Alexander Cunha

Boa tarde a todos os amigos do forum. Peço que por favor analisem os logs, os sintomas são: - Muita lentidão do PC, especialmente quando estou conectado a Internet - Não sei se isso tem a ver com alguma infecção, mas a Net fica muito instavel principalmente pra acessar sites de banco. - Do nada o PC fica reiniciando. # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2023-07-19.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 01-16-2024 # Duration: 00:00:01 # OS: Windows 10 (Build 19045.3930) # Cleaned: 1 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** Deleted kffplnohkmnjpakkgahhbpndamfidlkb ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1420 octets] - [30/12/2023 21:42:33] AdwCleaner[C00].txt - [1610 octets] - [30/12/2023 21:42:50] AdwCleaner[S01].txt - [1542 octets] - [30/12/2023 21:43:10] AdwCleaner[S02].txt - [1631 octets] - [11/01/2024 18:13:35] AdwCleaner[C02].txt - [1801 octets] - [11/01/2024 18:14:05] AdwCleaner[S03].txt - [1753 octets] - [12/01/2024 11:35:23] AdwCleaner[C03].txt - [1923 octets] - [12/01/2024 11:35:42] AdwCleaner[S04].txt - [1875 octets] - [16/01/2024 11:36:15] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ########## ~ ZHPCleaner v2024.1.9.2 by Nicolas Coolman (2024/01/09) ~ Run by Icebrave (Administrator) (16/01/2024 12:19:14) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\Icebrave\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\Icebrave\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 19045) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) DELETED: [5sj018hq.default-release] - user_pref("browser.topsites.contile.cachedTiles", "[{\"id\":74357,\"name\":\"Amazon\",\"url\":\"http[...] =>PUP.Optional.Booking ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (12) MOVED file: C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\History =>.SUP.BrowserHistoric MOVED file: C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\History =>.SUP.BrowserHistoric MOVED file: \Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: \Users\Net\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: \Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium MOVED file: \Users\Net\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>Préférences Chromium MOVED folder: C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache MOVED folder: C:\Users\Icebrave\AppData\Local\Mozilla\Firefox\Profiles\vpumhnyi.default\Cache2 =>.SUP.BrowserCache MOVED folder: C:\Users\Icebrave\AppData\Local\Mozilla\Firefox\Profiles\5sj018hq.default-release\Cache2 =>.SUP.BrowserCache MOVED folder: C:\Users\Icebrave\AppData\Local\Thunderbird\Profiles\vpumhnyi.default\Cache2 =>.SUP.BrowserCache MOVED folder: C:\Users\Icebrave\AppData\Local\Thunderbird\Profiles\5sj018hq.default-release\Cache2 =>.SUP.BrowserCache ---\\ Registry ( Key, Value, Data) (2) DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5f7bc1e2-4bda-4ca1-8d18-bb68280c1e0e}\\DhcpNameServer [Bad : 181.213.132.6 181.213.132.7] =>Hijacker.Browser DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.6 181.213.132.7] =>Hijacker.Browser ---\\ Summary of the elements found (5) https://nicolascoolman.eu/forum/Topic/booking-logiciel-potentiellement-indesirable-pup-lpi/ =>PUP.Optional.Booking https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser ---\\ Other deletions. (0) ~ Registry Keys Tracing deleted (0) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Microsoft Edge OK ~ Mozilla Firefox OK ~ Microsoft Internet Explorer OK ~ Thunderbird OK ---\\ Statistics ~ Items scanned : 4097 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 10/18 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ Start browsers with extensions removed ~ End of clean in 00h01mn33s ---\\ Reports (2) ZHPCleaner-[S]-16012024-12_03_10.txt ZHPCleaner-[R]-16012024-12_20_47.txt Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 16.01.2024 Executado por Icebrave (administrador) em DESKTOP-NPVV5ON (16-01-2024 12:33:04) Executando a partir de C:\Users\Net\Desktop\FRST64.exe Perfis Carregados: Icebrave & Net Plataforma: Microsoft Windows 10 Pro Versão 22H2 19045.3930 (X64) Idioma: Português (Brasil) Navegador padrão: FF Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (explorer.