf 2023-09-05 09:44 - 2023-09-21 08:25 - 000003446 _____ C:\Windows\SysWOW64\pubfreeware.ini 2023-09-05 09:14 - 2023-09-05 09:14 - 000000000 ____D C:\Users\guilh\AppData\Local\McAfee 2023-09-01 19:20 - 2023-09-01 19:20 - 085419960 _____ (McAfee, LLC) C:\Users\guilh\Downloads\McAfee_Installer_serial_6Cd8yLdeaKmyPO98NLkWIg2_key_affid_1274_akey.exe 2023-09-01 19:02 - 2023-09-01 19:03 - 000000000 __RSD C:\Users\guilh\Documents\McAfee Vaults 2023-09-01 19:02 - 2023-09-01 19:02 - 000000000 ____D C:\Users\guilh\AppData\Local\McAfee File Lock 2023-09-01 18:59 - 2023-09-13 08:15 - 000000000 ____D C:\Program Files\McAfee 2023-09-01 18:59 - 2023-09-12 19:03 - 000000000 ____D C:\Windows\system32\Tasks\McAfee 2023-09-01 18:53 - 2023-09-13 08:16 - 000000000 ____D C:\ProgramData\McAfee 2023-09-01 18:53 - 2023-09-01 19:07 - 000000051 _____ C:\Users\guilh\AppData\Roaming\MCVi2UserDetail.ini 2023-09-01 18:53 - 2023-09-01 18:53 - 005891472 _____ (McAfee, LLC) C:\Users\guilh\Downloads\mcafee_trial_setup_433.0207.3919_key.exe ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-09-26 11:01 - 2023-08-22 21:21 - 000000000 ____D C:\ProgramData\IObit 2023-09-26 11:01 - 2023-08-22 21:16 - 000000000 ____D C:\Users\guilh\AppData\Local\Google 2023-09-26 11:00 - 2023-08-22 21:18 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome 2023-09-26 10:50 - 2023-08-22 21:21 - 000000000 ____D C:\Users\guilh\AppData\Roaming\IObit 2023-09-26 10:50 - 2023-08-22 21:12 - 000000000 ____D C:\ProgramData\Acer 2023-09-26 10:50 - 2023-08-22 21:12 - 000000000 ____D C:\Program Files (x86)\Acer 2023-09-26 10:50 - 2023-08-22 20:49 - 000000000 ____D C:\ProgramData\NVIDIA 2023-09-26 10:50 - 2023-08-22 20:42 - 000000000 ___RD C:\Users\guilh\OneDrive 2023-09-26 10:46 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\D3DSCache 2023-09-26 10:05 - 2023-08-22 21:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2023-09-26 10:05 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemTemp 2023-09-26 08:55 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-09-26 08:13 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\Packages 2023-09-26 07:57 - 2023-08-22 20:47 - 001682102 _____ C:\Windows\system32\PerfStringBackup.INI 2023-09-26 07:57 - 2022-05-07 02:22 - 000000000 ____D C:\Windows\INF 2023-09-26 06:52 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\AppReadiness 2023-09-26 06:50 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-09-25 18:11 - 2023-08-22 20:35 - 000000000 ____D C:\ProgramData\Packages 2023-09-25 18:11 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps 2023-09-25 17:23 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Word 2023-09-25 14:20 - 2023-08-23 18:33 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-09-25 14:20 - 2023-08-22 21:52 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-09-25 14:20 - 2023-08-22 21:51 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-09-25 14:20 - 2023-08-22 20:42 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 2023-09-25 09:26 - 2023-08-22 20:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-21 15:11 - 2023-08-23 18:44 - 000000000 ____D C:\Users\guilh\Documents\WeChat Files 2023-09-20 19:15 - 2023-08-22 20:33 - 000012288 ___SH C:\DumpStack.log.tmp 2023-09-20 19:15 - 2023-08-22 20:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-09-20 19:15 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\NDF 2023-09-20 19:15 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ServiceState 2023-09-20 19:15 - 2022-05-07 02:17 - 000524288 _____ C:\Windows\system32\config\BBI 2023-09-19 16:41 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Office 2023-09-19 09:57 - 2023-08-22 21:35 - 000000000 ___HD C:\Perform 2023-09-19 09:42 - 2023-08-22 21:22 - 000000000 ____D C:\ProgramData\ProductData 2023-09-19 07:48 - 2023-08-22 21:16 - 000004224 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} 2023-09-19 07:48 - 2023-08-22 21:16 - 000003956 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} 2023-09-18 09:31 - 2023-08-22 21:35 - 000000000 ___HD C:\Netframework.4.5.2 2023-09-18 09:23 - 2022-05-07 02:17 - 000000000 ____D C:\Windows\CbsTemp 2023-09-18 09:22 - 2023-08-23 00:27 - 000000000 ____D C:\Windows\system32\MRT 2023-09-18 09:20 - 2023-08-23 00:27 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-09-18 09:20 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\AppLocker 2023-09-18 09:19 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate 2023-09-17 22:36 - 2023-08-22 21:48 - 000000000 ____D C:\Program Files\Microsoft Office 2023-09-17 22:35 - 