Ir ao conteúdo
  • Cadastre-se

Guilherme Vermelho

Membro Júnior
 Perfil  Explorar Conteúdo

  • Posts

    11

  • Cadastrado em

  • Última visita

 Tipo de conteúdo 

Tudo que Guilherme Vermelho postou

  1. Guilherme Vermelho
    Boa tarde, Os problemas iniciais foram eliminados. Muito obrigado pela ajuda!
  2. Guilherme Vermelho
    Olá, Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (05-10-2023 08:22:27) Run:6 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: C:\gitzwc C:\Perform\system.vbs C:\Netframework.4.5.2\Audio system.vbs C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk C:\Program Files\cmclient\CMClient.exe CMD: netsh advfirewall reset CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. "C:\gitzwc" pasta mover: C:\gitzwc => movido com sucesso "C:\Perform\system.vbs" => não encontrado (a) "C:\Netframework.4.5.2\Audio system.vbs" => não encontrado (a) "C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk" => não encontrado (a) C:\Program Files\cmclient\CMClient.exe => movido com sucesso ========= netsh advfirewall reset ========= Ok. ========= Fim de CMD: ========= ========= DISM /Online /Cleanup-Image /RestoreHealth ========= Ferramenta de Gerenciamento e Manuten‡Æo de Imagens de Implanta‡Æo VersÆo: 10.0.22621.1 VersÆo da Imagem: 10.0.22621.2283 [== 3.8% ] [== 4.8% ] [=== 5.7% ] [=== 6.7% ] [==== 7.7% ] [===== 8.7% ] [===== 9.4% ] [====== 10.4% ] [====== 11.4% ] [======= 12.4% ] [======= 13.4% ] [======== 14.3% ] [======== 15.3% ] [========= 16.3% ] [========== 17.3% ] [========== 18.3% ] [=========== 19.2% ] [=========== 20.2% ] [============ 20.9% ] [============ 21.9% ] [============ 22.3% ] [============= 22.5% ] [============= 23.5% ] [============== 24.5% ] [============== 25.4% ] [=============== 26.4% ] [=============== 27.4% ] [================ 28.4% ] [================ 28.9% ] [================= 29.9% ] [================= 30.9% ] [================== 31.8% ] [=================== 32.8% ] [=================== 33.8% ] [==================== 34.8% ] [==================== 35.5% ] [==================== 36.1% ] [===================== 37.1% ] [====================== 38.0% ] [====================== 39.0% ] [======================= 40.0% ] [======================= 40.5% ] [======================= 40.7% ] [======================= 41.3% ] [======================== 41.6% ] [======================== 42.3% ] [======================== 43.0% ] [========================= 43.8% ] [========================= 44.6% ] [========================== 45.6% ] [===========================46.6% ] [===========================47.5% ] [===========================48.5% ] [===========================49.5% ] [===========================50.5% ] [===========================51.5% ] [===========================52.5% ] [===========================53.3% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.3% ] [===========================54.3% ] [===========================54.4% ] [===========================54.5% ] [===========================54.9% ] [===========================54.9% ] [===========================55.1% ] [===========================55.2% ] [===========================55.3% ] [===========================55.4% ] [===========================55.5% ] [===========================55.5% ] [===========================55.6% ] [===========================55.7% ] [===========================55.8% ] [===========================55.9% ] [===========================56.1% ] [===========================56.4% ] [===========================56.5% ] [===========================56.8% ] [===========================56.9%= ] [===========================57.1%= ] [===========================57.1%= ] [===========================57.2%= ] [===========================57.9%= ] [===========================58.9%== ] [===========================59.5%== ] [===========================59.5%== ] [===========================62.3%==== ] [===========================77.4%============ ] [===========================84.9%================= ] [==========================100.0%==========================] Opera‡Æo de restaura‡Æo conclu¡da com ˆxito. A opera‡Æo foi conclu¡da com ˆxito. ========= Fim de CMD: ========= ========= SFC /scannow ========= Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído. Iniciando fase de verificação de verificação do sistema. Verificação 0% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 100% concluída. A Proteção de Recursos do Windows não encontrou nenhuma violação de integridade. ========= Fim de CMD: ========= ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== FlushDNS => completado BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 7383814 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 24245252 B Windows/system/drivers => 252925 B Edge => 0 B Chrome => 707597488 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 359673 B systemprofile32 => 359673 B LocalService => 364361 B NetworkService => 364361 B guilh => 114800527 B RecycleBin => 0 B EmptyTemp: => 816.1 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 08:25:47 ====
  3. Guilherme Vermelho
    Desde a última correção não recebi mais mensagens de erro "Audio.exe" nem "grservices.exe"!
  4. Guilherme Vermelho
    Bom dia Segue o log Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (04-10-2023 08:30:34) Run:5 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: File: C:\gitzwc\gitzgame.gme StartBatch: cd C:\ dir /s /b audio.exe grservices.exe EndBatch: C:\Perform\system.vbs C:\Netframework.4.5.2\Audio system.vbs C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk C:\Program Files\cmclient\CMClient.exe HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142222176 2023-04-21] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk [2023-09-18] ShortcutTarget: Audio system.lnk -> C:\Netframework.4.5.2\Audio system.vbs () [Arquivo não assinado] Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2023-09-27] HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Google Update] => "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" (Nenhum Arquivo) Task: {5F1CB6D7-D0C5-4360-91AC-6910659D9ED3} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {ED067E53-E15E-4105-8A4A-899F205EEBD4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {55D107C6-901C-4424-8F3C-ABF145A479F7} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {6FFFABC0-6266-4279-A4D8-6F42D0EEB1E5} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A02431B2-42B3-4F0A-B3DB-B94C4234BBD4} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {01F7E411-E886-4B44-AD3E-FADF0993632B} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A40AAC01-48B9-4BA1-A2BB-F804D23E27F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {861C1CE1-0795-41E6-8580-64FDB8E95C30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {110FE0D4-14E2-40BC-BDD5-69B7F0FE89F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {40BED165-CD79-4218-94BD-1A1A62C8BB25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2B24477D-BB12-4687-8FC2-AF343EEBAFC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {8A85DBD9-2607-4BA0-A34A-C8AA8EE809BF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation) Task: {8B873C9A-4E90-4485-AB27-DEEA15A381E2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B47DF9F1-BC83-4320-AC7A-9D2601BC7F4D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D96B710F-5C35-441B-9775-871BDAF9E31B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F95AD09B-A64C-487C-A97B-48A8F0BE6777} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2CFA7857-B1EF-43B2-ACDE-C13F0579B427} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {66E3EADB-E4FA-4E77-89E8-7758C5DE92B0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {302A1CF7-4890-4F79-99A5-BC0C51BBA18A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4E4EEE33-4788-4B24-8B78-1F25937A338B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97}\localserver32 -> C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> ) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\guilh\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\116.0.5845.188\notification_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.292\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\guilh\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CMD: netsh advfirewall reset CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========================= File: C:\gitzwc\gitzgame.gme ======================== C:\gitzwc\gitzgame.gme O arquivo é assinado digitalmente MD5: 49D77A65FCC78F6C7B02C21EC3DAEB19 Data de criação e modificação: 2023-09-27 18:34 - 2020-08-15 11:47 Tamanho: 005247528 Atributos: ----A Nome Da Empresa: Porsche Consulting Ltda -> Softnyx Interno Nome: GunBound Original Nome: GunBound.gme Produto: Softnyx GunBound Project Descrição: GunBound Arquivo Versão: 0, 0, 2, 40 Produto Versão: 1, 0, 0, 1 Copyright: Copyright ⓒ Softnyx, 2002 VirusTotal: https://www.virustotal.com/gui/file/8e30d556d74b81548d1ffe7a9009a29abca43294717902ee4cae3372c553b3fc/detection/f-8e30d556d74b81548d1ffe7a9009a29abca43294717902ee4cae3372c553b3fc-1692804020 ====== Fim de File: ====== ========= Batch: ========= 䄀爀焀甀椀瘀漀 渀쎣o encontrado ========= Fim de Batch: ========= "C:\Perform\system.vbs" => não encontrado (a) C:\Netframework.4.5.2\Audio system.vbs => movido com sucesso "C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk" => não encontrado (a) C:\Program Files\cmclient\CMClient.exe => movido com sucesso "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TeamsMachineInstaller" => removido (a) com sucesso. HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removido (a) com sucesso. C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk => movido com sucesso "C:\Netframework.4.5.2\Audio system.vbs" => não encontrado (a) C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk => movido com sucesso "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F1CB6D7-D0C5-4360-91AC-6910659D9ED3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F1CB6D7-D0C5-4360-91AC-6910659D9ED3}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\amwebapitriggertask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\amwebapitriggertask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED067E53-E15E-4105-8A4A-899F205EEBD4}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED067E53-E15E-4105-8A4A-899F205EEBD4}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\datupdatetask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\datupdatetask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55D107C6-901C-4424-8F3C-ABF145A479F7}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55D107C6-901C-4424-8F3C-ABF145A479F7}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\mcpcoscanner => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\mcpcoscanner" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FFFABC0-6266-4279-A4D8-6F42D0EEB1E5}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FFFABC0-6266-4279-A4D8-6F42D0EEB1E5}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\NGMCadence => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\NGMCadence" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A02431B2-42B3-4F0A-B3DB-B94C4234BBD4}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A02431B2-42B3-4F0A-B3DB-B94C4234BBD4}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\odsscheduledtask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\odsscheduledtask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{01F7E411-E886-4B44-AD3E-FADF0993632B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01F7E411-E886-4B44-AD3E-FADF0993632B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\systemrebootedtask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\systemrebootedtask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A40AAC01-48B9-4BA1-A2BB-F804D23E27F0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A40AAC01-48B9-4BA1-A2BB-F804D23E27F0}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{861C1CE1-0795-41E6-8580-64FDB8E95C30}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{861C1CE1-0795-41E6-8580-64FDB8E95C30}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{110FE0D4-14E2-40BC-BDD5-69B7F0FE89F0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{110FE0D4-14E2-40BC-BDD5-69B7F0FE89F0}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40BED165-CD79-4218-94BD-1A1A62C8BB25}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40BED165-CD79-4218-94BD-1A1A62C8BB25}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Verification" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B24477D-BB12-4687-8FC2-AF343EEBAFC5}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B24477D-BB12-4687-8FC2-AF343EEBAFC5}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A85DBD9-2607-4BA0-A34A-C8AA8EE809BF}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A85DBD9-2607-4BA0-A34A-C8AA8EE809BF}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B873C9A-4E90-4485-AB27-DEEA15A381E2}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B873C9A-4E90-4485-AB27-DEEA15A381E2}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B47DF9F1-BC83-4320-AC7A-9D2601BC7F4D}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B47DF9F1-BC83-4320-AC7A-9D2601BC7F4D}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D96B710F-5C35-441B-9775-871BDAF9E31B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D96B710F-5C35-441B-9775-871BDAF9E31B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F95AD09B-A64C-487C-A97B-48A8F0BE6777}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F95AD09B-A64C-487C-A97B-48A8F0BE6777}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CFA7857-B1EF-43B2-ACDE-C13F0579B427}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CFA7857-B1EF-43B2-ACDE-C13F0579B427}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66E3EADB-E4FA-4E77-89E8-7758C5DE92B0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66E3EADB-E4FA-4E77-89E8-7758C5DE92B0}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{302A1CF7-4890-4F79-99A5-BC0C51BBA18A}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{302A1CF7-4890-4F79-99A5-BC0C51BBA18A}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E4EEE33-4788-4B24-8B78-1F25937A338B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E4EEE33-4788-4B24-8B78-1F25937A338B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001" => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B} => removido (a) com sucesso. HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => removido (a) com sucesso. ========= netsh advfirewall reset ========= Ok. ========= Fim de CMD: ========= ========= DISM /Online /Cleanup-Image /RestoreHealth ========= Ferramenta de Gerenciamento e Manuten‡Æo de Imagens de Implanta‡Æo VersÆo: 10.0.22621.1 VersÆo da Imagem: 10.0.22621.2283 [== 3.8% ] [== 4.6% ] [=== 5.6% ] [=== 6.6% ] [==== 7.5% ] [==== 8.5% ] [===== 9.4% ] [====== 10.4% ] [====== 11.4% ] [======= 12.4% ] [======= 13.4% ] [======== 14.3% ] [======== 15.3% ] [========= 16.3% ] [========== 17.3% ] [========== 18.3% ] [=========== 19.2% ] [=========== 20.2% ] [============ 20.8% ] [============ 21.8% ] [============ 22.3% ] [============= 22.5% ] [============= 23.1% ] [============= 24.1% ] [============== 25.1% ] [=============== 26.0% ] [=============== 27.0% ] [================ 28.0% ] [================ 28.7% ] [================= 29.7% ] [================= 30.6% ] [================== 31.5% ] [================== 32.5% ] [=================== 33.4% ] [=================== 34.4% ] [==================== 35.3% ] [==================== 35.9% ] [==================== 36.1% ] [===================== 37.1% ] [====================== 38.0% ] [====================== 39.0% ] [======================= 40.0% ] [======================= 40.4% ] [======================= 40.7% ] [======================= 41.3% ] [======================== 41.6% ] [======================== 42.3% ] [======================== 43.0% ] [========================= 43.9% ] [========================= 44.5% ] [========================== 45.3% ] [========================== 46.3% ] [===========================47.2% ] [===========================48.2% ] [===========================49.2% ] [===========================50.2% ] [===========================51.2% ] [===========================52.2% ] [===========================53.1% ] [===========================53.3% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.3% ] [===========================54.4% ] [===========================54.5% ] [===========================54.9% ] [===========================54.9% ] [===========================55.1% ] [===========================55.2% ] [===========================55.3% ] [===========================55.4% ] [===========================55.5% ] [===========================55.5% ] [===========================55.6% ] [===========================55.7% ] [===========================55.8% ] [===========================55.9% ] [===========================56.1% ] [===========================56.5% ] [===========================56.5% ] [===========================56.8% ] [===========================56.8% ] [===========================57.1%= ] [===========================57.1%= ] [===========================57.2%= ] [===========================57.9%= ] [===========================58.9%== ] [===========================59.5%== ] [===========================59.5%== ] [===========================62.3%==== ] [===========================77.4%============ ] [===========================84.9%================= ] [==========================100.0%==========================] Opera‡Æo de restaura‡Æo conclu¡da com ˆxito. A opera‡Æo foi conclu¡da com ˆxito. ========= Fim de CMD: ========= ========= SFC /scannow ========= Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído. Iniciando fase de verificação de verificação do sistema. Verificação 0% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 100% concluída. A Proteção de Recursos do Windows não encontrou nenhuma violação de integridade. ========= Fim de CMD: ========= ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== FlushDNS => completado BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10667484 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 48619193 B Windows/system/drivers => 73792080 B Edge => 0 B Chrome => 1314481897 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 7714072 B systemprofile32 => 7714072 B LocalService => 7742200 B NetworkService => 7742200 B guilh => 211437855 B RecycleBin => 1981414641 B EmptyTemp: => 3.4 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 08:34:18 ====