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5> (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <28> (Notepad++ -> Don HO [email protected]) C:\Program Files\Notepad++\notepad++.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\prevhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Icebrave\AppData\Local\Microsoft\Teams\Update.exe [2452112 2023-12-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Nenhum Arquivo) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO HKU\S-1-5-21-702104581-954937399-490591429-1002\...\Run: [MicrosoftEdgeAutoLaunch_DE42051A7061B4E326E1FAAC622AFB84] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854272 2024-01-11] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Run: [MicrosoftEdgeAutoLaunch_4F469AB9D1336CB61BA9F80E8F2FF34A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854272 2024-01-11] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Net\AppData\Local\Microsoft\Teams\Update.exe [2452112 2023-12-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\Windows\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.217\Installer\chrmstp.exe [2024-01-12] (Google LLC -> Google LLC) GroupPolicy: Restrição ? <==== ATENÇÃO Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO ==================== Tarefas Agendadas (Whitelisted) ================= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {1DA84CB4-ABC8-43B2-8442-E6BF85B1287F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5550856 2023-12-19] (Microsoft Windows -> Microsoft Corporation) Task: {D73C80EF-1466-4F43-93D0-CAA40A964D96} - System32\Tasks\GoogleUpdateTaskMachineCore{EAF13226-9018-4F9F-B7C9-57AFEBE1647F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-01-04] (Google LLC -> Google LLC) Task: {BF5BE23D-9235-4F76-8318-5C927B06F61C} - System32\Tasks\GoogleUpdateTaskMachineUA{B258DE29-C842-47E0-828D-BFE7BD17BCEF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-01-04] (Google LLC -> Google LLC) Task: {A852E842-7B14-424B-B092-7F0D94C4CE1E} - System32\Tasks\infatica_p2b => C:\Program Files (x86)\Infatica P2B\infatica_agent.exe [3708512 2023-10-30] (Infatica Pte. Ltd. -> ) Task: {C793EEAD-FB37-44A5-B89D-ACE2A07D756C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-12-13] () [Arquivo não assinado] Task: {A725C931-5F8D-4A19-944F-E37C17835AFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Nenhum Arquivo) Task: {3AD47504-F5EC-4D45-A07B-E50DED33F281} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Nenhum Arquivo) Task: {3A737991-6F2E-4A28-863E-80443E608B42} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2024-01-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {8513B3D4-E1EC-4860-8E35-9C05E6EB8490} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2024-01-09] (Mozilla Corporation -> Mozilla Foundation) Task: {F5B85923-5348-4286-8C7E-11A06FB6E7A8} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Net\AppData\Local\PrivaZer installation\PrivaZer.exe [24742368 2024-01-04] (Goversoft LLC -> Goversoft LLC) Task: {EB8719A6-BC52-4D88-967F-0A281A59A7D8} - System32\Tasks\Toolbox.exe_{F4605C66-F9F4-4736-ABE8-8C2CB0E34B31} => C:\Program Files\HP\HP DeskJet 2130 series\Bin\Toolbox.exe [6075552 2021-11-15] (HP Inc. -> HP Inc.) Task: {E2C01369-C846-4014-ADC2-5545B92D006B} - System32\Tasks\WpsExternal_Icebrave_20231217105152 => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpscloudsvr.exe [965520 2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external Task: {866E56F7-BB64-4B9E-9979-010E501BF0DE} - System32\Tasks\WpsExternal_Net_20240114165257 => C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13412\office6\wpscloudsvr.exe [965520 2024-01-14] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external Task: {93769C57-253C-4617-BCF3-96948A374067} - System32\Tasks\WpsUpdateTask_Icebrave => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpsupdate.exe [1494416 2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) Task: {93344D61-FD63-4D2C-87F1-05413414902E} - System32\Tasks\WpsUpdateTask_Net => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpsupdate.exe [1494416 2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Edge: ======= Edge Profile: C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-16] Edge HomePage: Default -> hxxp://www.google.com/ Edge Extension: (Documentos Google off-line) - C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-16] Edge Extension: (Edge relevant text changes) - C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-16] FireFox: ======== FF DefaultProfile: vpumhnyi.default FF ProfilePath: C:\Users\Icebrave\AppData\Roaming\Mozilla\Firefox\Profiles\vpumhnyi.default [2023-12-16] FF ProfilePath: C:\Users\Icebrave\AppData\Roaming\Mozilla\Firefox\Profiles\5sj018hq.default-release [2024-01-14] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation) Chrome: ======= CHR Profile: C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default [2024-01-16] CHR Extension: (Documentos Google off-line) - C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-08] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-01-08] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2438128 2023-11-11] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9405400 2024-01-02] (Malwarebytes Inc. -> Malwarebytes) S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-19] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [965520 2023-12-20] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2020-09-24] (Microsoft Corporation) [Arquivo não assinado] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222784 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2024-01-16 12:33 - 2024-01-16 12:34 - 000014231 _____ C:\Users\Net\Desktop\FRST.txt 2024-01-16 12:32 - 2024-01-16 12:33 - 000000000 ____D C:\FRST 2024-01-16 12:20 - 2024-01-16 12:20 - 000011402 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (R).html 2024-01-16 12:20 - 2024-01-16 12:20 - 000004249 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (R).txt 2024-01-16 12:03 - 2024-01-16 12:03 - 000011107 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (S).html 2024-01-16 12:03 - 2024-01-16 12:03 - 000004063 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (S).txt 2024-01-16 11:44 - 2024-01-16 12:20 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\ZHP 2024-01-16 11:44 - 2024-01-16 11:44 - 000000878 _____ C:\Users\Icebrave\Desktop\ZHPCleaner.lnk 2024-01-16 11:44 - 2024-01-16 11:44 - 000000000 ____D C:\Users\Icebrave\AppData\Local\ZHP 2024-01-16 11:43 - 2024-01-16 12:32 - 002389504 _____ (Farbar) C:\Users\Net\Desktop\FRST64.exe 2024-01-16 11:42 - 2024-01-16 11:44 - 003362976 _____ (Nicolas Coolman) C:\Users\Net\Desktop\ZHPCleaner.exe 2024-01-16 11:35 - 2024-01-16 11:35 - 000001622 _____ C:\Users\Icebrave\Desktop\MawwareBytes-160124.txt 2024-01-16 11:17 - 2024-01-16 11:17 - 000001787 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk 2024-01-16 11:17 - 2024-01-16 11:17 - 000001733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\Users\Net\AppData\Roaming\Canneverbe Limited 2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Canneverbe Limited 