2023-08-22 20:39 - 000000000 ____D C:\Users\guilh 2023-09-17 22:35 - 2023-08-22 20:33 - 000496264 _____ C:\Windows\system32\FNTCACHE.DAT 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\UUS 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemResources 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\oobe 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\Dism 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\appraiser 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellExperiences 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellComponents 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Provisioning 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\bcastdvr 2023-09-17 20:51 - 2023-08-22 20:37 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-09-17 20:46 - 2023-08-23 00:24 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2023-09-13 08:21 - 2023-08-22 22:11 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\UProof 2023-09-12 20:49 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Registration 2023-09-12 19:04 - 2022-05-07 02:24 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-09-12 19:04 - 2022-05-07 02:17 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-09-12 19:00 - 2023-08-22 21:16 - 000002498 _____ C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-09-05 10:09 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\Panther 2023-09-05 09:06 - 2023-08-22 21:39 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 2023-09-05 09:06 - 2023-08-22 21:39 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0 2023-09-05 09:00 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-09-01 19:02 - 2022-05-07 02:24 - 000000124 _____ C:\Windows\win.ini 2023-09-01 18:53 - 2023-08-23 00:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools ==================== Arquivos na raiz de alguns diretórios ======== 2023-09-01 18:53 - 2023-09-01 19:07 - 000000051 _____ () C:\Users\guilh\AppData\Roaming\MCVi2UserDetail.ini 2023-08-22 21:35 - 2023-08-22 21:35 - 000000410 _____ () C:\Users\guilh\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (26-09-2023 11:05:40) Executando a partir de C:\Users\guilh\Desktop Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) (2023-08-22 23:35:07) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-1468474341-1498967642-3512864176-500 - Administrator - Disabled) Convidado (S-1-5-21-1468474341-1498967642-3512864176-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1468474341-1498967642-3512864176-503 - Limited - Disabled) guilh (S-1-5-21-1468474341-1498967642-3512864176-1001 - Administrator - Enabled) => C:\Users\guilh WDAGUtilityAccount (S-1-5-21-1468474341-1498967642-3512864176-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: McAfee (Disabled - Up to date) {17E6E93C-6841-5FC7-DEB8-480FDC929279} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.) Coremail Client V4.0 version 4.0.1.699 (HKLM\...\CMClient_is1) (Version: 4.0.1.699 - ) Documentos (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\547329c748b021098adbb041e9997af7) (Version: 1.0 - Google\Chrome) Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.6.0 - IObit) DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated) Dynamic Application Loader Host Interface Service (HKLM\...\{B31B8E7F-3C96-4A05-887F-78F3DB1E2FC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden Gmail (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\a3baf68a4cbc856ea0b6f162cafbe8a3) (Version: 1.0 - Google\Chrome) Google Chrome (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC) Google Drive (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\92561bab538146c8d23631a9655f2def) (Version: 1.0 - Google\Chrome) Intel(R) Chipset Device Software (HKLM\...\{B7BE54CB-2BAB-458E-99FF-46067A9D451E}) (Version: 10.1.18950.8297 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{128196ab-db0f-4c9e-b603-9c8d8b59934d}) (Version: 10.1.18950.8297 - Intel(R) Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2239.3.33.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{6633DA0D-F56A-42E4-9599-D37A640CAF36}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{C71B56FC-8255-4226-B3E4-6B81288A6A0B}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) ME WMI Provider (HKLM\...\{64528C16-C80F-4935-AF3A-946B86EB3EEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden McAfee (HKLM\...