  5. Guilherme Vermelho
    Bom dia, Seguem os logs: Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2023 Executado por guilh (administrador) em GUIVERMELHO (Acer Nitro AN515-58) (03-10-2023 08:24:11) Executando a partir de C:\Users\guilh\Desktop\FRST64.exe Perfis Carregados: guilh Plataforma: Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) Idioma: Português (Brasil) Navegador padrão: Chrome Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Adobe Inc. -> Adobe Systems Inc.) [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe (C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3> (C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (cmd.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\browserhost.exe (cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE (drivers\RivetNetworks\Killer\KNDBWMService.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe (DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_helper.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome.exe <39> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2> (Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_734ca279c9cf8df2\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_89d541b5fe7b9dc6\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_670360bdb5a40a0d\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe (services.exe ->) (Intel Corporation -> Intel® Corporation) C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe <2> (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3> (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe <3> (svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\neo\core\mc-neo-host.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.2061_none_e9764a2042bb8e95\TiWorker.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe [1673008 2023-05-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) [Arquivo não assinado] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142222176 2023-04-21] (Microsoft Corporation -> Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Google Update] => "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" (Nenhum Arquivo) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc) Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk [2023-09-18] ShortcutTarget: Audio system.lnk -> C:\Netframework.4.5.2\Audio system.vbs () [Arquivo não assinado] Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2023-09-27] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ================= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {5F1CB6D7-D0C5-4360-91AC-6910659D9ED3} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {ED067E53-E15E-4105-8A4A-899F205EEBD4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {55D107C6-901C-4424-8F3C-ABF145A479F7} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {6FFFABC0-6266-4279-A4D8-6F42D0EEB1E5} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A02431B2-42B3-4F0A-B3DB-B94C4234BBD4} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {01F7E411-E886-4B44-AD3E-FADF0993632B} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A40AAC01-48B9-4BA1-A2BB-F804D23E27F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {861C1CE1-0795-41E6-8580-64FDB8E95C30} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {110FE0D4-14E2-40BC-BDD5-69B7F0FE89F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {40BED165-CD79-4218-94BD-1A1A62C8BB25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {2B24477D-BB12-4687-8FC2-AF343EEBAFC5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-15] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {8A85DBD9-2607-4BA0-A34A-C8AA8EE809BF} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2023-01-27] (Nvidia Corporation -> NVIDIA Corporation) Task: {8B873C9A-4E90-4485-AB27-DEEA15A381E2} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {B47DF9F1-BC83-4320-AC7A-9D2601BC7F4D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {D96B710F-5C35-441B-9775-871BDAF9E31B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {F95AD09B-A64C-487C-A97B-48A8F0BE6777} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {2CFA7857-B1EF-43B2-ACDE-C13F0579B427} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {66E3EADB-E4FA-4E77-89E8-7758C5DE92B0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {302A1CF7-4890-4F79-99A5-BC0C51BBA18A} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-01-20] (NVIDIA Corporation -> NVIDIA Corporation) Task: {4E4EEE33-4788-4B24-8B78-1F25937A338B} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 181.213.132.2 181.213.132.3 Tcpip\..\Interfaces\{48c4d171-290d-4b41-b940-f739f8dc8093}: [DhcpNameServer] 181.213.132.2 181.213.132.3 Edge: ======= Edge Profile: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-03] Edge Extension: (Documentos Google off-line) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26] Edge Extension: (Edge relevant text changes) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-26] FireFox: ======== FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default [2023-10-03] CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-09-29] CHR Extension: (Adobe Acrobat: ferramentas para editar, converter e assinar PDFs) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-26] CHR Extension: (McAfee® WebAdvisor) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-09-26] CHR Extension: (Google Docs offline) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26] CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-26] CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-26] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] Opera: ======= OPR DefaultProfile: Opera Stable OPR Profile: C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable [2023-09-27] OPR Extension: (Rich Hints Agent) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-09-12] OPR Extension: (Opera Wallet) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-09-12] OPR Extension: (Aria) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-09-12] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe [543888 2022-02-02] (Intel Corporation -> Intel Corporation) R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) S2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5f98233769cf65a5\AS\IAS\IntelAudioService.exe [539992 2023-08-22] (Intel Corporation -> Intel) R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe [2781312 2023-08-22] (Intel Corporation -> Intel Corporation) S3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) R2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2423160 2022-03-28] (Intel Corporation -> Intel) R2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2883448 2022-03-28] (Intel Corporation -> Intel) R3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe [2310472 2023-09-12] (McAfee, LLC -> McAfee, LLC) S3 mc-wps-update; C:\Program Files\McAfee\WPS\1.11.279.1\mc-update.exe [5075896 2023-09-12] (McAfee, LLC -> McAfee, LLC) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-19] (McAfee, LLC -> McAfee, LLC) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) S3 PSSvc; C:\Program Files\Acer\NitroSense Service\PSSvc.exe [867176 2023-01-05] (Acer Incorporated -> Acer Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [36800 2022-05-31] (Acer Incorporated -> Acer Incorporated) S3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_e63a1a6682c5eed2\e2k68cx21x64.sys [619408 2022-03-08] (Realtek Semiconductor Corp. -> Realtek) R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2023-08-22] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2023-08-22] (Intel Corporation -> Intel Corporation) R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_5d49b801c1e48609\IntcUSB.sys [941976 2023-08-22] (Intel Corporation -> Intel(R) Corporation) R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_6808233353fa1d56\ipf_acpi.sys [87168 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_cpu.sys [80512 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_lf.sys [445056 2023-08-22] (Intel Corporation -> Intel Corporation) R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [175848 2022-03-28] (Intel Corporation -> Rivet Networks, LLC.) S0 mfeelam; C:\Windows\System32\DRIVERS\mfeelam.sys [18400 2023-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R0 mfesec; C:\Windows\System32\DRIVERS\mfesec.sys [82696 2023-09-12] (McAfee, LLC -> McAfee, LLC) R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-13] (Nvidia Corporation -> NVIDIA Corporation) R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [243768 2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation) S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-09-17] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-09-05] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-05] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-10-03 08:24 - 2023-10-03 08:24 - 000024227 _____ C:\Users\guilh\Desktop\FRST.txt 2023-10-02 12:17 - 2023-10-02 12:17 - 005269765 _____ C:\Users\guilh\Desktop\LAUDO_DE_VISTROTIA_DE_ENTRADA_AV_SANTA_MARINA,_1588_-_APTO_16_BL02_.docx 1.pdf 2023-10-02 10:35 - 2023-10-02 10:35 - 000095385 _____ C:\Users\guilh\Downloads\PROPOSTA EFETIVADA.pdf 2023-10-02 08:48 - 2023-10-02 08:48 - 000163050 _____ C:\Users\guilh\Downloads\00 INFORMAÇÕES ASSOCIAR AO CLUBE DO BOSQUE 2023.pdf 2023-10-02 08:48 - 2023-10-02 08:48 - 000163050 _____ C:\Users\guilh\Downloads\00 INFORMAÇÕES ASSOCIAR AO CLUBE DO BOSQUE 2023 (1).pdf 2023-10-02 08:47 - 2023-10-02 08:47 - 000162562 _____ C:\Users\guilh\Desktop\Huahai Edoxaban Ethyl p-toluene sulfonate impurity evaluation.pdf 2023-10-02 08:29 - 2023-10-02 08:29 - 000732744 _____ C:\Windows\system32\prfh0416.dat 2023-10-02 08:29 - 2023-10-02 08:29 - 000146898 _____ C:\Windows\system32\prfc0416.dat 2023-10-02 08:18 - 2023-10-03 08:22 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC 2023-09-28 19:03 - 2023-09-28 19:03 - 001261502 _____ C:\Users\guilh\Downloads\Unidad 6.pdf 2023-09-28 16:59 - 2023-09-28 16:59 - 000066785 _____ C:\Users\guilh\Downloads\GpqytvF7i9Q 2023-09-28 16:55 - 2023-09-28 16:55 - 001325790 _____ C:\Users\guilh\Desktop\Vistoria.pdf 2023-09-27 18:45 - 2023-09-27 18:45 - 000000012 _____ C:\Windows\setlist.txt 2023-09-27 18:34 - 2023-09-27 18:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GitzWC 2023-09-27 18:33 - 2023-09-29 13:27 - 000000000 ____D C:\GitzWC 2023-09-27 18:31 - 2023-09-27 18:31 - 545525368 _____ (GitzWC, Inc. ) C:\Users\guilh\Downloads\Gitz_World_Champion_09.07.2023.exe 2023-09-27 16:28 - 2023-09-27 16:28 - 000000000 ____D C:\Program Files (x86)\Outbyte 2023-09-27 16:09 - 2023-09-27 16:27 - 000000000 ____D C:\Windows\system32\Tasks\Outbyte 2023-09-27 16:07 - 2023-09-27 16:08 - 026190888 _____ (Outbyte) C:\Users\guilh\Downloads\outbyte-pc-repair.exe 2023-09-27 15:02 - 2023-09-27 15:03 - 026190888 _____ (Outbyte) C:\Users\guilh\Downloads\Audio_exe-outbyte-pc-repair.exe 2023-09-27 12:51 - 2023-09-27 12:51 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 2023-09-26 14:58 - 2023-09-27 08:09 - 000000000 ____D C:\Users\guilh\AppData\Local\NVIDIA Corporation 2023-09-26 14:58 - 2023-09-26 14:58 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:58 - 2023-09-26 14:58 - 000000000 ____D C:\Users\guilh\ansel 2023-09-26 14:58 - 2023-09-26 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2023-09-26 14:58 - 2023-01-20 13:45 - 002904632 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2023-09-26 14:58 - 2023-01-20 13:45 - 002234920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2023-09-26 14:58 - 2023-01-20 13:45 - 001297464 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll 2023-09-26 14:58 - 2023-01-12 23:34 - 000086568 _____ C:\Windows\system32\FvSDK_x64.dll 2023-09-26 14:58 - 2023-01-12 23:34 - 000075304 _____ C:\Windows\SysWOW64\FvSDK_x86.dll 2023-09-26 14:58 - 2022-12-13 06:27 - 000169512 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2023-09-26 14:58 - 2022-12-13 06:27 - 000148520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2023-09-26 14:57 - 2023-09-26 14:57 - 131458368 _____ (NVIDIA Corporation) C:\Users\guilh\Downloads\GeForce_Experience_v3.27.0.112.exe 2023-09-26 14:57 - 2023-09-26 14:57 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:57 - 2023-09-26 14:57 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2023-09-26 14:57 - 2022-10-14 04:06 - 000059928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2023-09-26 14:57 - 2022-07-13 20:32 - 000060112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2023-09-26 13:52 - 2023-09-26 13:52 - 000000000 ____D C:\Users\guilh\AppData\Local\UnrealEngine 2023-09-26 13:52 - 2023-09-26 13:52 - 000000000 ____D C:\Users\guilh\AppData\Local\StateOfDecay2 2023-09-26 13:33 - 2023-09-26 13:33 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2023-09-26 11:35 - 2023-09-26 11:35 - 000000000 ____D C:\ProgramData\Tencent 2023-09-26 11:34 - 2023-09-26 11:34 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Tencent 2023-09-26 11:34 - 2023-09-26 11:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeChat 2023-09-26 11:33 - 2023-09-26 11:33 - 000000000 ____D C:\Program Files\Tencent 2023-09-26 11:30 - 2023-09-26 11:31 - 000000000 ____D C:\Users\guilh\AppData\Roaming\iTop Data Recovery 2023-09-26 11:30 - 2023-09-26 11:30 - 000000000 ____D C:\ProgramData\ProductData3 2023-09-26 11:29 - 2023-09-26 11:29 - 028452408 _____ (IObit ) C:\Users\guilh\Downloads\iobituninstaller.exe 2023-09-26 11:20 - 2023-09-26 11:20 - 000114088 _____ C:\Users\guilh\Downloads\darf.pdf 2023-09-26 11:19 - 2023-09-28 16:55 - 000000000 ____D C:\Users\guilh\AppData\LocalLow\Temp 2023-09-26 11:05 - 2023-10-03 08:24 - 000000000 ____D C:\FRST 2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Downloads\FRST64.exe 2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Desktop\FRST64.exe 2023-09-26 11:01 - 2023-09-26 11:01 - 000011461 _____ C:\Users\guilh\Desktop\ZHPCleaner (R).html 2023-09-26 11:00 - 2023-09-26 11:00 - 000011172 _____ C:\Users\guilh\Desktop\ZHPCleaner (S).html 2023-09-26 10:51 - 2023-09-26 11:01 - 000000000 ____D C:\Users\guilh\AppData\Roaming\ZHP 2023-09-26 10:51 - 2023-09-26 10:52 - 000000875 _____ C:\Users\guilh\Desktop\ZHPCleaner.lnk 2023-09-26 10:51 - 2023-09-26 10:51 - 003343008 _____ (Nicolas Coolman) C:\Users\guilh\Downloads\ZHPCleaner.exe 2023-09-26 10:51 - 2023-09-26 10:51 - 000000000 ____D C:\Users\guilh\AppData\Local\ZHP 2023-09-26 10:46 - 2023-09-26 10:50 - 000000000 ____D C:\AdwCleaner 2023-09-26 10:44 - 2023-09-26 10:44 - 008791352 _____ (Malwarebytes) C:\Users\guilh\Downloads\adwcleaner.exe 2023-09-26 10:43 - 2023-09-26 13:26 - 000000000 ____D C:\Users\guilh\AppData\Local\Steam 2023-09-26 10:42 - 2023-09-27 18:38 - 000000000 ____D C:\Program Files (x86)\Steam 2023-09-26 10:42 - 2023-09-26 10:42 - 002296488 _____ C:\Users\guilh\Downloads\SteamSetup.exe 2023-09-26 10:42 - 2023-09-26 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2023-09-26 06:54 - 2023-09-26 06:54 - 004847296 _____ (Husdawg, LLC) C:\Users\guilh\Downloads\Detection.exe 2023-09-22 16:20 - 2023-09-22 16:20 - 002601711 _____ C:\Users\guilh\Downloads\USO DE MÉTODOS OFICIAIS_DIURNO.pdf 2023-09-20 16:32 - 2023-09-20 16:32 - 000082065 _____ C:\Users\guilh\Downloads\extrato_conta.pdf 2023-09-13 08:23 - 2023-09-13 08:23 - 000000000 ____D C:\Users\guilh\Documents\Modelos Personalizados do Office 2023-09-13 08:22 - 2023-09-13 08:22 - 000560409 _____ C:\Users\guilh\Downloads\3- 2023 Lista Consolidada DCB jul.xlsx 2023-09-12 19:05 - 2023-10-02 16:15 - 000000000 ____D C:\Users\guilh\AppData\Local\CrashDumps 2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files\EaseUS 2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files (x86)\EaseUS 2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\Users\guilh\AppData\Local\Opera Software 2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\ProgramData\SystemAcCrux 2023-09-12 19:05 - 2022-12-29 13:34 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\EPMVolFl0.sys 2023-09-12 19:04 - 2023-09-12 19:05 - 077004880 _____ (EaseUS ) C:\Users\guilh\Downloads\epm17.9_free_B.