2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\ProgramData\Canneverbe Limited 2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\Program Files\CDBurnerXP 2024-01-14 16:52 - 2024-01-14 16:52 - 000004060 _____ C:\Windows\system32\Tasks\WpsExternal_Net_20240114165257 2024-01-14 02:42 - 2024-01-14 02:42 - 000323799 _____ C:\Users\Net\Downloads\kali-linux-2023.4-installer-amd64.iso.torrent 2024-01-13 11:28 - 2024-01-13 11:28 - 000000000 ____D C:\Program Files\Easy2Boot_v2.19 2024-01-11 18:10 - 2024-01-11 18:10 - 000000695 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner.lnk 2024-01-11 17:59 - 2024-01-11 18:07 - 000000000 ___HD C:\$WinREAgent 2024-01-11 17:51 - 2024-01-11 17:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\mbam 2024-01-11 17:51 - 2024-01-11 17:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Malwarebytes 2024-01-11 17:18 - 2024-01-11 17:18 - 000029148 _____ C:\Users\Net\Downloads\linuxmint-21.2-cinnamon-64bit.iso.torrent 2024-01-10 21:07 - 2024-01-10 21:07 - 001638416 _____ C:\Users\Net\Downloads\Tube Digger.rar 2024-01-09 21:48 - 2024-01-12 17:00 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2024-01-09 19:26 - 2024-01-09 19:26 - 000000000 ____D C:\Users\Icebrave\Downloads\MediCat USB v21.12 2024-01-09 19:25 - 2024-01-09 19:34 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\qBittorrent 2024-01-09 19:25 - 2024-01-09 19:26 - 000000000 ____D C:\Users\Icebrave\AppData\Local\qBittorrent 2024-01-09 19:14 - 2024-01-09 21:45 - 000000000 ____D C:\Program Files\Mozilla Firefox 2024-01-09 19:14 - 2024-01-09 19:14 - 031394031 _____ C:\Users\Icebrave\Downloads\COMANF REVELA QUE ET DE VARGINHA FOI CAPTURADO....mp4 2024-01-09 14:03 - 2024-01-09 14:03 - 000000112 ___SH C:\bootTel.dat 2024-01-08 20:45 - 2024-01-08 20:45 - 000000428 __RSH C:\ProgramData\ntuser.pol 2024-01-08 20:44 - 2024-01-08 20:44 - 020199818 _____ (pendrivelinux.com) C:\Users\Icebrave\Downloads\YUMI-exFAT-1.0.2.4.exe 2024-01-08 20:33 - 2024-01-08 20:40 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Rufus 2024-01-08 20:31 - 2024-01-08 20:31 - 001431624 _____ (Akeo Consulting) C:\Users\Icebrave\Downloads\rufus-4.3.exe 2024-01-08 05:45 - 2024-01-08 05:45 - 000001218 _____ C:\Users\Net\Downloads\WII Pr0 N0 TPM.txt 2024-01-07 19:03 - 2024-01-07 19:03 - 000000000 ____D C:\Users\Net\AppData\Roaming\Zoom 2024-01-07 19:03 - 2024-01-07 19:03 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2024-01-07 19:03 - 2024-01-07 19:03 - 000000000 ____D C:\Users\Net\AppData\Local\Zoom 2024-01-05 12:35 - 2024-01-05 12:35 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Google 2024-01-04 20:22 - 2024-01-06 11:10 - 000000000 ____D C:\Users\Net\Downloads\Telegram Desktop 2024-01-04 19:46 - 2024-01-04 19:46 - 000306466 _____ C:\Users\Net\Downloads\aula-pratica-3_ydxCDWG7.mp4.html 2024-01-04 19:46 - 2024-01-04 19:46 - 000000000 ____D C:\Users\Net\Downloads\aula-pratica-3_ydxCDWG7.mp4_files 2024-01-04 19:23 - 2024-01-04 19:24 - 126534680 _____ (Digiarty, Inc.) C:\Users\Net\Downloads\videoproc-file.exe 2024-01-04 17:49 - 2024-01-12 14:00 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-01-04 17:49 - 2024-01-04 17:49 - 000000000 ____D C:\Users\Net\AppData\Local\Google 2024-01-04 17:49 - 2024-01-04 17:49 - 000000000 ____D C:\Program Files\Google 2024-01-04 17:48 - 2024-01-16 11:15 - 000000000 ____D C:\Program Files (x86)\Google 2024-01-04 17:48 - 2024-01-04 17:48 - 001376304 _____ (Google LLC) C:\Users\Net\Downloads\ChromeSetup.exe 2024-01-04 17:48 - 2024-01-04 17:48 - 000003900 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{B258DE29-C842-47E0-828D-BFE7BD17BCEF} 2024-01-04 17:48 - 2024-01-04 17:48 - 000003776 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{EAF13226-9018-4F9F-B7C9-57AFEBE1647F} 2024-01-04 10:48 - 2024-01-04 10:48 - 000000000 ____D C:\Users\Net\AppData\Local\PrivaZer