\McAfee.WPS) (Version: 1.11.279.1 - McAfee, LLC) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft 365 Apps para Grandes Empresas - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.41 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.36 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Teams) (Version: 1.6.00.11166 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden NitroSense Service (HKLM\...\{6FC78E80-6385-43D6-8A43-FA80094F1A2E}) (Version: 3.01.3052 - Acer Incorporated) NVIDIA Driver de áudio HD 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation) NVIDIA Driver de gráficos 512.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.74 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9309.1 - Realtek Semiconductor Corp.) Sheets (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\729e688ab6880be61f3228ca532f5f97) (Version: 1.0 - Google\Chrome) Slides (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\7457603eb1d7d66885433bf216ff532c) (Version: 1.0 - Google\Chrome) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.11166 - Microsoft Corporation) WebAdvisor da McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.836 - McAfee, LLC) WeChat (HKLM-x32\...\WeChat) (Version: 3.9.6.33 - 腾讯科技(深圳)有限公司) WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH) YouTube (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\63c9d49a6b2c600986bb89cb0948ddcd) (Version: 1.0 - Google\Chrome) Packages: ========= Acer Purified Voice Console (R) -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPurifiedVoiceConsoleR_1.0.5.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated) AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt [2023-09-17] (INTEL CORP) [Startup Task] Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3054.0_x64__48frkmn4z8aw4 [2023-08-22] (Acer Incorporated) Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-23] (Microsoft Corporation) DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2023.3.13.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.) DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.14.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.) Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1122.329.0_x64__rh07ty8m5nkag [2023-08-22] (Rivet Networks LLC) [Startup Task] McAfee® Security -> C:\Program Files\McAfee\WPS\1.11.279.1 [2023-09-12] () Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.) Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation) NitroSense_V31 -> C:\Program Files\WindowsApps\AcerIncorporated.NitroSenseV31_3.1.3052.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-22] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.294.0_x64__dt26b99r8h8gj [2023-09-05] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-01] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0 [2023-09-25] (Spotify AB) [Startup Task] WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.) WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.986.611.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corp.) Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation) Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation) Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-17] (Microsoft Corporation) WinRAR -> C:\Program Files\WinRAR [2023-08-22] (win.rar GmbH) ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97}\localserver32 -> C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> ) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\guilh\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\116.0.5845.188\notification_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.292\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\guilh\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\nvshext.dll [2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Docs.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Documentos.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Gmail.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Google Drive.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Sheets.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Slides.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\YouTube.