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 001966984 _____ C:\Users\guilh\Downloads\epm_free_installer.793248.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 001767600 _____ ( ) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer_R-sI6W1.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 000098304 _____ (Hewlett-Packard Company) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Opera Software 2023-09-12 19:00 - 2023-09-12 18:59 - 000082696 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfesec.sys 2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\WPSInstallerTemp1 2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2023-09-07 10:46 - 2023-09-07 10:46 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\PowerPoint 2023-09-07 09:49 - 2023-10-02 09:06 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Excel 2023-09-06 10:49 - 2023-09-06 10:49 - 000120029 _____ C:\Users\guilh\Downloads\Escitalopram.pdf 2023-09-05 09:44 - 2023-09-21 08:25 - 000003446 _____ C:\Windows\SysWOW64\pubfreeware.ini 2023-09-05 09:14 - 2023-09-05 09:14 - 000000000 ____D C:\Users\guilh\AppData\Local\McAfee ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-10-03 08:22 - 2023-08-22 20:49 - 000000000 ____D C:\ProgramData\NVIDIA 2023-10-03 08:22 - 2023-08-22 20:42 - 000000000 ___RD C:\Users\guilh\OneDrive 2023-10-03 08:22 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-10-03 08:22 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\AppReadiness 2023-10-03 08:22 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-10-02 15:19 - 2023-08-22 21:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2023-10-02 15:19 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemTemp 2023-10-02 09:46 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\D3DSCache 2023-10-02 09:44 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps 2023-10-02 09:02 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Word 2023-10-02 08:29 - 2023-08-22 20:47 - 001682102 _____ C:\Windows\system32\PerfStringBackup.INI 2023-10-02 08:29 - 2022-05-07 02:22 - 000000000 ____D C:\Windows\INF 2023-10-02 08:21 - 2023-08-22 20:33 - 000012288 ___SH C:\DumpStack.log.tmp 2023-10-02 08:21 - 2023-08-22 20:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-10-02 08:21 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ServiceState 2023-10-02 08:21 - 2022-05-07 02:17 - 000524288 _____ C:\Windows\system32\config\BBI 2023-10-02 08:19 - 2023-08-22 20:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-29 08:01 - 2023-08-22 21:22 - 000000000 ____D C:\ProgramData\ProductData 2023-09-28 10:25 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\Packages 2023-09-27 15:15 - 2022-05-07 02:17 - 000000000 ____D C:\Windows\CbsTemp 2023-09-27 14:48 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Office 2023-09-27 14:18 - 2023-08-22 21:35 - 000000000 ___HD C:\Perform 2023-09-26 15:00 - 2023-08-22 20:49 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2023-09-26 14:58 - 2023-08-22 21:15 - 000000000 ____D C:\Users\guilh\AppData\Local\NVIDIA 2023-09-26 14:58 - 2023-08-22 20:49 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2023-09-26 14:58 - 2023-08-22 20:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2023-09-26 14:58 - 2023-08-22 20:39 - 000000000 ____D C:\Users\guilh 2023-09-26 13:51 - 2023-08-22 20:47 - 000000000 ____D C:\ProgramData\Package Cache 2023-09-26 11:35 - 2023-08-23 18:44 - 000000000 ____D C:\Users\guilh\Documents\WeChat Files 2023-09-26 11:31 - 2023-08-22 21:23 - 000000000 ____D C:\ProgramData\iTop 2023-09-26 11:30 - 2023-08-22 21:22 - 000000000 ____D C:\Program Files (x86)\IObit 2023-09-26 11:17 - 2023-08-22 21:21 - 000000000 ____D C:\ProgramData\IObit 2023-09-26 11:15 - 2023-08-22 21:12 - 000000000 ____D C:\ProgramData\Acer 2023-09-26 11:14 - 2023-08-23 18:33 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-09-26 11:01 - 2023-08-22 21:16 - 000000000 ____D C:\Users\guilh\AppData\Local\Google 2023-09-26 11:00 - 2023-08-22 21:18 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome 2023-09-26 10:50 - 2023-08-22 21:21 - 000000000 ____D C:\Users\guilh\AppData\Roaming\IObit 2023-09-26 10:50 - 2023-08-22 21:12 - 000000000 ____D C:\Program Files (x86)\Acer 2023-09-25 18:11 - 2023-08-22 20:35 - 000000000 ____D C:\ProgramData\Packages 2023-09-25 14:20 - 2023-08-22 21:51 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-09-20 19:15 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\NDF 2023-09-18 09:31 - 2023-08-22 21:35 - 000000000 ___HD C:\Netframework.4.5.2 2023-09-18 09:22 - 2023-08-23 00:27 - 000000000 ____D C:\Windows\system32\MRT 2023-09-18 09:20 - 2023-08-23 00:27 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-09-18 09:20 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\AppLocker 2023-09-18 09:19 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate 2023-09-17 22:36 - 2023-08-22 21:48 - 000000000 ____D C:\Program Files\Microsoft Office 2023-09-17 22:35 - 2023-08-22 20:33 - 000496264 _____ C:\Windows\system32\FNTCACHE.DAT 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\UUS 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemResources 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\oobe 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\Dism 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\appraiser 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellExperiences 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellComponents 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Provisioning 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\bcastdvr 2023-09-17 20:51 - 2023-08-22 20:37 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-09-17 20:46 - 2023-08-23 00:24 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2023-09-13 08:21 - 2023-08-22 22:11 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\UProof 2023-09-13 08:16 - 2023-09-01 18:53 - 000000000 ____D C:\ProgramData\McAfee 2023-09-13 08:15 - 2023-09-01 18:59 - 000000000 ____D C:\Program Files\McAfee 2023-09-12 20:49 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Registration 2023-09-12 19:04 - 2022-05-07 02:24 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-09-12 19:04 - 2022-05-07 02:17 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-09-12 19:03 - 2023-09-01 18:59 - 000000000 ____D C:\Windows\system32\Tasks\McAfee 2023-09-12 19:00 - 2023-08-22 21:16 - 000002498 _____ C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-09-05 10:09 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\Panther 2023-09-05 09:00 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\Drivers\wd ==================== Arquivos na raiz de alguns diretórios ======== 2023-09-01 18:53 - 2023-09-01 19:07 - 000000051 _____ () C:\Users\guilh\AppData\Roaming\MCVi2UserDetail.ini 2023-08-22 21:35 - 2023-08-22 21:35 - 000000410 _____ () C:\Users\guilh\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (03-10-2023 08:24:55) Executando a partir de C:\Users\guilh\Desktop Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) (2023-08-22 23:35:07) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-1468474341-1498967642-3512864176-500 - Administrator - Disabled) Convidado (S-1-5-21-1468474341-1498967642-3512864176-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1468474341-1498967642-3512864176-503 - Limited - Disabled) guilh (S-1-5-21-1468474341-1498967642-3512864176-1001 - Administrator - Enabled) => C:\Users\guilh WDAGUtilityAccount (S-1-5-21-1468474341-1498967642-3512864176-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: McAfee (Enabled - Up to date) {17E6E93C-6841-5FC7-DEB8-480FDC929279} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.) Coremail Client V4.0 version 4.0.1.699 (HKLM\...\CMClient_is1) (Version: 4.0.1.699 - ) Documentos (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\547329c748b021098adbb041e9997af7) (Version: 1.0 - Google\Chrome) Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.6.0 - IObit) DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated) Dynamic Application Loader Host Interface Service (HKLM\...\{B31B8E7F-3C96-4A05-887F-78F3DB1E2FC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden Gmail (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\a3baf68a4cbc856ea0b6f162cafbe8a3) (Version: 1.0 - Google\Chrome) Google Chrome (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC) Google Drive (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\92561bab538146c8d23631a9655f2def) (Version: 1.0 - Google\Chrome) Gunbound Gitz World Champion versão 12 (HKLM-x32\...\{86521E8E-7AE9-41BA-9C01-ABA51C86DC43}_is1) (Version: 12 - GitzWC, Inc.) Intel(R) Chipset Device Software (HKLM\...\{B7BE54CB-2BAB-458E-99FF-46067A9D451E}) (Version: 10.1.18950.8297 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{128196ab-db0f-4c9e-b603-9c8d8b59934d}) (Version: 10.1.18950.8297 - Intel(R) Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2239.3.33.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{6633DA0D-F56A-42E4-9599-D37A640CAF36}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{C71B56FC-8255-4226-B3E4-6B81288A6A0B}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) ME WMI Provider (HKLM\...\{64528C16-C80F-4935-AF3A-946B86EB3EEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden McAfee (HKLM\...\McAfee.WPS) (Version: 1.11.279.1 - McAfee, LLC) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft 365 Apps para Grandes Empresas - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.47 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Teams) (Version: 1.6.00.11166 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29334 (HKLM\...\{2E11EF4E-901F-4B2D-B68E-3DB2A566C857}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29334 (HKLM\...\{8A3F7D5B-422D-49D9-84F7-8DC1B7782967}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden NitroSense Service (HKLM\...\{6FC78E80-6385-43D6-8A43-FA80094F1A2E}) (Version: 3.01.3052 - Acer Incorporated) NVIDIA Driver de áudio HD 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation) NVIDIA Driver de gráficos 512.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.74 - NVIDIA Corporation) NVIDIA FrameView SDK 1.3.8513.32290073 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8513.32290073 - NVIDIA Corporation) NVIDIA GeForce Experience 3.27.0.112 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.27.0.112 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9309.1 - Realtek Semiconductor Corp.) Sheets (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\729e688ab6880be61f3228ca532f5f97) (Version: 1.0 - Google\Chrome) Slides (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\7457603eb1d7d66885433bf216ff532c) (Version: 1.0 - Google\Chrome) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.11166 - Microsoft Corporation) WebAdvisor da McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.836 - McAfee, LLC) WeChat (HKLM-x32\...\WeChat) (Version: 3.9.6.33 - 腾讯科技(深圳)有限公司) WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH) YouTube (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\63c9d49a6b2c600986bb89cb0948ddcd) (Version: 1.0 - Google\Chrome) Packages: ========= Acer Purified Voice Console (R) -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPurifiedVoiceConsoleR_1.0.5.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated) AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt [2023-09-17] (INTEL CORP) [Startup Task] Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3054.0_x64__48frkmn4z8aw4 [2023-08-22] (Acer Incorporated) Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-23] (Microsoft Corporation) DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2023.3.13.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.) DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.14.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.) Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1122.329.0_x64__rh07ty8m5nkag [2023-08-22] (Rivet Networks LLC) [Startup Task] McAfee® Security -> C:\Program Files\McAfee\WPS\1.11.279.1 [2023-09-12] () Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.) Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation) NitroSense_V31 -> C:\Program Files\WindowsApps\AcerIncorporated.NitroSenseV31_3.1.3052.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-22] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.294.0_x64__dt26b99r8h8gj [2023-09-05] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-01] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0 [2023-09-29] (Spotify AB) [Startup Task] WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.) WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.986.611.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corp.) Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation) Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation) Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-17] (Microsoft Corporation) WinRAR -> C:\Program Files\WinRAR [2023-08-22] (win.rar GmbH) ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97}\localserver32 -> C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> ) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\guilh\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\116.0.5845.188\notification_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.292\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\guilh\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\nvshext.dll [2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Docs.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Documentos.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Gmail.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Google Drive.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Sheets.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Slides.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\YouTube.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ==================== Módulos Carregados (Whitelisted) ============= 2015-03-17 06:34 - 2015-03-17 06:34 - 000010240 _____ () [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\acrotray.ptb 2020-03-06 06:11 - 2020-03-06 06:11 - 000240640 _____ () [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pt_BR\Adobe Send\SendAsLinkX.PTB 2020-03-06 06:11 - 2020-03-06 06:11 - 000048128 _____ () [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pt_br\PDFMaker\PDFMOutlookAddin.PTB 2020-03-06 06:11 - 2020-03-06 06:11 - 000056320 _____ (Adobe Systems Incorporated) [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Locale\pt_br\Adobe Send\SendAsLinkAddin.PTB 2023-08-22 21:49 - 2023-08-22 21:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2023-08-22 21:49 - 2023-08-22 21:49 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\sharepoint.com -> hxxps://1bws5l-files.sharepoint.com ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2022-05-07 02:24 - 2022-05-07 02:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\guilh\Downloads\wallpaperbetter.com_1920x1080.jpg DNS Servers: 181.213.132.2 - 181.213.132.