installation 2024-01-04 10:47 - 2024-01-04 10:47 - 024607200 _____ (Goversoft LLC) C:\Users\Net\Downloads\PrivaZer_free.exe 2024-01-03 14:44 - 2024-01-10 19:44 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software 2024-01-03 14:44 - 2024-01-03 14:44 - 000002167 _____ C:\Users\Net\Desktop\NCH Suite.lnk 2024-01-03 14:44 - 2024-01-03 14:44 - 000002111 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk 2024-01-03 14:44 - 2024-01-03 14:44 - 000001311 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debut Vídeo Capture Software.lnk 2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\Users\Net\NCH Software Suite 2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\Users\Net\AppData\Roaming\NCH Software 2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite 2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\ProgramData\NCH Software 2024-01-03 14:27 - 2024-01-11 15:41 - 000000000 ____D C:\Windows\system32\MRT 2024-01-03 14:14 - 2024-01-03 08:49 - 000000000 ____D C:\Users\Net\Downloads\DEBUT Vídeo RECORDER 6.34 2024-01-02 22:39 - 2024-01-02 22:39 - 052369784 _____ (GiliSoft.com ) C:\Users\Net\Downloads\screen-recorder.exe 2024-01-02 22:26 - 2024-01-02 22:26 - 044430256 _____ (GiliSoft.com ) C:\Users\Net\Downloads\Vídeo-editor-setup.exe 2024-01-02 15:51 - 2024-01-16 11:20 - 000000000 ____D C:\Users\Net\AppData\Local\Malwarebytes 2024-01-02 15:51 - 2024-01-02 15:51 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2024-01-02 15:51 - 2024-01-02 15:51 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2024-01-02 15:51 - 2024-01-02 15:51 - 000000000 ____D C:\Users\Net\AppData\Local\mbam 2024-01-02 15:50 - 2024-01-02 15:50 - 000000000 ____D C:\ProgramData\Malwarebytes 2024-01-02 15:49 - 2024-01-02 15:50 - 000000000 ____D C:\Program Files\Malwarebytes 2024-01-01 18:04 - 2024-01-01 18:04 - 024607200 _____ (Goversoft LLC) C:\Users\Icebrave\Downloads\PrivaZer_free.exe 2024-01-01 18:03 - 2024-01-13 21:02 - 000000000 ____D C:\Users\Icebrave\AppData\Local\privazer 2024-01-01 18:03 - 2024-01-01 18:03 - 000003262 _____ C:\Windows\system32\Tasks\PrivaZer_SkipUAC 2024-01-01 18:03 - 2024-01-01 18:03 - 000000000 ____D C:\ProgramData\privazer 2024-01-01 17:13 - 2024-01-01 17:13 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Thunderbird 2024-01-01 17:13 - 2024-01-01 17:13 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Thunderbird 2024-01-01 16:28 - 2024-01-01 16:28 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk 2024-01-01 16:28 - 2024-01-01 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller 2024-01-01 16:28 - 2024-01-01 16:28 - 000000000 ____D C:\Program Files\VS Revo Group 2024-01-01 16:27 - 2024-01-01 16:27 - 006970144 _____ (VS Revo Group ) C:\Users\Icebrave\Downloads\revosetup.exe 2024-01-01 15:09 - 2024-01-01 15:09 - 000000000 ____D C:\Users\Net\AppData\Roaming\Boilsoft 2024-01-01 07:29 - 2024-01-01 15:28 - 000000000 ____D C:\Users\Net\AppData\Roaming\Boilsoft Vídeo Splitter 2024-01-01 07:28 - 2024-01-01 07:28 - 000002491 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boilsoft Vídeo Splitter.lnk 2024-01-01 07:28 - 2024-01-01 07:28 - 000000000 ____D C:\Users\Net\AppData\Local\boilsoft-Vídeo-splitter-updater 2023-12-31 16:49 - 2023-12-31 16:49 - 000000056 _____ C:\Users\Net\Documents\EINSTEN.txt 2023-12-31 15:31 - 2023-12-31 15:31 - 000000000 ____D C:\Users\Net\Desktop\GiliSoft Vídeo Editor Pro 2023-12-31 15:26 - 2023-12-31 15:26 - 000000000 ____D C:\Users\Net\AppData\Roaming\VideoCrop 2023-12-31 15:25 - 2024-01-03 15:09 - 000000000 ____D C:\Users\Net\AppData\Roaming\GiliSoft 2023-12-30 22:36 - 2023-12-30 22:36 - 004796664 _____ C:\Users\Net\Downloads\videoeditorpro_installer.exe 2023-12-30 21:42 - 2024-01-11 18:13 - 000000000 ____D C:\AdwCleaner 2023-12-30 21:41 - 2023-12-30 21:41 - 008791352 _____ (Malwarebytes) C:\Users\Net\Desktop\adwcleaner.exe 2023-12-30 21:40 - 2023-12-30 21:40 - 002606880 _____ (Malwarebytes) C:\Users\Net\Downloads\MBSetup.exe 2023-12-30 19:47 - 2023-12-30 19:47 - 000001888 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk 2023-12-30 19:47 - 2023-12-30 19:47 - 000001876 _____ C:\Users\Public\Desktop\Shotcut.lnk 2023-12-30 19:47 - 2023-12-30 19:47 - 000000000 ____D C:\Users\Net\AppData\Local\Meltytech 2023-12-30 19:45 - 2023-12-30 19:47 - 000000000 ____D C:\Program Files\Shotcut 2023-12-30 19:44 - 2023-12-30 19:44 - 000000000 ____D C:\Users\Net\AppData\Local\OneDrive 2023-12-30 18:52 - 2023-12-30 18:52 - 104117240 _____ C:\Users\Net\Downloads\shotcut-win64-221221.exe 2023-12-30 16:13 - 2023-12-30 16:13 - 000000000 ____D C:\Users\Net\AppData\Local\ToastNotificationManagerCompat 2023-12-30 15:43 - 2023-12-30 15:43 - 000000062 _____ C:\Users\Net\Documents\SETE HOMENS.txt 2023-12-30 15:32 - 2023-12-30 19:37 - 000000000 ____D C:\Users\Net\AppData\Roaming\HandBrake 2023-12-30 15:31 - 2023-12-30 15:31 - 000000000 ____D C:\ProgramData\Package Cache 2023-12-30 15:31 - 2023-12-30 15:31 - 000000000 ____D C:\Program Files\dotnet 2023-12-30 15:28 - 2023-12-30 15:28 - 023627928 _____ C:\Users\Net\Downloads\HandBrake-1.7.2-x86_64-Win_GUI.exe 2023-12-30 15:28 - 2023-12-30 15:28 - 000000873 _____ C:\Users\Public\Desktop\HandBrake.lnk 2023-12-30 15:28 - 2023-12-30 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake 2023-12-30 15:28 - 2023-12-30 15:28 - 000000000 ____D C:\Program Files\HandBrake 2023-12-30 14:25 - 2024-01-11 18:28 - 000000000 ____D C:\Users\Net\AppData\LocalLow\Temp 2023-12-28 11:41 - 2023-12-28 11:41 - 000050543 _____ C:\Users\Net\Downloads\LIBRE-GASTOS-2023.xlsm - DEZEMBRO-1.pdf 2023-12-27 21:59 - 2023-12-27 21:59 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory 2023-12-27 21:58 - 2023-12-27 21:58 - 000003662 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask 2023-12-27 21:57 - 2023-12-27 21:57 - 000000000 ____D C:\Users\Net\Downloads\FormatFactory2023_12_27 2023-12-27 20:37 - 2023-12-27 20:37 - 000410926 _____ C:\Users\Net\Downloads\DCTORW-S1.zip 2023-12-27 20:37 - 2023-12-27 20:37 - 000000000 ____D C:\Users\Net\Downloads\DCTORW-S1 2023-12-27 20:31 - 2023-12-27 20:31 - 000137032 _____ (Zoom Vídeo Communications, Inc.) C:\Users\Net\Downloads\Zoom_cm_fo42anktZ9vvrZo4_mxAorGcvQzVJNRFIPcfqKGF5EwFOlFxGciA@ACkJAYQcjPhGkTvO_k446c39d91169dc49_.exe 2023-12-27 20:02 - 2023-12-27 20:04 - 000000000 ____D C:\Users\Net\Downloads\Quadrilogia - Piratas do Caribe (2003.2011) BDRip 1080p 5.1 Dublado - Douglasvip 2023-12-27 14:02 - 2023-12-27 14:02 - 000000000 ____D C:\Users\Net\AppData\Local\HP 2023-12-26 17:53 - 2023-12-26 17:53 - 000000077 _____ C:\Users\Net\Documents\Curso-Dalton.txt 2023-12-26 17:34 - 2023-12-26 17:34 - 000000000 ____D C:\Users\Net\Downloads\Tube Digger 2023-12-26 14:45 - 2023-12-26 14:46 - 000000000 ____D C:\ProgramData\ConfigData 2023-12-26 14:45 - 2023-12-26 14:45 - 003277304 _____ C:\Users\Net\Downloads\itubego_18.exe 2023-12-26 14:18 - 2023-12-26 14:18 - 000000000 ____D C:\Users\Icebrave\AppData\Local\FastStone 2023-12-26 13:44 - 2023-12-26 13:45 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\XnView 2023-12-26 13:44 - 2023-12-26 13:44 - 000001276 _____ C:\Users\Icebrave\Desktop\XnView.lnk 2023-12-26 13:32 - 2024-01-01 15:07 - 000000000 ____D C:\Users\Net\AppData\Roaming\XnView 2023-12-26 13:32 - 2023-12-26 13:32 - 000000000 ____D C:\Users\Net\Downloads\XnView-win-full 2023-12-26 13:31 - 2015-04-26 15:32 - 023352708 _____ C:\Users\Net\Downloads\XnView-win-full.zip 2023-12-26 13:08 - 2023-12-26 13:08 - 000000057 _____ C:\Users\Icebrave\Desktop\Hora.bat 2023-12-26 13:03 - 2023-12-26 13:03 - 000000440 _____ C:\Users\Icebrave\Desktop\text.reg 2023-12-26 