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ==================== Módulos Carregados (Whitelisted) ============= 2020-03-06 06:11 - 2020-03-06 06:11 - 000021504 _____ (Adobe Systems Inc.) [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\Acrobat Elements\ContextMenuShim64.ptb ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\sharepoint.com -> hxxps://1bws5l-files.sharepoint.com ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2022-05-07 02:24 - 2022-05-07 02:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\guilh\Downloads\wallpaperbetter.com_1920x1080.jpg DNS Servers: O Suporte não está conectado à internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{FE3D84E7-D5D0-4749-BBD7-B574B3E39F01}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5DECDFD8-973A-4C56-97ED-7F88B51B644E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0405B5B1-1AAF-4825-967D-C7C4C54E2574}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CBCEC0B6-8D3F-428C-B0C1-3EA683598EE3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BBD3988B-10B6-4968-9C7B-0BDDC7FD9E66}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FE8024DF-5B09-4BE0-B3DE-F6B4C2A0B447}] => (Allow) C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> ) FirewallRules: [TCP Query User{274EB8B5-BC96-471A-864D-A4F975539016}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{3C7B0E6D-FB1A-42D8-AFA8-3DD521244E37}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{464E45D1-9892-4CB7-8348-0AA64EE6DD0F}] => (Allow) C:\Users\guilh\AppData\Local\Programs\Opera\102.0.4880.46\opera.exe => Nenhum Arquivo FirewallRules: [{0D13D52D-B046-455E-9EA5-B1C9336868A1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CA604C4B-C070-41F1-A883-F565E8F3F0E3}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{27B9E91B-40A0-42F8-BE0E-F104F1F519B4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FF65E029-66BD-4B54-96CD-76CD0344056D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{884AF703-67BC-47D7-B5D0-284AFB4C4448}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E9E1619C-6764-4101-A1E3-71FA6CFC6FF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{A65FE57C-1D9B-419A-BDD5-D9A60767AF11}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{557C13AE-B357-4CB1-B3AE-9E295602A6B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{96BE86C9-D610-4CEE-AF37-4451B7D37C2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{4CCE2437-A38F-4802-84F3-47EC26DD0ED2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E6B07CED-2C7E-45CD-AA6A-2743C25EDF39}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3A59B8BE-2F78-4B0A-A6FC-CE0DFA793E0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6B49219D-E8B0-439F-BDA1-A58E3DC36AEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3B50D019-0F24-47D4-9AC1-37459124C427}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{91489089-8118-4628-9F0F-EF999D6A43D5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) ==================== Pontos de Restauração ========================= 21-09-2023 08:25:40 Windows Update 21-09-2023 08:25:48 Windows Update 26-09-2023 11:00:27 ZHPcleaner ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (09/26/2023 10:47:35 AM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x51a0 Hora de início do aplicativo com falha: 0x0x1d9f07ff7b7926c Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: c8f90dbb-28be-4ce6-9322-b920b9abdf36 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/26/2023 10:47:04 AM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x1278 Hora de início do aplicativo com falha: 0x0x1d9ec0fffccac1a Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: e6bc08cf-865c-4b74-93fd-9765a4e4781a Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/25/2023 08:14:05 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23231.411.2342.9597, carimbo de data/hora: 0x64ed3548 Nome do módulo com falha: ucrtbase.dll, versão: 10.0.22621.608, carimbo de data/hora: 0xf5fc15a3 Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000007f61e ID do processo com falha: 0x0x4cd4 Hora de início do aplicativo com falha: 0x0x1d9f005fa59ef0f Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll ID do Relatório: c500ef52-b02c-4e04-8641-4863e15f6a7d Nome completo do pacote com falha: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (09/25/2023 09:27:13 AM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23231.411.2342.9597, carimbo de data/hora: 0x64ed3548 Nome do módulo com falha: ucrtbase.dll, versão: 10.0.22621.608, carimbo de data/hora: 0xf5fc15a3 Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000007f61e ID do processo com falha: 0x0x2324 Hora de início do aplicativo com falha: 0x0x1d9efab9c7dc914 Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll ID do Relatório: ab3d3857-7792-4b38-87aa-c08b17aa910e Nome completo do pacote com falha: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (09/20/2023 07:17:04 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23231.411.2342.9597, carimbo de data/hora: 0x64ed3548 Nome do módulo com falha: ucrtbase.dll, versão: 10.0.22621.608, carimbo de data/hora: 0xf5fc15a3 Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000007f61e ID do processo com falha: 0x0x1ca8 Hora de início do aplicativo com falha: 0x0x1d9ec102f2d4fe2 Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll ID do Relatório: 1ddbba84-6613-4b29-8bb6-ac63ba35a3b0 Nome completo do pacote com falha: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (09/20/2023 07:15:03 PM) (Source: Application Hang) (EventID: 1002) (User: AUTORIDADE NT) Description: O programa ShellExperienceHost.exe versão 10.0.22621.2215 interagiu com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle de Segurança e Manutenção. Error: (09/20/2023 07:14:36 PM) (Source: Application Hang) (EventID: 1002) (User: AUTORIDADE NT) Description: O programa ShellExperienceHost.exe versão 10.0.22621.2215 interagiu com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle de Segurança e Manutenção. Error: (09/19/2023 03:40:32 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: Widgets.exe, versão: 421.20070.1820.0, carimbo de data/hora: 0x64e54318 Nome do módulo com falha: Widgets.exe, versão: 421.20070.1820.0, carimbo de data/hora: 0x64e54318 Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000122cc7 ID do processo com falha: 0x0x20e0 Hora de início do aplicativo com falha: 0x0x1d9eb224960bae0 Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe Caminho do módulo com falha: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ID do Relatório: e0367dea-7504-40b5-866f-a6c4402188d6 Nome completo do pacote com falha: MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: Widgets Erros de Sistema: ============= Error: (09/26/2023 10:59:46 AM) (Source: DCOM) (EventID: 10010) (User: GUIVERMELHO) Description: O servidor {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} não se registrou no DCOM dentro do tempo limite necessário. Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Predator Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço FileSyncHelper foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço NVIDIA Display Container LS foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 6000 milissegundos: Reiniciar o serviço. Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Microsoft Office Click-to-Run Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Killer Network Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço McAfee WebAdvisor foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1 milissegundos: Reiniciar o serviço. Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Killer Dynamic Bandwidth Management foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Windows Defender: ================ Date: 2023-08-23 06:48:13 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Contebrew.A!ml&threatid=251873&enterprise=0 Nome: Program:Win32/Contebrew.A!ml Gravidade: Alto Categoria: Modificador de Configurações Caminho: file:_C:\Users\guilh\Downloads\Adobe.Acrobat.Pro.DC.v2022.001.20085.exe Origem da Detecção: Computador local Tipo da Detecção: FastPath Fonte da Detecção: Proteção em Tempo Real Usuário: GuiVermelho\guilh Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.395.1105.0, AS: 1.395.1105.0, NIS: 1.395.1105.0 Versão do Mecanismo: AM: 1.1.23070.1005, NIS: 1.1.23070.1005  CodeIntegrity: =============== Date: 2023-09-26 10:48:48 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.11.279.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements. Date: 2023-09-26 10:48:18 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.11.279.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: Insyde Corp. V2.05 04/12/2023 placa-mãe: ADL Jimny_ADH Processador: 12th Gen Intel(R) Core(TM) i5-12450H Percentagem de memória em uso: 48% RAM física total: 7901.05 MB RAM física disponível: 4062.48 MB Virtual Total: 10973.05 MB Virtual disponível: 5216.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:397.15 GB) (Free:328.74 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS Drive d: (WINDRIVER) (Fixed) (Total:20 GB) (Free:5.64 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS \\?\Volume{babfb7f2-327b-47f8-bc2c-f4b7eabdc326}\ (EFI) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 0FC3CF86) Partition: GPT. ==================== Fim de Addition.txt ======================= ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of clean in 00h00mn36s ---\\ Reports (2) ZHPCleaner-[S]-26092023-11_00_01.txt ZHPCleaner-[R]-26092023-11_01_48.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

Mais

×
×
  • Criar novo...

 

GRÁTIS: ebook Redes Wi-Fi – 2ª Edição

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!