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{0DB1086F-4957-4369-93AC-390549F7BFDE}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{0C9C79F2-F01C-4673-86A8-CC036C066A5E}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{EDED9318-F314-42D9-8CC2-2B4B28C31208}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [UDP Query User{B66739E9-ED05-4110-969E-F71D1300A692}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{0B0B1317-5FE3-4B50-8C19-4EADEBC2417B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{C4FF3C49-FB51-4545-A9F4-93F3C96A4035}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{4299937C-71F9-4F65-998E-EEB79EF50591}C:\gitzwc\gitzgame.gme] => (Allow) C:\gitzwc\gitzgame.gme (Porsche Consulting Ltda -> Softnyx) FirewallRules: [UDP Query User{C56481BD-8DD6-4181-A32E-04D56A9E74F5}C:\gitzwc\gitzgame.gme] => (Allow) C:\gitzwc\gitzgame.gme (Porsche Consulting Ltda -> Softnyx) FirewallRules: [{D10FFBCD-A284-4B75-9A3D-7C87B4929D10}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C1302C81-1F1D-4050-A32A-B96DADAA38FE}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5031A343-33F8-47E1-9212-B52796A35350}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3AC88E56-14E1-4C77-96DA-E92C3FBD8BFC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{EBB3B7C1-628E-4760-935E-1C9B5F27BCA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{B8050E1A-1353-40AD-AD24-A3F34AD34D42}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E15779B8-E89D-4658-BAE8-0EA5A29BF0C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{270C1E7B-A12C-4E6B-8629-157B8AB62455}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6309F9B1-227B-407C-9F23-6FE3C8DD5075}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{DA762B30-FE27-4C94-B82B-3D7556781753}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{F209C1EC-D0BE-40CB-BB83-BC14E874F270}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{D1535F5B-5CC0-4221-AE5C-F8CAD686D9ED}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.221.1104.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{A90CCA73-BA19-4502-AFD6-B02C4CDE21E3}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Pontos de Restauração ========================= 21-09-2023 08:25:40 Windows Update 21-09-2023 08:25:48 Windows Update 26-09-2023 11:00:27 ZHPcleaner 26-09-2023 11:30:53 WeChat restore point 27-09-2023 12:34:41 Restore Point Created by FRST 27-09-2023 14:18:15 Restore Point Created by FRST 27-09-2023 14:18:23 Restore Point Created by FRST 27-09-2023 15:15:22 Instalador de Módulos do Windows 27-09-2023 16:37:24 Ponto de restauração do PC Repair 27-09-2023 16:52:50 Ponto de restauração do PC Repair 29-09-2023 13:20:06 Restore Point Created by FRST 02-10-2023 08:20:49 Restore Point Created by FRST ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (10/02/2023 04:15:26 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23247.1113.2398.2671, carimbo de data/hora: 0x650d683e Nome do módulo com falha: msteamsupdate.exe, versão: 23247.1113.2398.2671, carimbo de data/hora: 0x650d683e Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000006885f ID do processo com falha: 0x0x41bc Hora de início do aplicativo com falha: 0x0x1d9f564bdee29e1 Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe ID do Relatório: 3d4de099-0812-4ede-87b6-8165389ff145 Nome completo do pacote com falha: MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (10/02/2023 01:48:02 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23247.1113.2398.2671, carimbo de data/hora: 0x650d683e Nome do módulo com falha: msteamsupdate.exe, versão: 23247.1113.2398.2671, carimbo de data/hora: 0x650d683e Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000063ddb ID do processo com falha: 0x0x2d3c Hora de início do aplicativo com falha: 0x0x1d9f55033e86f8e Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe\msteamsupdate.exe ID do Relatório: 350fff20-bfb2-43c4-b195-f6d9361e5b3a Nome completo do pacote com falha: MicrosoftTeams_23247.1113.2398.2671_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (10/02/2023 08:24:20 AM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x1194 Hora de início do aplicativo com falha: 0x0x1d9f52296237137 Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: 43a76586-9877-4ebd-9b98-ad9814b882d8 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (10/02/2023 08:20:49 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Erro do Serviço de Cópias de Sombra de Volume: erro inesperado ao consultar a interface IVssWriterCallback. hr = 0x80070005, Acesso negado. . Muitas vezes, isso é causado por configurações de segurança incorretas no processo gravador ou solicitante. Operação: Obtendo Dados do Gravador Contexto: Id de Classe de Gravador: {e8132975-6f93-4464-a53e-1050253ae220} Nome do Gravador: System Writer ID de Instância de Gravador: {713f0ae9-cfeb-4d0c-8d7d-096c18ee58a5} Error: (09/29/2023 02:53:56 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: gitzgame.gme, versão: 0.0.2.40, carimbo de data/hora: 0x7375705f Nome do módulo com falha: gitzgame.gme, versão: 0.0.2.40, carimbo de data/hora: 0x7375705f Código de exceção: 0xc0000005 Deslocamento da falha: 0x000c7df0 ID do processo com falha: 0x0x3fe4 Hora de início do aplicativo com falha: 0x0x1d9f2f1dc071904 Caminho do aplicativo com falha: C:\GitzWC\gitzgame.gme Caminho do módulo com falha: C:\GitzWC\gitzgame.gme ID do Relatório: 000f860f-0741-44a4-95a4-588e45966b5f Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/29/2023 01:26:36 PM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x37d4 Hora de início do aplicativo com falha: 0x0x1d9f2f179b23ce8 Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: dc950cca-75a5-456f-92c7-ab7af7179cf3 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/29/2023 01:24:30 PM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x3a18 Hora de início do aplicativo com falha: 0x0x1d9f2f0f3c95f60 Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: 892c248f-b10f-4db4-b182-da7023f72663 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/29/2023 01:21:00 PM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x114c Hora de início do aplicativo com falha: 0x0x1d9f2f0e6881fe3 Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: 19fd93f7-f6fb-4c18-9519-94fe79673c71 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Erros de Sistema: ============= Error: (10/03/2023 08:24:03 AM) (Source: DCOM) (EventID: 10010) (User: GUIVERMELHO) Description: O servidor {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/02/2023 08:24:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço McAfee Framework Host foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (10/02/2023 08:21:29 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: O serviço Intel(R) Audio Service terminou com o seguinte erro específico de serviço: A operação foi concluída com êxito. Error: (10/02/2023 08:21:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: O serviço Serviço de Compartilhamento de Rede do Windows Media Player terminou com o erro: Tentativa de fazer referência a uma token não existente. Error: (10/02/2023 08:21:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT) Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\IntelIHVRouter12.dll Error: (10/02/2023 08:21:08 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT) Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\system32\IntelIHVRouter12.dll Error: (10/02/2023 08:21:04 AM) (Source: DCOM) (EventID: 10010) (User: GUIVERMELHO) Description: O servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} não se registrou no DCOM dentro do tempo limite necessário. Error: (10/02/2023 08:21:04 AM) (Source: DCOM) (EventID: 10010) (User: GUIVERMELHO) Description: O servidor {F9717507-6651-4EDB-BFF7-AE615179BCCF} não se registrou no DCOM dentro do tempo limite necessário. Windows Defender: ================ Date: 2023-10-02 12:52:13 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {7F5E270C-D100-4D60-88D3-38CD655419B0} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2023-08-23 06:48:13 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Contebrew.A!ml&threatid=251873&enterprise=0 Nome: Program:Win32/Contebrew.A!ml Gravidade: Alto Categoria: Modificador de Configurações Caminho: file:_C:\Users\guilh\Downloads\Adobe.Acrobat.Pro.DC.v2022.001.20085.exe Origem da Detecção: Computador local Tipo da Detecção: FastPath Fonte da Detecção: Proteção em Tempo Real Usuário: GuiVermelho\guilh Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.395.1105.0, AS: 1.395.1105.0, NIS: 1.395.1105.0 Versão do Mecanismo: AM: 1.1.23070.1005, NIS: 1.1.23070.1005  CodeIntegrity: =============== Date: 2023-10-03 08:24:22 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.11.279.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: Insyde Corp. V2.05 04/12/2023 placa-mãe: ADL Jimny_ADH Processador: 12th Gen Intel(R) Core(TM) i5-12450H Percentagem de memória em uso: 73% RAM física total: 7901.05 MB RAM física disponível: 2054.71 MB Virtual Total: 12509.05 MB Virtual disponível: 4696.71 MB ==================== Drives ================================ Drive () (Fixed) (Total:397.15 GB) (Free:284.87 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS Drive d: (WINDRIVER) (Fixed) (Total:20 GB) (Free:5.64 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS \\?\Volume{babfb7f2-327b-47f8-bc2c-f4b7eabdc326}\ (EFI) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 0FC3CF86) Partition: GPT. ==================== Fim de Addition.txt =======================
  6. Guilherme Vermelho
    Bom dia, Segue o log. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (02-10-2023 08:20:48) Run:4 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: StartBatch: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig" /s reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s EndBatch: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========= Batch: ========= HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneDrive REG_SZ "C:\Program Files\Microsoft OneDrive\OneDrive.exe" /background Google Update REG_SZ "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D REG_SZ "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\state ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SecurityHealth REG_EXPAND_SZ %windir%\system32\SecurityHealthSystray.exe RtkAudUService REG_SZ "C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe" -background AdobeGCInvoker-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" AdobeAAMUpdater-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Acrobat Assistant 8.0 REG_SZ "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" TeamsMachineInstaller REG_EXPAND_SZ %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado. ========= Fim de Batch: ========= O sistema precisou ser reiniciado. ==== Fim de Fixlog 08:21:01 ====
  7. Guilherme Vermelho
    Olá, Não encontrei o botão de SEARCH ou BUSCAR no FRST64.exe. No programa só havia as opções ANALISAR, PESQUISAR ARQUIVOS, PESQUISAR REGISTRO e CORRIGIR. Realizei o mesmo procedimento da etapa anterior, clicando na opção de CORRIGIR. Ao finalizar o procedimento, o computador foi reiniciado e o erro Audio.exe persiste. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (29-09-2023 13:20:05) Run:3 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: StartBatch: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig" /s reg query "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s EndBatch: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========= Batch: ========= HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run OneDrive REG_SZ "C:\Program Files\Microsoft OneDrive\OneDrive.exe" /background Google Update REG_SZ "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D REG_SZ "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\msconfig\state ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SecurityHealth REG_EXPAND_SZ %windir%\system32\SecurityHealthSystray.exe RtkAudUService REG_SZ "C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe" -background AdobeGCInvoker-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe" AdobeAAMUpdater-1.0 REG_SZ "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run Acrobat Assistant 8.0 REG_SZ "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" TeamsMachineInstaller REG_EXPAND_SZ %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS ERRO: O sistema nÆo p“de localizar a chave do Registro ou valor especificado. ========= Fim de Batch: ========= O sistema precisou ser reiniciado. ==== Fim de Fixlog 13:20:16 ====
  8. Guilherme Vermelho
    Olá, Testei com as duas opções, PESQUISAR ARQUIVOS e PESQUISAR REGISTRO. Segue o Log do PESQUISAR ARQUIVOS Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (28-09-2023 14:20:13) Executando a partir de C:\Users\guilh\Desktop Modo da Inicialização: Normal ================== Pesquisar Arquivos: "SearchAll: audio.exe,grservices.exe" ============= Arquivo: ======== pasta: ======== Registro: ======== ====== Fim de Pesquisar ====== Segue o log do PESQUISAR REGISTRO Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (28-09-2023 14:23:51) Executando a partir de C:\Users\guilh\Desktop Modo da Inicialização: Normal ================== Pesquisar Registro: "SearchAll: audio.exe,grservices.exe" =========== ====== Fim de Pesquisar ======
  9. Guilherme Vermelho
    Olá, Não encontrei o botão de SEARCH ou BUSCAR no FRST64.exe. No programa só havia as opções ANALISAR, PESQUISAR ARQUIVOS, PESQUISAR REGISTRO e CORRIGIR. Realizei o mesmo procedimento da etapa anterior, clicando na opção de CORRIGIR. Ao finalizar o procedimento, o computador foi reiniciado e o erro Audio.exe persiste. Não recebi mais o erro "grservices.exe". Segue o log gerado: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (27-09-2023 14:18:14) Run:2 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: C:\Perform\system.vbs C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk SearchAll: audio.exe,grservices.exe CMD: ipconfig /flushdns CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. C:\Perform\system.vbs => movido com sucesso C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk => movido com sucesso SearchAll: audio.exe,grservices.exe => Erro: Nenhuma correção automática foi encontrada para esta entrada. ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= Ponto de Restauração criado com sucesso. O sistema precisou ser reiniciado. ==== Fim de Fixlog 14:18:28 ====
  10. Guilherme Vermelho
    Bom dia, Obrigado pela ajuda! Ao fim da correção o computador foi reiniciado e quando foi iniciado recebi as mesmas mensagens de erro. Segue o log gerado: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (27-09-2023 12:34:41) Run:1 Executando a partir de C:\Users\guilh\Desktop Perfis Carregados: guilh Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: File: C:\Perform\system.vbs File: C:\Netframework.4.5.2\Audio system.vbs File: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk File: C:\Program Files\cmclient\CMClient.exe HKLM-x32\...