12:33 - 2023-12-26 12:33 - 000003808 _____ C:\Windows\system32\Tasks\WpsUpdateTask_Icebrave 2023-12-26 10:19 - 2023-12-26 10:19 - 000000000 ____D C:\Users\Icebrave\AppData\Local\OneDrive 2023-12-26 10:17 - 2023-12-26 13:08 - 000000057 _____ C:\Users\Net\Desktop\Hora.bat 2023-12-25 13:20 - 2023-12-25 13:20 - 000000000 ____D C:\Users\Icebrave\AppData\Local\cache 2023-12-24 19:32 - 2023-12-24 19:33 - 003776223 _____ C:\Users\Icebrave\Downloads\Dism++10.1.1002.1.zip 2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\Documents\FormatFactory 2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\AppData\Local\FTMod 2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\AppData\Local\cache 2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\AppData\Local\BrightData 2023-12-24 16:47 - 2023-12-24 16:55 - 000000000 ____D C:\Users\Icebrave\Downloads\Dism++10.1.1002.1 2023-12-24 16:47 - 2023-12-24 16:47 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\WinRAR 2023-12-24 13:01 - 2023-12-24 13:01 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\MPC-HC 2023-12-23 15:04 - 2023-12-23 15:04 - 000046520 _____ C:\Users\Net\Downloads\LIBRE-GASTOS-2023.xlsm - DEZEMBRO.pdf 2023-12-23 13:53 - 2023-12-23 13:53 - 000000000 ____D C:\Users\Net\Downloads\Piratas do Caribe 3 No Fim Do Mundo 2023-12-23 13:49 - 2023-12-23 13:50 - 000000000 ____D C:\Users\Net\Downloads\Piratas do Caribe 2 O Baú Da Morte 2023-12-22 15:59 - 2024-01-12 14:44 - 000000000 ____D C:\Users\Net\AppData\Roaming\Telegram Desktop 2023-12-22 15:59 - 2023-12-22 15:59 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2023-12-22 15:51 - 2023-12-22 15:53 - 042681512 _____ (Telegram FZ-LLC ) C:\Users\Net\Downloads\tsetup-x64.4.12.2.exe 2023-12-21 21:51 - 2023-12-21 21:51 - 006671414 _____ (TheBestWare Studio) C:\Users\Net\Downloads\RadioSure-2.2.1046-setup.exe 2023-12-21 21:51 - 2023-12-21 21:51 - 000001207 _____ C:\Users\Net\Desktop\RadioSure.lnk 2023-12-21 21:51 - 2023-12-21 21:51 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioSure 2023-12-21 21:51 - 2023-12-21 21:51 - 000000000 ____D C:\Users\Net\AppData\Local\RadioSure 2023-12-21 09:57 - 2023-12-21 09:57 - 000000000 ____D C:\ProgramData\PLUG 2023-12-21 09:18 - 2023-12-21 09:18 - 000000000 ____D C:\Program Files\RUXIM 2023-12-21 06:40 - 2024-01-16 11:15 - 000000000 ____D C:\Windows\SystemTemp 2023-12-21 06:40 - 2023-12-21 06:41 - 000000000 ____D C:\Windows\InboxApps 2023-12-21 06:40 - 2023-12-21 06:40 - 000000000 ____D C:\Windows\system32\Drivers\mde 2023-12-20 13:53 - 2023-12-20 13:53 - 000000000 ____D C:\Windows\system32\appmgmt 2023-12-20 11:39 - 2024-01-02 13:50 - 000000000 ___HD C:\Users\Net\Documents\WPS Cloud Files 2023-12-20 11:36 - 2023-12-20 11:36 - 000000000 ____D C:\Users\Net\AppData\Local\CEF 2023-12-20 11:35 - 2024-01-15 04:46 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office 2023-12-20 11:35 - 2023-12-27 14:15 - 000003788 _____ C:\Windows\system32\Tasks\WpsUpdateTask_Net 2023-12-20 11:35 - 2023-12-20 11:35 - 000000000 ___HD C:\Users\Net\Documents\KingsoftData 2023-12-20 11:34 - 2023-12-20 11:38 - 000000000 ____D C:\Users\Net\AppData\Roaming\kingsoft 2023-12-20 11:34 - 2023-12-20 11:34 - 000000000 ____D C:\Users\Net\AppData\Local\Kingsoft 2023-12-20 11:33 - 2023-12-20 11:34 - 223112928 _____ (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Net\Downloads\WPSOffice_12.2.0.13359.exe 2023-12-19 10:09 - 2023-12-19 10:09 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json 2023-12-19 09:27 - 2023-12-19 09:27 - 000000000 ____D C:\Users\Net\AppData\Roaming\Foxit Software 2023-12-19 09:26 - 2023-12-19 09:26 - 000000000 ____D C:\Users\Public\Foxit Software 2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Foxit Software 2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Foxit AgentInformation 