\Run: [] => [X] S2 ACCSvc; "C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe" [X] Task: {AB28516B-FCD3-481C-8EDA-D26FA8816B97} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (Nenhum Arquivo) Task: {03768D52-5397-46F6-9404-AC20EC436D5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Nenhum Arquivo) Task: {65532448-C145-49C5-B05D-389973E60B07} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {CF26937B-FE54-41A5-B8A3-D5986CF41D59} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {AF75F4D6-2296-498C-B976-586DCC5CFD9A} - System32\Tasks\audio system => C:\Perform\update.vbs (Nenhum Arquivo) Task: {0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D} - System32\Tasks\Driver Booster SkipUAC (guilh) => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\DriverBooster.exe [8966120 2023-07-27] (IObit CO., LTD -> IObit) Task: {1866B25B-8067-4F5F-8B61-D3B8888F581C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\AutoUpdate.exe [2516968 2023-06-13] (IObit CO., LTD -> IObit) Task: {C59F40E0-7B31-49F5-8CC4-8BF0537D2407} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Nenhum Arquivo) Task: {5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (Nenhum Arquivo) Task: {C8C25885-F528-475C-8C7D-C61CD10197D5} - System32\Tasks\iTop Summer Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopsump23.exe" /sum (Nenhum Arquivo) Task: {475868C0-5FC0-427B-B5AB-3472F6BF6892} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {88D56762-D568-4F5B-A809-C403A6C827A3} - System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\WPS\1.11.279.1\dad\mc-dad.exe [4379528 2023-09-12] (McAfee, LLC -> McAfee, LLC) Task: {C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A155A82B-9E51-48CF-A477-D10075016515} - System32\Tasks\McAfee\WPS\McAfee Sustainability => C:\Program Files\McAfee\WPS\1.11.279.1\sustainability\mc-sustainability.exe [778816 2023-09-12] (McAfee, LLC -> McAfee, LLC) Task: {5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {1283FDD0-291D-4775-A11D-2B6EE2D9A2DA} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {B54F2BA6-417F-437E-B81C-265EE5A1C6B3} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {56EFF8C7-F360-4B48-B402-1ABF6763AB84} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {2BB25299-DD12-4A55-A8F2-871A76A0A421} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2} Task: {7E4F884A-4B65-4572-95C8-75A72035EC76} - System32\Tasks\McAfee\WPS\WPSPush => \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe [819400 2023-09-12] (McAfee, LLC -> ) Task: {470FD3C7-F7B6-430C-9160-31C3D0723EF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {89DB786A-3BCD-4ED9-9A28-4E689B55B665} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {7DD50F2E-9467-4B35-8754-5F0DC7FB8A26} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {71136401-2E5A-477F-8C50-D95564CDEA05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {EA0F5D0F-DBA1-46DC-B35A-FE00325EF813} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-22] (Microsoft Corporation -> Microsoft Corporation) Task: {7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-09-17] (Microsoft Windows -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Nenhum Arquivo) Task: {A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3} - System32\Tasks\NitroSense => C:\Program Files\Acer\NitroSense Service\PSLauncher.exe [609640 2023-01-05] (Acer Incorporated -> Acer Incorporated) Task: {C937BDAE-E1AF-438E-BF9D-115E21D7BB91} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {EF5DDFC7-50BD-4989-B899-33CC98D12EA6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {4CB4A7E3-1E03-42BB-AE20-88C0F397B181} - System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\guilh\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {37E30BB7-8F3B-4D5D-AB99-07F690D33DCC} - System32\Tasks\Opera scheduled Autoupdate 1694556305 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo) Task: {1F1F8B45-A057-40EF-80B6-113D793A9A7A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-02] (Acer Incorporated -> Acer Incorporated) CMD: ipconfig /flushdns CMD: netsh advfirewall reset CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. ========================= File: C:\Perform\system.vbs ======================== C:\Perform\system.vbs Arquivo não assinado MD5: 41E008FA98C4431C4CEBEA068FC38D05 Data de criação e modificação: 2023-08-22 21:35 - 2022-03-31 01:58 Tamanho: 000000075 Atributos: ---AH Nome Da Empresa: Interno Nome: Original Nome: Produto: Descrição: Arquivo Versão: Produto Versão: Copyright: VirusTotal: https://www.virustotal.com/gui/file/f1693021ac9058a21c7c2836f38aa4c3e35c34cacb61ecbe6844ea46d3222a08/detection/f-f1693021ac9058a21c7c2836f38aa4c3e35c34cacb61ecbe6844ea46d3222a08-1694813476 ====== Fim de File: ====== ========================= File: C:\Netframework.4.5.2\Audio system.vbs ======================== C:\Netframework.4.5.2\Audio system.vbs Arquivo não assinado MD5: 261EBC81437C78656A3E089EEF3FBE0B Data de criação e modificação: 2023-08-22 21:35 - 2023-01-29 22:20 Tamanho: 000000146 Atributos: ----A Nome Da Empresa: Interno Nome: Original Nome: Produto: Descrição: Arquivo Versão: Produto Versão: Copyright: VirusTotal: https://www.virustotal.com/gui/file/b5fdf55c965f25abfc79009b5764106fbf9e55fa56f1d559b1a173e4850dc00e/detection/f-b5fdf55c965f25abfc79009b5764106fbf9e55fa56f1d559b1a173e4850dc00e-1692882467 ====== Fim de File: ====== ========================= File: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk ======================== C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk Arquivo não assinado MD5: 59E5E63C66D400F6C1AF35DCC1C7702A Data de criação e modificação: 2023-08-22 21:35 - 2023-09-18 09:41 Tamanho: 000000740 Atributos: ----A Nome Da Empresa: Interno Nome: Original Nome: Produto: Descrição: Arquivo Versão: Produto Versão: Copyright: VirusTotal: 0 ====== Fim de File: ====== ========================= File: C:\Program Files\cmclient\CMClient.exe ======================== C:\Program Files\cmclient\CMClient.exe O arquivo é assinado digitalmente MD5: FA953E3714AE54DF88FF18B90220F4BA Data de criação e modificação: 2023-08-22 22:05 - 2023-07-29 15:25 Tamanho: 033426480 Atributos: ----A Nome Da Empresa: 广东盈世计算机科技有限公司 -> Interno Nome: Original Nome: Produto: Descrição: Arquivo Versão: Produto Versão: Copyright: VirusTotal: https://www.virustotal.com/gui/file/0ba87b1eb30d56e221479368568e6d6e9f13148e2d3bcd2f43a11daf18e228ac/detection/f-0ba87b1eb30d56e221479368568e6d6e9f13148e2d3bcd2f43a11daf18e228ac-1693544730 ====== Fim de File: ====== "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\ACCSvc => removido (a) com sucesso. ACCSvc => o serviço removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB28516B-FCD3-481C-8EDA-D26FA8816B97}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB28516B-FCD3-481C-8EDA-D26FA8816B97}" => removido (a) com sucesso. C:\Windows\System32\Tasks\ACC => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACC" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03768D52-5397-46F6-9404-AC20EC436D5C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03768D52-5397-46F6-9404-AC20EC436D5C}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65532448-C145-49C5-B05D-389973E60B07}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65532448-C145-49C5-B05D-389973E60B07}" => removido (a) com sucesso. C:\Windows\System32\Tasks\AdobeGCInvoker-1.0 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeGCInvoker-1.0" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF26937B-FE54-41A5-B8A3-D5986CF41D59}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF26937B-FE54-41A5-B8A3-D5986CF41D59}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe-Genuine-Software-Integrity-Scheduler-1.0" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AF75F4D6-2296-498C-B976-586DCC5CFD9A}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF75F4D6-2296-498C-B976-586DCC5CFD9A}" => removido (a) com sucesso. C:\Windows\System32\Tasks\audio system => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\audio system" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Driver Booster SkipUAC (guilh) => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (guilh)" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1866B25B-8067-4F5F-8B61-D3B8888F581C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1866B25B-8067-4F5F-8B61-D3B8888F581C}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Driver Booster Update => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Update" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C59F40E0-7B31-49F5-8CC4-8BF0537D2407}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C59F40E0-7B31-49F5-8CC4-8BF0537D2407}" => removido (a) com sucesso. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50}" => removido (a) com sucesso. C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C8C25885-F528-475C-8C7D-C61CD10197D5}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8C25885-F528-475C-8C7D-C61CD10197D5}" => removido (a) com sucesso. C:\Windows\System32\Tasks\iTop Summer Task (One-Time) => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iTop Summer Task (One-Time)" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{475868C0-5FC0-427B-B5AB-3472F6BF6892}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{475868C0-5FC0-427B-B5AB-3472F6BF6892}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\amwebapitriggertask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\amwebapitriggertask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88D56762-D568-4F5B-A809-C403A6C827A3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D56762-D568-4F5B-A809-C403A6C827A3}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\DAD.WPS.Execute.Updates" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\datupdatetask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\datupdatetask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A155A82B-9E51-48CF-A477-D10075016515}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A155A82B-9E51-48CF-A477-D10075016515}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\McAfee Sustainability => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\McAfee Sustainability" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\mcpcoscanner => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\mcpcoscanner" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1283FDD0-291D-4775-A11D-2B6EE2D9A2DA}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1283FDD0-291D-4775-A11D-2B6EE2D9A2DA}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\NGMCadence => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\NGMCadence" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B54F2BA6-417F-437E-B81C-265EE5A1C6B3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B54F2BA6-417F-437E-B81C-265EE5A1C6B3}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\odsscheduledtask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\odsscheduledtask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{56EFF8C7-F360-4B48-B402-1ABF6763AB84}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56EFF8C7-F360-4B48-B402-1ABF6763AB84}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\systemrebootedtask => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\systemrebootedtask" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BB25299-DD12-4A55-A8F2-871A76A0A421}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BB25299-DD12-4A55-A8F2-871A76A0A421}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\Update => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\Update" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E4F884A-4B65-4572-95C8-75A72035EC76}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E4F884A-4B65-4572-95C8-75A72035EC76}" => removido (a) com sucesso. C:\Windows\System32\Tasks\McAfee\WPS\WPSPush => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\WPS\WPSPush" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{470FD3C7-F7B6-430C-9160-31C3D0723EF0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{470FD3C7-F7B6-430C-9160-31C3D0723EF0}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89DB786A-3BCD-4ED9-9A28-4E689B55B665}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89DB786A-3BCD-4ED9-9A28-4E689B55B665}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7DD50F2E-9467-4B35-8754-5F0DC7FB8A26}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DD50F2E-9467-4B35-8754-5F0DC7FB8A26}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{71136401-2E5A-477F-8C50-D95564CDEA05}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71136401-2E5A-477F-8C50-D95564CDEA05}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA0F5D0F-DBA1-46DC-B35A-FE00325EF813}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA0F5D0F-DBA1-46DC-B35A-FE00325EF813}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Office\Office Performance Monitor => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Performance Monitor" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\AppxDeploymentClient\UCPD velocity" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3}" => removido (a) com sucesso. C:\Windows\System32\Tasks\NitroSense => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NitroSense" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C937BDAE-E1AF-438E-BF9D-115E21D7BB91}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C937BDAE-E1AF-438E-BF9D-115E21D7BB91}" => removido (a) com sucesso. C:\Windows\System32\Tasks\OneDrive Per-Machine Standalone Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Per-Machine Standalone Update Task" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF5DDFC7-50BD-4989-B899-33CC98D12EA6}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF5DDFC7-50BD-4989-B899-33CC98D12EA6}" => removido (a) com sucesso. C:\Windows\System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CB4A7E3-1E03-42BB-AE20-88C0F397B181}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CB4A7E3-1E03-42BB-AE20-88C0F397B181}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1694556311" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37E30BB7-8F3B-4D5D-AB99-07F690D33DCC}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E30BB7-8F3B-4D5D-AB99-07F690D33DCC}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1694556305 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1694556305" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F1F8B45-A057-40EF-80B6-113D793A9A7A}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F1F8B45-A057-40EF-80B6-113D793A9A7A}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Software Update Application => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Software Update Application" => removido (a) com sucesso. ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= Fim de CMD: ========= ========= DISM /Online /Cleanup-Image /RestoreHealth ========= Ferramenta de Gerenciamento e Manuten‡Æo de Imagens de Implanta‡Æo VersÆo: 10.0.22621.1 VersÆo da Imagem: 10.0.22621.2283 [== 3.8% ] [== 4.8% ] [=== 5.7% ] [=== 6.7% ] [==== 7.7% ] [===== 8.7% ] [===== 9.4% ] [====== 10.4% ] [====== 11.4% ] [======= 12.4% ] [======= 13.4% ] [======== 14.3% ] [======== 15.3% ] [========= 16.3% ] [========== 17.3% ] [========== 18.3% ] [=========== 19.2% ] [=========== 20.2% ] [============ 20.9% ] [============ 21.9% ] [============= 22.4% ] [============= 22.5% ] [============= 23.5% ] [============== 24.5% ] [============== 25.4% ] [=============== 26.4% ] [=============== 27.4% ] [================ 28.4% ] [================ 29.1% ] [================= 30.0% ] [================= 31.0% ] [================== 32.0% ] [=================== 33.0% ] [=================== 34.0% ] [==================== 34.9% ] [==================== 35.5% ] [==================== 35.8% ] [==================== 36.1% ] [===================== 37.1% ] [====================== 38.0% ] [====================== 39.0% ] [======================= 40.0% ] [======================= 40.7% ] [======================= 41.1% ] [======================== 41.6% ] [======================== 42.1% ] [======================== 42.3% ] [======================== 43.0% ] [========================= 43.7% ] [========================= 44.3% ] [========================== 45.1% ] [========================== 46.0% ] [===========================47.0% ] [===========================48.0% ] [===========================49.0% ] [===========================50.0% ] [===========================50.9% ] [===========================51.9% ] [===========================52.9% ] [===========================53.2% ] [===========================53.3% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.3% ] [===========================54.3% ] [===========================54.4% ] [===========================54.5% ] [===========================54.8% ] [===========================54.9% ] [===========================55.0% ] [===========================55.1% ] [===========================55.2% ] [===========================55.3% ] [===========================55.4% ] [===========================55.4% ] [===========================55.5% ] [===========================55.6% ] [===========================55.6% ] [===========================55.7% ] [===========================55.8% ] [===========================55.8% ] [===========================55.9% ] [===========================56.0% ] [===========================56.3% ] [===========================56.5% ] [===========================56.6% ] [===========================56.8% ] [===========================56.8% ] [===========================57.1%= ] [===========================57.1%= ] [===========================57.1%= ] [===========================57.8%= ] [===========================58.8%== ] [===========================59.5%== ] [===========================59.5%== ] [===========================62.3%==== ] [===========================77.4%============ ] [===========================84.9%================= ] [==========================100.0%==========================] Opera‡Æo de restaura‡Æo conclu¡da com ˆxito. A opera‡Æo foi conclu¡da com ˆxito. ========= Fim de CMD: ========= ========= SFC /scannow ========= Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído. Iniciando fase de verificação de verificação do sistema. Verificação 0% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 100% concluída. A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito. Para reparos online, os detalhes são incluídos no arquivo de log CBS localizado em windir\Logs\CBS\CBS.log. Por exemplo, C:\Windows\Logs\CBS\CBS.log. Para reparos offline, os detalhes são incluídos no arquivo de log fornecido pelo sinalizador /OFFLOGFILE. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== FlushDNS => completado BITS transfer queue => 0 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16925342 B Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 54427303 B Windows/system/drivers => 142143177 B Edge => 0 B Chrome => 1322279796 B Firefox => 0 B Opera => 13434917 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 11912107 B systemprofile32 => 11912129 B LocalService => 11960341 B NetworkService => 11983497 B guilh => 298996539 B RecycleBin => 54676143 B EmptyTemp: => 1.8 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 12:51:00 ====
  11. Guilherme Vermelho
    Olá, Meu notebook foi recentemente adquirido, novo e após instalar algumas extensões do chrome e programas duvidosos comecei a receber mensagens de erro a respeito de "audio.exe" e "grservices.exe". Acredito que a máquina esteja infectada. Peço a ajuda de vocês para avaliar meus logs e confirmar minha suspeita. Seguem os logs. Obrigado. # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2023-07-19.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-26-2023 # Duration: 00:00:01 # OS: Windows 11 (Build 22621.2283) # Cleaned: 29 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Program Files\Tencent Deleted C:\ProgramData\IObit\Advanced SystemCare Deleted C:\ProgramData\Tencent Deleted C:\Users\guilh\AppData\Roaming\IObit\Advanced SystemCare Deleted C:\Users\guilh\AppData\Roaming\Tencent ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\DRIVER BOOSTER SCHEDULER ***** [ Registry ] ***** Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63557FD5-7F8E-4799-905D-C475871A78AA} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{65815CA8-768E-4592-B813-050581E5DAC0} Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted Search By ZoneAlarm Deleted http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br Deleted http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br Deleted http://br.hao123.com/?tn=incore_pay_hp_05_hao123_br Deleted http://istart.webssearches.com/?type=hp&ts=1414538147&from=bxk1&uid=WDCXWD5000BPVT-60HXZT3_WD-WXN1E32NKVMSNKVMS Deleted http://istart.webssearches.com/?type=hp&ts=1414538147&from=bxk1&uid=WDCXWD5000BPVT-60HXZT3_WD-WXN1E32NKVMSNKVMS Deleted http://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=dde72d04ab3c4cd6853d3bb14dc531f5&tu=10GXy009a2B0CO0&sku=&tstsId=&ver=& ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE23B3FD-B9D1-4EBD-8CD9-9F0887DDB597} Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80434D54-1596-4D78-B6C4-CEE2D8653B2B} Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE23B3FD-B9D1-4EBD-8CD9-9F0887DDB597} Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication Deleted Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED} Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION Deleted Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [4461 octets] - [26/09/2023 10:49:32] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ~ ZHPCleaner v2023.9.26.45 by Nicolas Coolman (2023/09/26) ~ Run by guilh (Administrator) (26/09/2023 10:52:38) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\guilh\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\guilh\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 22621) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (5) FOUND file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\History =>.SUP.BrowserHistoric FOUND file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\History =>.SUP.BrowserHistoric FOUND folder: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache FOUND folder: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache FOUND folder: C:\Users\guilh\AppData\Local\Opera Software\Opera Stable\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (4) FOUND file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference FOUND file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference FOUND folder: C:\Users\guilh\AppData\Local\Google\Update =>Heuristic.Suspect FOUND folder: C:\ProgramData\IObit\ASCDownloader =>SUP.Optional.AdvancedSystemCare ---\\ Registry ( Key, Value, Data) (4) FOUND key: HKEY_USERS\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r [] =>Adware.Navipromo FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48c4d171-290d-4b41-b940-f739f8dc8093}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ecebae50-4f24-4c4b-ace0-ab3467d323e9}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser ---\\ Summary of the elements found (7) https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/wp-content/uploads/2017/12/26/sup-advancedsystemcare/ =>SUP.Optional.AdvancedSystemCare https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Adware.Navipromo https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser ---\\ Result of repair ~ Any repair made ~ Google Chrome OK ~ Microsoft Edge OK ~ Microsoft Internet Explorer OK ~ Opera Stable OK ---\\ Statistics ~ Items scanned : 97382 ~ Items found : 16 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 10/18 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of search in 00h07mn23s ---\\ Reports (0) ZHPCleaner-[S]-26092023-11_00_01.txt ~ ZHPCleaner v2023.9.26.45 by Nicolas Coolman (2023/09/26) ~ Run by guilh (Administrator) (26/09/2023 11:01:12) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\guilh\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\guilh\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home, 64-bit (Build 22621) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (9) MOVED file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\History =>.SUP.BrowserHistoric MOVED file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\History =>.SUP.BrowserHistoric MOVED file: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium MOVED folder: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\guilh\AppData\Local\Opera Software\Opera Stable\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\guilh\AppData\Local\Google\Update =>Heuristic.Suspect MOVED folder: C:\ProgramData\IObit\ASCDownloader =>SUP.Optional.AdvancedSystemCare ---\\ Registry ( Key, Value, Data) (4) DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{48c4d171-290d-4b41-b940-f739f8dc8093}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ecebae50-4f24-4c4b-ace0-ab3467d323e9}\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.2 181.213.132.3] =>Hijacker.Browser DELETED key*: HKEY_USERS\S-1-5-21-1468474341-1498967642-3512864176-1001\SOFTWARE\Classes\AppXq0pwa73vfcn2qdexp8cexcc6qk87xh1r [] =>Adware.Navipromo ---\\ Summary of the elements found (7) https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/wp-content/uploads/2017/12/26/sup-advancedsystemcare/ =>SUP.Optional.AdvancedSystemCare https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Adware.Navipromo ---\\ Other deletions. (0) ~ Registry Keys Tracing deleted (0) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Microsoft Edge OK ~ Microsoft Internet Explorer OK ~ Opera Stable OK ---\\ Statistics ~ Items scanned : 1043 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 10/18 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 25-09-2023 Executado por guilh (administrador) em GUIVERMELHO (Acer Nitro AN515-58) (26-09-2023 11:05:07) Executando a partir de C:\Users\guilh\Desktop\FRST64.exe Perfis Carregados: guilh Plataforma: Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) Idioma: Português (Brasil) Navegador padrão: Chrome Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAdminAgent.exe (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\NitroSense Service\PSAgent.exe (C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (cmd.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PING.EXE <2> (DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_helper.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2> (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe <2> (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe <2> (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe <2> (svchost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WPS\1.11.279.1\neo\core\mc-neo-host.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.986.611.0_x64__8wekyb3d8bbwe\PushNotificationsLongRunningTask.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9b2689b4e3586127\RtkAudUService64.exe [1673008 2023-05-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5314096 2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) [Arquivo não assinado] HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142222176 2023-04-21] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2586640 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Google Update] => "C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\GoogleUpdateCore.exe" (Nenhum Arquivo) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4374888 2023-09-11] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Run: [MicrosoftEdgeAutoLaunch_18105C23E6FB3E0926A4BECDF7B37E6D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210232 2023-09-23] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\system32\AdobePDF.dll [65488 2020-03-06] (Adobe Inc. -> Adobe Systems Inc) Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio system.lnk [2023-09-18] ShortcutTarget: Audio system.lnk -> C:\Netframework.4.5.2\Audio system.vbs () [Arquivo não assinado] Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2023-09-26] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.lnk [2023-09-18] ShortcutTarget: system.lnk -> C:\Perform\system.vbs () [Arquivo não assinado] ==================== Tarefas Agendadas (Whitelisted) ================= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {AB28516B-FCD3-481C-8EDA-D26FA8816B97} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (Nenhum Arquivo) Task: {03768D52-5397-46F6-9404-AC20EC436D5C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Nenhum Arquivo) Task: {65532448-C145-49C5-B05D-389973E60B07} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {CF26937B-FE54-41A5-B8A3-D5986CF41D59} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {AF75F4D6-2296-498C-B976-586DCC5CFD9A} - System32\Tasks\audio system => C:\Perform\update.vbs (Nenhum Arquivo) Task: {0C3AC2B1-6AE3-4B48-92B8-B2195BE2870D} - System32\Tasks\Driver Booster SkipUAC (guilh) => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\DriverBooster.exe [8966120 2023-07-27] (IObit CO., LTD -> IObit) Task: {1866B25B-8067-4F5F-8B61-D3B8888F581C} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\10.6.0\AutoUpdate.exe [2516968 2023-06-13] (IObit CO., LTD -> IObit) Task: {C59F40E0-7B31-49F5-8CC4-8BF0537D2407} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Nenhum Arquivo) Task: {5DA5E0A3-3E20-4CE6-B1B1-2395510E2A50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} => "C:\Users\guilh\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler (Nenhum Arquivo) Task: {C8C25885-F528-475C-8C7D-C61CD10197D5} - System32\Tasks\iTop Summer Task (One-Time) => "C:\Program Files (x86)\iTop VPN\Pub\itopsump23.exe" /sum (Nenhum Arquivo) Task: {475868C0-5FC0-427B-B5AB-3472F6BF6892} - System32\Tasks\McAfee\WPS\amwebapitriggertask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {88D56762-D568-4F5B-A809-C403A6C827A3} - System32\Tasks\McAfee\WPS\DAD.WPS.Execute.Updates => C:\Program Files\McAfee\WPS\1.11.279.1\dad\mc-dad.exe [4379528 2023-09-12] (McAfee, LLC -> McAfee, LLC) Task: {C11ADD33-F88C-4C5B-9D4D-BF9C8CA776D4} - System32\Tasks\McAfee\WPS\datupdatetask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {A155A82B-9E51-48CF-A477-D10075016515} - System32\Tasks\McAfee\WPS\McAfee Sustainability => C:\Program Files\McAfee\WPS\1.11.279.1\sustainability\mc-sustainability.exe [778816 2023-09-12] (McAfee, LLC -> McAfee, LLC) Task: {5F5AB2DD-FEF0-4E28-A89E-0607C9FD2BDF} - System32\Tasks\McAfee\WPS\mcpcoscanner => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {1283FDD0-291D-4775-A11D-2B6EE2D9A2DA} - System32\Tasks\McAfee\WPS\NGMCadence => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {B54F2BA6-417F-437E-B81C-265EE5A1C6B3} - System32\Tasks\McAfee\WPS\odsscheduledtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {56EFF8C7-F360-4B48-B402-1ABF6763AB84} - System32\Tasks\McAfee\WPS\systemrebootedtask => 1A62D23B-93C2-468A-B6B0-FFB2A23C1C0D Task: {2BB25299-DD12-4A55-A8F2-871A76A0A421} - System32\Tasks\McAfee\WPS\Update => {81A7CB63-BB07-4DAD-8E72-07B3A9BB08E2} Task: {7E4F884A-4B65-4572-95C8-75A72035EC76} - System32\Tasks\McAfee\WPS\WPSPush => \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-wns-client\mc-wns-client.exe [819400 2023-09-12] (McAfee, LLC -> ) Task: {470FD3C7-F7B6-430C-9160-31C3D0723EF0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {89DB786A-3BCD-4ED9-9A28-4E689B55B665} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {7DD50F2E-9467-4B35-8754-5F0DC7FB8A26} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {71136401-2E5A-477F-8C50-D95564CDEA05} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Task: {EA0F5D0F-DBA1-46DC-B35A-FE00325EF813} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-22] (Microsoft Corporation -> Microsoft Corporation) Task: {7ABBE0B6-C453-4AEF-8721-A4D7B2AE595B} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\UCPD velocity => C:\Windows\system32\UCPDMgr.exe [58880 2023-09-17] (Microsoft Windows -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Nenhum Arquivo) Task: {A98E46E4-D134-4B42-91D4-1C6AE1AFF3E3} - System32\Tasks\NitroSense => C:\Program Files\Acer\NitroSense Service\PSLauncher.exe [609640 2023-01-05] (Acer Incorporated -> Acer Incorporated) Task: {C937BDAE-E1AF-438E-BF9D-115E21D7BB91} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {EF5DDFC7-50BD-4989-B899-33CC98D12EA6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130824 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) Task: {4CB4A7E3-1E03-42BB-AE20-88C0F397B181} - System32\Tasks\Opera scheduled assistant Autoupdate 1694556311 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\guilh\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {37E30BB7-8F3B-4D5D-AB99-07F690D33DCC} - System32\Tasks\Opera scheduled Autoupdate 1694556305 => C:\Users\guilh\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Nenhum Arquivo) Task: {1F1F8B45-A057-40EF-80B6-113D793A9A7A} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2021-12-02] (Acer Incorporated -> Acer Incorporated) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Edge: ======= Edge Profile: C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-26] Edge Extension: (Google Docs Offline) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-17] Edge Extension: (Edge relevant text changes) - C:\Users\guilh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-13] FireFox: ======== FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2020-03-05] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default [2023-09-26] CHR Extension: (Adobe Acrobat: ferramentas para editar, converter e assinar PDFs) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-09-26] CHR Extension: (McAfee® WebAdvisor) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2023-09-26] CHR Extension: (Google Docs offline) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-26] CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\guilh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-09-26] CHR Profile: C:\Users\guilh\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-26] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] Opera: ======= OPR DefaultProfile: Opera Stable OPR Profile: C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable [2023-09-12] OPR Extension: (Rich Hints Agent) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-09-12] OPR Extension: (Opera Wallet) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-09-12] OPR Extension: (Aria) - C:\Users\guilh\AppData\Roaming\Opera Software\Opera Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm [2023-09-12] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) R2 dptftcs; C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_125373df900d2c8b\ipfsvc.exe [543888 2022-02-02] (Intel Corporation -> Intel Corporation) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncHelper.exe [3511720 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) S2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_5f98233769cf65a5\AS\IAS\IntelAudioService.exe [539992 2023-08-22] (Intel Corporation -> Intel) R2 ipfsvc; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_uf.exe [2781312 2023-08-22] (Intel Corporation -> Intel Corporation) S3 KAPSService; C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) S2 Killer Analytics Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe [2423160 2022-03-28] (Intel Corporation -> Intel) S2 Killer Network Service; C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe [2883448 2022-03-28] (Intel Corporation -> Intel) S3 KNDBWM; C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe [64376 2022-03-28] (Intel Corporation -> Intel® Corporation) R2 mc-fw-host; C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe [2310472 2023-09-12] (McAfee, LLC -> McAfee, LLC) S3 mc-wps-update; C:\Program Files\McAfee\WPS\1.11.279.1\mc-update.exe [5075896 2023-09-12] (McAfee, LLC -> McAfee, LLC) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [874384 2023-09-19] (McAfee, LLC -> McAfee, LLC) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.189.0910.0001\OneDriveUpdaterService.exe [3849128 2023-09-25] (Microsoft Corporation -> Microsoft Corporation) S3 PSSvc; C:\Program Files\Acer\NitroSense Service\PSSvc.exe [867176 2023-01-05] (Acer Incorporated -> Acer Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-09-05] (Microsoft Windows Publisher -> Microsoft Corporation) S2 ACCSvc; "C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe" [X] R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [36800 2022-05-31] (Acer Incorporated -> Acer Incorporated) S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Arquivo não assinado] S3 e2k68cx21x64; C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_e63a1a6682c5eed2\e2k68cx21x64.sys [619408 2022-03-08] (Realtek Semiconductor Corp. -> Realtek) R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2023-08-22] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2023-08-22] (Intel Corporation -> Intel Corporation) R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_5d49b801c1e48609\IntcUSB.sys [941976 2023-08-22] (Intel Corporation -> Intel(R) Corporation) R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88784 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_acpi; C:\Windows\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_6808233353fa1d56\ipf_acpi.sys [87168 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_cpu; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_cpu.sys [80512 2023-08-22] (Intel Corporation -> Intel Corporation) R3 ipf_lf; C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_07e81e065fff923d\ipf_lf.sys [445056 2023-08-22] (Intel Corporation -> Intel Corporation) R3 KfeCoSvc; C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys [175848 2022-03-28] (Intel Corporation -> Rivet Networks, LLC.) S0 mfeelam; C:\Windows\System32\DRIVERS\mfeelam.sys [18400 2023-09-12] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R0 mfesec; C:\Windows\System32\DRIVERS\mfesec.sys [82696 2023-09-12] (McAfee, LLC -> McAfee, LLC) R3 nvpcf; C:\Windows\System32\drivers\nvpcf.sys [243768 2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation) S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-09-17] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-09-05] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-09-05] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-05] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-09-26 11:05 - 2023-09-26 11:05 - 000023635 _____ C:\Users\guilh\Desktop\FRST.txt 2023-09-26 11:05 - 2023-09-26 11:05 - 000000000 ____D C:\FRST 2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Downloads\FRST64.exe 2023-09-26 11:04 - 2023-09-26 11:04 - 002382848 _____ (Farbar) C:\Users\guilh\Desktop\FRST64.exe 2023-09-26 11:01 - 2023-09-26 11:01 - 000011461 _____ C:\Users\guilh\Desktop\ZHPCleaner (R).html 2023-09-26 11:01 - 2023-09-26 11:01 - 000004138 _____ C:\Users\guilh\Desktop\ZHPCleaner (R).txt 2023-09-26 11:00 - 2023-09-26 11:00 - 000011172 _____ C:\Users\guilh\Desktop\ZHPCleaner (S).html 2023-09-26 11:00 - 2023-09-26 11:00 - 000003958 _____ C:\Users\guilh\Desktop\ZHPCleaner (S).txt 2023-09-26 10:55 - 2023-09-26 10:50 - 000004429 _____ C:\Users\guilh\Desktop\AdwCleaner[C00].txt 2023-09-26 10:51 - 2023-09-26 11:01 - 000000000 ____D C:\Users\guilh\AppData\Roaming\ZHP 2023-09-26 10:51 - 2023-09-26 10:52 - 000000875 _____ C:\Users\guilh\Desktop\ZHPCleaner.lnk 2023-09-26 10:51 - 2023-09-26 10:51 - 003343008 _____ (Nicolas Coolman) C:\Users\guilh\Downloads\ZHPCleaner.exe 2023-09-26 10:51 - 2023-09-26 10:51 - 000000000 ____D C:\Users\guilh\AppData\Local\ZHP 2023-09-26 10:46 - 2023-09-26 10:50 - 000000000 ____D C:\AdwCleaner 2023-09-26 10:44 - 2023-09-26 10:44 - 008791352 _____ (Malwarebytes) C:\Users\guilh\Downloads\adwcleaner.exe 2023-09-26 10:43 - 2023-09-26 10:43 - 000000000 ____D C:\Users\guilh\AppData\Local\Steam 2023-09-26 10:42 - 2023-09-26 10:46 - 000000000 ____D C:\Program Files (x86)\Steam 2023-09-26 10:42 - 2023-09-26 10:42 - 002296488 _____ C:\Users\guilh\Downloads\SteamSetup.exe 2023-09-26 10:42 - 2023-09-26 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2023-09-26 07:57 - 2023-09-26 07:57 - 000732744 _____ C:\Windows\system32\prfh0416.dat 2023-09-26 07:57 - 2023-09-26 07:57 - 000146898 _____ C:\Windows\system32\prfc0416.dat 2023-09-26 06:54 - 2023-09-26 06:54 - 004847296 _____ (Husdawg, LLC) C:\Users\guilh\Downloads\Detection.exe 2023-09-22 16:20 - 2023-09-22 16:20 - 002601711 _____ C:\Users\guilh\Downloads\USO DE MÉTODOS OFICIAIS_DIURNO.pdf 2023-09-20 16:32 - 2023-09-20 16:32 - 000082065 _____ C:\Users\guilh\Downloads\extrato_conta.pdf 2023-09-13 08:23 - 2023-09-13 08:23 - 000000000 ____D C:\Users\guilh\Documents\Modelos Personalizados do Office 2023-09-13 08:22 - 2023-09-13 08:22 - 000560409 _____ C:\Users\guilh\Downloads\3- 2023 Lista Consolidada DCB jul.xlsx 2023-09-12 19:05 - 2023-09-25 20:14 - 000000000 ____D C:\Users\guilh\AppData\Local\CrashDumps 2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files\EaseUS 2023-09-12 19:05 - 2023-09-12 20:49 - 000000000 ____D C:\Program Files (x86)\EaseUS 2023-09-12 19:05 - 2023-09-12 19:05 - 000004440 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1694556311 2023-09-12 19:05 - 2023-09-12 19:05 - 000004192 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1694556305 2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\Users\guilh\AppData\Local\Opera Software 2023-09-12 19:05 - 2023-09-12 19:05 - 000000000 ____D C:\ProgramData\SystemAcCrux 2023-09-12 19:05 - 2022-12-29 13:34 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\Drivers\EPMVolFl0.sys 2023-09-12 19:04 - 2023-09-12 19:05 - 077004880 _____ (EaseUS ) C:\Users\guilh\Downloads\epm17.9_free_B.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 001966984 _____ C:\Users\guilh\Downloads\epm_free_installer.793248.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 001767600 _____ ( ) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer_R-sI6W1.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 000098304 _____ (Hewlett-Packard Company) C:\Users\guilh\Downloads\hp-usb-disk-storage-format-tool-2.2.3-installer.exe 2023-09-12 19:04 - 2023-09-12 19:04 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Opera Software 2023-09-12 19:00 - 2023-09-12 18:59 - 000082696 _____ (McAfee, LLC) C:\Windows\system32\Drivers\mfesec.sys 2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\WPSInstallerTemp1 2023-09-12 18:59 - 2023-09-12 19:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2023-09-07 10:46 - 2023-09-07 10:46 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\PowerPoint 2023-09-07 09:49 - 2023-09-25 16:46 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Excel 2023-09-06 10:49 - 2023-09-06 10:49 - 000120029 _____ C:\Users\guilh\Downloads\Escitalopram.pdf 2023-09-05 09:44 - 2023-09-21 08:25 - 000003446 _____ C:\Windows\SysWOW64\pubfreeware.ini 2023-09-05 09:14 - 2023-09-05 09:14 - 000000000 ____D C:\Users\guilh\AppData\Local\McAfee 2023-09-01 19:20 - 2023-09-01 19:20 - 085419960 _____ (McAfee, LLC) C:\Users\guilh\Downloads\McAfee_Installer_serial_6Cd8yLdeaKmyPO98NLkWIg2_key_affid_1274_akey.exe 2023-09-01 19:02 - 2023-09-01 19:03 - 000000000 __RSD C:\Users\guilh\Documents\McAfee Vaults 2023-09-01 19:02 - 2023-09-01 19:02 - 000000000 ____D C:\Users\guilh\AppData\Local\McAfee File Lock 2023-09-01 18:59 - 2023-09-13 08:15 - 000000000 ____D C:\Program Files\McAfee 2023-09-01 18:59 - 2023-09-12 19:03 - 000000000 ____D C:\Windows\system32\Tasks\McAfee 2023-09-01 18:53 - 2023-09-13 08:16 - 000000000 ____D C:\ProgramData\McAfee 2023-09-01 18:53 - 2023-09-01 19:07 - 000000051 _____ C:\Users\guilh\AppData\Roaming\MCVi2UserDetail.ini 2023-09-01 18:53 - 2023-09-01 18:53 - 005891472 _____ (McAfee, LLC) C:\Users\guilh\Downloads\mcafee_trial_setup_433.0207.3919_key.exe ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-09-26 11:01 - 2023-08-22 21:21 - 000000000 ____D C:\ProgramData\IObit 2023-09-26 11:01 - 2023-08-22 21:16 - 000000000 ____D C:\Users\guilh\AppData\Local\Google 2023-09-26 11:00 - 2023-08-22 21:18 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome 2023-09-26 10:50 - 2023-08-22 21:21 - 000000000 ____D C:\Users\guilh\AppData\Roaming\IObit 2023-09-26 10:50 - 2023-08-22 21:12 - 000000000 ____D C:\ProgramData\Acer 2023-09-26 10:50 - 2023-08-22 21:12 - 000000000 ____D C:\Program Files (x86)\Acer 2023-09-26 10:50 - 2023-08-22 20:49 - 000000000 ____D C:\ProgramData\NVIDIA 2023-09-26 10:50 - 2023-08-22 20:42 - 000000000 ___RD C:\Users\guilh\OneDrive 2023-09-26 10:46 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\D3DSCache 2023-09-26 10:05 - 2023-08-22 21:38 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2023-09-26 10:05 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemTemp 2023-09-26 08:55 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-09-26 08:13 - 2023-08-22 20:41 - 000000000 ____D C:\Users\guilh\AppData\Local\Packages 2023-09-26 07:57 - 2023-08-22 20:47 - 001682102 _____ C:\Windows\system32\PerfStringBackup.INI 2023-09-26 07:57 - 2022-05-07 02:22 - 000000000 ____D C:\Windows\INF 2023-09-26 06:52 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\AppReadiness 2023-09-26 06:50 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-09-25 18:11 - 2023-08-22 20:35 - 000000000 ____D C:\ProgramData\Packages 2023-09-25 18:11 - 2022-05-07 02:24 - 000000000 ___HD C:\Program Files\WindowsApps 2023-09-25 17:23 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Word 2023-09-25 14:20 - 2023-08-23 18:33 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-09-25 14:20 - 2023-08-22 21:52 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-09-25 14:20 - 2023-08-22 21:51 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-09-25 14:20 - 2023-08-22 20:42 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1468474341-1498967642-3512864176-1001 2023-09-25 09:26 - 2023-08-22 20:33 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-09-21 15:11 - 2023-08-23 18:44 - 000000000 ____D C:\Users\guilh\Documents\WeChat Files 2023-09-20 19:15 - 2023-08-22 20:33 - 000012288 ___SH C:\DumpStack.log.tmp 2023-09-20 19:15 - 2023-08-22 20:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-09-20 19:15 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\NDF 2023-09-20 19:15 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ServiceState 2023-09-20 19:15 - 2022-05-07 02:17 - 000524288 _____ C:\Windows\system32\config\BBI 2023-09-19 16:41 - 2023-08-22 21:55 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\Office 2023-09-19 09:57 - 2023-08-22 21:35 - 000000000 ___HD C:\Perform 2023-09-19 09:42 - 2023-08-22 21:22 - 000000000 ____D C:\ProgramData\ProductData 2023-09-19 07:48 - 2023-08-22 21:16 - 000004224 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001UA{90016B1F-C6F4-49D0-9660-990E4074B2A7} 2023-09-19 07:48 - 2023-08-22 21:16 - 000003956 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-1468474341-1498967642-3512864176-1001Core{0D3F0353-8BCE-4CA5-82B0-DC5CDB13C90B} 2023-09-18 09:31 - 2023-08-22 21:35 - 000000000 ___HD C:\Netframework.4.5.2 2023-09-18 09:23 - 2022-05-07 02:17 - 000000000 ____D C:\Windows\CbsTemp 2023-09-18 09:22 - 2023-08-23 00:27 - 000000000 ____D C:\Windows\system32\MRT 2023-09-18 09:20 - 2023-08-23 00:27 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2023-09-18 09:20 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\AppLocker 2023-09-18 09:19 - 2022-05-07 02:24 - 000000000 ____D C:\ProgramData\USOPrivate 2023-09-17 22:36 - 2023-08-22 21:48 - 000000000 ____D C:\Program Files\Microsoft Office 2023-09-17 22:35 - 2023-08-22 20:39 - 000000000 ____D C:\Users\guilh 2023-09-17 22:35 - 2023-08-22 20:33 - 000496264 _____ C:\Windows\system32\FNTCACHE.DAT 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\UUS 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\SystemResources 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\oobe 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\Dism 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\system32\appraiser 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellExperiences 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\ShellComponents 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Provisioning 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-09-17 22:35 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\bcastdvr 2023-09-17 20:51 - 2023-08-22 20:37 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-09-17 20:46 - 2023-08-23 00:24 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2023-09-13 08:21 - 2023-08-22 22:11 - 000000000 ____D C:\Users\guilh\AppData\Roaming\Microsoft\UProof 2023-09-12 20:49 - 2022-05-07 02:24 - 000000000 ____D C:\Windows\Registration 2023-09-12 19:04 - 2022-05-07 02:24 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-09-12 19:04 - 2022-05-07 02:17 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-09-12 19:00 - 2023-08-22 21:16 - 000002498 _____ C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-09-05 10:09 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\Panther 2023-09-05 09:06 - 2023-08-22 21:39 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 2023-09-05 09:06 - 2023-08-22 21:39 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0 2023-09-05 09:00 - 2023-08-22 20:33 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-09-01 19:02 - 2022-05-07 02:24 - 000000124 _____ C:\Windows\win.ini 2023-09-01 18:53 - 2023-08-23 00:34 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools ==================== Arquivos na raiz de alguns diretórios ======== 2023-09-01 18:53 - 2023-09-01 19:07 - 000000051 _____ () C:\Users\guilh\AppData\Roaming\MCVi2UserDetail.ini 2023-08-22 21:35 - 2023-08-22 21:35 - 000000410 _____ () C:\Users\guilh\AppData\Local\oobelibMkey.log ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 25-09-2023 Executado por guilh (26-09-2023 11:05:40) Executando a partir de C:\Users\guilh\Desktop Microsoft Windows 11 Home Versão 22H2 22621.2283 (X64) (2023-08-22 23:35:07) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-1468474341-1498967642-3512864176-500 - Administrator - Disabled) Convidado (S-1-5-21-1468474341-1498967642-3512864176-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1468474341-1498967642-3512864176-503 - Limited - Disabled) guilh (S-1-5-21-1468474341-1498967642-3512864176-1001 - Administrator - Enabled) => C:\Users\guilh WDAGUtilityAccount (S-1-5-21-1468474341-1498967642-3512864176-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: McAfee (Disabled - Up to date) {17E6E93C-6841-5FC7-DEB8-480FDC929279} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee (Enabled) {2FDD6819-222E-5E9F-F5E7-E13A2241D502} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.) Coremail Client V4.0 version 4.0.1.699 (HKLM\...\CMClient_is1) (Version: 4.0.1.699 - ) Documentos (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\547329c748b021098adbb041e9997af7) (Version: 1.0 - Google\Chrome) Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.6.0 - IObit) DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated) Dynamic Application Loader Host Interface Service (HKLM\...\{B31B8E7F-3C96-4A05-887F-78F3DB1E2FC0}) (Version: 1.0.0.0 - Intel Corporation) Hidden Gmail (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\a3baf68a4cbc856ea0b6f162cafbe8a3) (Version: 1.0 - Google\Chrome) Google Chrome (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC) Google Drive (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\92561bab538146c8d23631a9655f2def) (Version: 1.0 - Google\Chrome) Intel(R) Chipset Device Software (HKLM\...\{B7BE54CB-2BAB-458E-99FF-46067A9D451E}) (Version: 10.1.18950.8297 - Intel Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{128196ab-db0f-4c9e-b603-9c8d8b59934d}) (Version: 10.1.18950.8297 - Intel(R) Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2239.3.33.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{6633DA0D-F56A-42E4-9599-D37A640CAF36}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) Management Engine Driver (HKLM\...\{C71B56FC-8255-4226-B3E4-6B81288A6A0B}) (Version: 1.0.0.0 - Intel Corporation) Hidden Intel(R) ME WMI Provider (HKLM\...\{64528C16-C80F-4935-AF3A-946B86EB3EEB}) (Version: 1.0.0.0 - Intel Corporation) Hidden McAfee (HKLM\...\McAfee.WPS) (Version: 1.11.279.1 - McAfee, LLC) Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft 365 Apps para Grandes Empresas - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.16731.20234 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.41 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.36 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.189.0910.0001 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\Teams) (Version: 1.6.00.11166 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{AF47B488-9780-4AB5-A97E-762E28013CA6}) (Version: 5.71.0.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden NitroSense Service (HKLM\...\{6FC78E80-6385-43D6-8A43-FA80094F1A2E}) (Version: 3.01.3052 - Acer Incorporated) NVIDIA Driver de áudio HD 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation) NVIDIA Driver de gráficos 512.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.74 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9309.1 - Realtek Semiconductor Corp.) Sheets (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\729e688ab6880be61f3228ca532f5f97) (Version: 1.0 - Google\Chrome) Slides (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\7457603eb1d7d66885433bf216ff532c) (Version: 1.0 - Google\Chrome) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.11166 - Microsoft Corporation) WebAdvisor da McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.836 - McAfee, LLC) WeChat (HKLM-x32\...\WeChat) (Version: 3.9.6.33 - 腾讯科技(深圳)有限公司) WinRAR 6.23 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.23.0 - win.rar GmbH) YouTube (HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\63c9d49a6b2c600986bb89cb0948ddcd) (Version: 1.0 - Google\Chrome) Packages: ========= Acer Purified Voice Console (R) -> C:\Program Files\WindowsApps\AcerIncorporated.AcerPurifiedVoiceConsoleR_1.0.5.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated) AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5185.0_x64__8j3eq9eme6ctt [2023-09-17] (INTEL CORP) [Startup Task] Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3054.0_x64__48frkmn4z8aw4 [2023-08-22] (Acer Incorporated) Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2308.1005.0_x64__8wekyb3d8bbwe [2023-08-23] (Microsoft Corporation) DTS Sound Unbound -> C:\Program Files\WindowsApps\DTSInc.DTSSoundUnbound_2023.3.13.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.) DTS:X Ultra -> C:\Program Files\WindowsApps\DTSInc.DTSXUltra_1.11.14.0_x64__t5j2fzbtdg37r [2023-09-01] (DTS, Inc.) Killer Intelligence Center -> C:\Program Files\WindowsApps\RivetNetworks.KillerControlCenter_3.1122.329.0_x64__rh07ty8m5nkag [2023-08-22] (Rivet Networks LLC) [Startup Task] McAfee® Security -> C:\Program Files\McAfee\WPS\1.11.279.1 [2023-09-12] () Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.) Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-09-17] (Microsoft Corporation) NitroSense_V31 -> C:\Program Files\WindowsApps\AcerIncorporated.NitroSenseV31_3.1.3052.0_x64__48frkmn4z8aw4 [2023-08-23] (Acer Incorporated) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-22] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.41.294.0_x64__dt26b99r8h8gj [2023-09-05] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.17.8180.0_x64__8wekyb3d8bbwe [2023-09-01] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0 [2023-09-25] (Spotify AB) [Startup Task] WinAppRuntime.Main.1.3 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.3_3000.934.1904.0_x64__8wekyb3d8bbwe [2023-09-17] (Microsoft Corp.) WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_4000.986.611.0_x64__8wekyb3d8bbwe [2023-09-25] (Microsoft Corp.) Windows App Runtime DDLM 3000.882.2207.0-x6 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x6_3000.882.2207.0_x64__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation) Windows App Runtime DDLM 3000.882.2207.0-x8 -> C:\Program Files\WindowsApps\Microsoft.WinAppRuntime.DDLM.3000.882.2207.0-x8_3000.882.2207.0_x86__8wekyb3d8bbwe [2023-09-12] (Microsoft Corporation) Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-09-17] (Microsoft Corporation) WinRAR -> C:\Program Files\WinRAR [2023-08-22] (win.rar GmbH) ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{092EC97B-EDAE-4014-8CE4-131026C6FE97}\localserver32 -> C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> ) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\guilh\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23089.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\localserver32 -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\116.0.5845.188\notification_helper.exe (Google LLC -> Google LLC) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{AE9899FA-E21F-4D91-BD1F-59BC10E56CA1}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.292\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\guilh\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E4949BE6-C9FF-4AFA-8672-6127D857418B}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo CustomCLSID: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\guilh\AppData\Local\Google\Update\1.3.36.312\psuser_64.dll => Nenhum Arquivo ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.189.0910.0001\FileSyncShell64.dll [2023-09-25] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvacig.inf_amd64_6a30f226cb32430c\nvshext.dll [2023-08-22] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2020-03-06] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers6: [McCtxMenu] -> {4ADAAC88-E1BD-424F-816D-15E059007938} => C:\Program Files\McAfee\WPS\1.11.279.1\mc-ctxmnu.dll [2023-09-12] (McAfee, LLC -> McAfee, LLC) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Docs.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Documentos.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Gmail.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Google Drive.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Sheets.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\Slides.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag ShortcutWithArgument: C:\Users\guilh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apps do Chrome\YouTube.lnk -> C:\Users\guilh\AppData\Local\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml ==================== Módulos Carregados (Whitelisted) ============= 2020-03-06 06:11 - 2020-03-06 06:11 - 000021504 _____ (Adobe Systems Inc.) [Arquivo não assinado] C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\locale\pt_br\Acrobat Elements\ContextMenuShim64.ptb ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mc-fw-host => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mc-fw-host => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2023-09-01] (McAfee, LLC -> McAfee, LLC) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2020-03-06] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-17] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\...\sharepoint.com -> hxxps://1bws5l-files.sharepoint.com ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2022-05-07 02:24 - 2022-05-07 02:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1468474341-1498967642-3512864176-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\guilh\Downloads\wallpaperbetter.com_1920x1080.jpg DNS Servers: O Suporte não está conectado à internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{FE3D84E7-D5D0-4749-BBD7-B574B3E39F01}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5DECDFD8-973A-4C56-97ED-7F88B51B644E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{0405B5B1-1AAF-4825-967D-C7C4C54E2574}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CBCEC0B6-8D3F-428C-B0C1-3EA683598EE3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{BBD3988B-10B6-4968-9C7B-0BDDC7FD9E66}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FE8024DF-5B09-4BE0-B3DE-F6B4C2A0B447}] => (Allow) C:\Program Files\cmclient\CMClient.exe (广东盈世计算机科技有限公司 -> ) FirewallRules: [TCP Query User{274EB8B5-BC96-471A-864D-A4F975539016}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{3C7B0E6D-FB1A-42D8-AFA8-3DD521244E37}C:\users\guilh\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\guilh\appdata\local\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{464E45D1-9892-4CB7-8348-0AA64EE6DD0F}] => (Allow) C:\Users\guilh\AppData\Local\Programs\Opera\102.0.4880.46\opera.exe => Nenhum Arquivo FirewallRules: [{0D13D52D-B046-455E-9EA5-B1C9336868A1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CA604C4B-C070-41F1-A883-F565E8F3F0E3}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{27B9E91B-40A0-42F8-BE0E-F104F1F519B4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FF65E029-66BD-4B54-96CD-76CD0344056D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{884AF703-67BC-47D7-B5D0-284AFB4C4448}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E9E1619C-6764-4101-A1E3-71FA6CFC6FF6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{A65FE57C-1D9B-419A-BDD5-D9A60767AF11}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{557C13AE-B357-4CB1-B3AE-9E295602A6B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{96BE86C9-D610-4CEE-AF37-4451B7D37C2C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{4CCE2437-A38F-4802-84F3-47EC26DD0ED2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{E6B07CED-2C7E-45CD-AA6A-2743C25EDF39}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3A59B8BE-2F78-4B0A-A6FC-CE0DFA793E0C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{6B49219D-E8B0-439F-BDA1-A58E3DC36AEE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.220.1218.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd) FirewallRules: [{3B50D019-0F24-47D4-9AC1-37459124C427}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{91489089-8118-4628-9F0F-EF999D6A43D5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) ==================== Pontos de Restauração ========================= 21-09-2023 08:25:40 Windows Update 21-09-2023 08:25:48 Windows Update 26-09-2023 11:00:27 ZHPcleaner ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (09/26/2023 10:47:35 AM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x51a0 Hora de início do aplicativo com falha: 0x0x1d9f07ff7b7926c Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: c8f90dbb-28be-4ce6-9322-b920b9abdf36 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/26/2023 10:47:04 AM) (Source: Application Error) (EventID: 1000) (User: AUTORIDADE NT) Description: Nome do aplicativo com falha: mc-fw-host.exe, versão: 1.11.102.0, carimbo de data/hora: 0x64d65783 Nome do módulo com falha: mc-bridge-server.dll, versão: 1.1.242.0, carimbo de data/hora: 0x64a826b4 Código de exceção: 0xc0000005 Deslocamento da falha: 0x000000000001ce8a ID do processo com falha: 0x0x1278 Hora de início do aplicativo com falha: 0x0x1d9ec0fffccac1a Caminho do aplicativo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-fw-host.exe Caminho do módulo com falha: \\?\C:\Program Files\McAfee\WPS\1.11.279.1\mc-bridge-server.dll ID do Relatório: e6bc08cf-865c-4b74-93fd-9765a4e4781a Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (09/25/2023 08:14:05 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23231.411.2342.9597, carimbo de data/hora: 0x64ed3548 Nome do módulo com falha: ucrtbase.dll, versão: 10.0.22621.608, carimbo de data/hora: 0xf5fc15a3 Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000007f61e ID do processo com falha: 0x0x4cd4 Hora de início do aplicativo com falha: 0x0x1d9f005fa59ef0f Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll ID do Relatório: c500ef52-b02c-4e04-8641-4863e15f6a7d Nome completo do pacote com falha: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (09/25/2023 09:27:13 AM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23231.411.2342.9597, carimbo de data/hora: 0x64ed3548 Nome do módulo com falha: ucrtbase.dll, versão: 10.0.22621.608, carimbo de data/hora: 0xf5fc15a3 Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000007f61e ID do processo com falha: 0x0x2324 Hora de início do aplicativo com falha: 0x0x1d9efab9c7dc914 Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll ID do Relatório: ab3d3857-7792-4b38-87aa-c08b17aa910e Nome completo do pacote com falha: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (09/20/2023 07:17:04 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: msteamsupdate.exe, versão: 23231.411.2342.9597, carimbo de data/hora: 0x64ed3548 Nome do módulo com falha: ucrtbase.dll, versão: 10.0.22621.608, carimbo de data/hora: 0xf5fc15a3 Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000007f61e ID do processo com falha: 0x0x1ca8 Hora de início do aplicativo com falha: 0x0x1d9ec102f2d4fe2 Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe\msteamsupdate.exe Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll ID do Relatório: 1ddbba84-6613-4b29-8bb6-ac63ba35a3b0 Nome completo do pacote com falha: MicrosoftTeams_23231.411.2342.9597_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: msteamsupdate Error: (09/20/2023 07:15:03 PM) (Source: Application Hang) (EventID: 1002) (User: AUTORIDADE NT) Description: O programa ShellExperienceHost.exe versão 10.0.22621.2215 interagiu com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle de Segurança e Manutenção. Error: (09/20/2023 07:14:36 PM) (Source: Application Hang) (EventID: 1002) (User: AUTORIDADE NT) Description: O programa ShellExperienceHost.exe versão 10.0.22621.2215 interagiu com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle de Segurança e Manutenção. Error: (09/19/2023 03:40:32 PM) (Source: Application Error) (EventID: 1000) (User: GUIVERMELHO) Description: Nome do aplicativo com falha: Widgets.exe, versão: 421.20070.1820.0, carimbo de data/hora: 0x64e54318 Nome do módulo com falha: Widgets.exe, versão: 421.20070.1820.0, carimbo de data/hora: 0x64e54318 Código de exceção: 0xc0000005 Deslocamento da falha: 0x0000000000122cc7 ID do processo com falha: 0x0x20e0 Hora de início do aplicativo com falha: 0x0x1d9eb224960bae0 Caminho do aplicativo com falha: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe Caminho do módulo com falha: C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ID do Relatório: e0367dea-7504-40b5-866f-a6c4402188d6 Nome completo do pacote com falha: MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: Widgets Erros de Sistema: ============= Error: (09/26/2023 10:59:46 AM) (Source: DCOM) (EventID: 10010) (User: GUIVERMELHO) Description: O servidor {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} não se registrou no DCOM dentro do tempo limite necessário. Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Predator Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço FileSyncHelper foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço NVIDIA Display Container LS foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 6000 milissegundos: Reiniciar o serviço. Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Microsoft Office Click-to-Run Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Killer Network Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço McAfee WebAdvisor foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1 milissegundos: Reiniciar o serviço. Error: (09/26/2023 10:50:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Killer Dynamic Bandwidth Management foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Windows Defender: ================ Date: 2023-08-23 06:48:13 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Program:Win32/Contebrew.A!ml&threatid=251873&enterprise=0 Nome: Program:Win32/Contebrew.A!ml Gravidade: Alto Categoria: Modificador de Configurações Caminho: file:_C:\Users\guilh\Downloads\Adobe.Acrobat.Pro.DC.v2022.001.20085.exe Origem da Detecção: Computador local Tipo da Detecção: FastPath Fonte da Detecção: Proteção em Tempo Real Usuário: GuiVermelho\guilh Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.395.1105.0, AS: 1.395.1105.0, NIS: 1.395.1105.0 Versão do Mecanismo: AM: 1.1.23070.1005, NIS: 1.1.23070.1005  CodeIntegrity: =============== Date: 2023-09-26 10:48:48 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.11.279.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements. Date: 2023-09-26 10:48:18 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\WPS\1.11.279.1\mc-sec-plugin-x64.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: Insyde Corp. V2.05 04/12/2023 placa-mãe: ADL Jimny_ADH Processador: 12th Gen Intel(R) Core(TM) i5-12450H Percentagem de memória em uso: 48% RAM física total: 7901.05 MB RAM física disponível: 4062.48 MB Virtual Total: 10973.05 MB Virtual disponível: 5216.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:397.15 GB) (Free:328.74 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS Drive d: (WINDRIVER) (Fixed) (Total:20 GB) (Free:5.64 GB) (Model: Micron_3400_MTFDKBA512TFH) NTFS \\?\Volume{babfb7f2-327b-47f8-bc2c-f4b7eabdc326}\ (EFI) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 0FC3CF86) Partition: GPT. ==================== Fim de Addition.txt ======================= ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of clean in 00h00mn36s ---\\ Reports (2) ZHPCleaner-[S]-26092023-11_00_01.txt ZHPCleaner-[R]-26092023-11_01_48.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

Mais

×
×
  • Criar novo...

 

GRÁTIS: ebook Redes Wi-Fi – 2ª Edição

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!