2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader 2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\ProgramData\Foxit Software 2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform 2023-12-19 09:24 - 2023-12-19 09:24 - 000000000 ____D C:\Program Files (x86)\Foxit Software 2023-12-19 09:22 - 2023-12-19 09:23 - 153014392 _____ (Foxit Software Inc. ) C:\Users\Icebrave\Downloads\FoxitPDFReader20233_L10N_Setup_Prom.exe 2023-12-19 08:33 - 2023-12-19 08:33 - 000003140 _____ C:\Windows\system32\Tasks\Toolbox.exe_{F4605C66-F9F4-4736-ABE8-8C2CB0E34B31} 2023-12-19 08:33 - 2023-12-19 08:33 - 000002289 _____ C:\Users\Public\Desktop\HP DeskJet 2130 series.lnk 2023-12-19 08:33 - 2023-12-19 08:33 - 000001236 _____ C:\Users\Public\Desktop\Comprar suprimentos - HP DeskJet 2130 series.lnk 2023-12-19 08:33 - 2023-12-19 08:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2023-12-19 08:32 - 2023-12-19 08:33 - 000000000 ____D C:\Program Files (x86)\HP 2023-12-19 08:32 - 2023-12-19 08:32 - 000000000 ____D C:\Program Files\HP 2023-12-19 08:31 - 2023-12-19 08:31 - 000000000 ____D C:\Users\Icebrave\AppData\Local\HP 2023-12-19 08:30 - 2023-12-19 08:31 - 144964672 _____ C:\Users\Icebrave\Downloads\Full_Webpack-40.15.1230-DJ2130_Full_Webpack.exe 2023-12-19 08:28 - 2023-12-19 08:28 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\HP_Easy_Start 2023-12-19 08:26 - 2023-12-19 08:32 - 000000000 ____D C:\ProgramData\HP 2023-12-19 08:25 - 2017-04-14 07:17 - 003744256 _____ (Hewlett-Packard Development Company, LP) C:\Windows\SysWOW64\HPScanTRDrv_DJ2130.dll 2023-12-19 08:25 - 2017-04-14 07:17 - 003744256 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPScanTRDrv_DJ2130.dll 2023-12-19 08:25 - 2017-04-14 07:17 - 002952840 _____ (HP Inc.) C:\Windows\system32\hpinkinsE111.exe 2023-12-19 08:25 - 2017-04-14 07:17 - 000583168 _____ (Hewlett-Packard) C:\Windows\system32\HPWia2_DJ2130.dll 2023-12-19 08:25 - 2017-04-14 07:17 - 000393352 _____ (HP Inc.) C:\Windows\system32\hpinkstsE111LM.dll 2023-12-19 08:25 - 2017-04-14 07:17 - 000328328 _____ (HP Inc.) C:\Windows\system32\hpinkcoiE111.dll 2023-12-18 17:43 - 2023-12-18 17:45 - 000000000 ____D C:\Users\Net\Downloads\Esquadrão Suicida 720p WWW.TORRENTDOSFIMES.COM 2023-12-18 17:20 - 2024-01-01 18:26 - 000000000 ____D C:\FFOutput 2023-12-18 17:20 - 2023-12-18 17:20 - 000000000 ____D C:\Users\Icebrave\Documents\FormatFactory 2023-12-18 17:20 - 2023-12-18 17:20 - 000000000 ____D C:\Users\Icebrave\AppData\Local\FTMod 2023-12-18 17:18 - 2023-12-27 21:58 - 000000000 ____D C:\Users\Icebrave\AppData\Local\BrightData 2023-12-18 17:18 - 2023-12-27 21:58 - 000000000 ____D C:\ProgramData\BrightData 2023-12-18 17:18 - 2023-12-18 17:18 - 000000000 ____D C:\Users\Icebrave\AppData\Local\PeerDistRepub 2023-12-18 17:17 - 2023-12-27 21:58 - 000000000 ____D C:\Program Files\FormatFactory 2023-12-18 17:16 - 2023-12-18 17:17 - 102072624 _____ (Free Time Co., Ltd) C:\Users\Net\Downloads\FFSetup5.16.0.0.exe 2023-12-18 17:00 - 2023-12-18 17:03 - 000000000 ____D C:\Users\Net\Downloads\X-Men 2 2003 WWW.BLUDV.COM 2023-12-18 16:56 - 2024-01-14 10:03 - 000000000 ____D C:\Users\Net\AppData\Roaming\qBittorrent 2023-12-18 16:56 - 2023-12-18 16:57 - 000000000 ____D C:\Users\Net\AppData\Local\qBittorrent 2023-12-18 16:56 - 2023-12-18 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent 2023-12-18 16:56 - 2023-12-18 16:56 - 000000000 ____D C:\Program Files\qBittorrent 2023-12-18 16:32 - 2023-12-18 16:32 - 000000000 ____D C:\Users\Net\AppData\Local\FastStone 2023-12-18 16:31 - 2023-12-18 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer 2023-12-18 16:31 - 2023-12-18 16:31 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer 2023-12-18 04:51 - 2024-01-12 14:16 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-12-18 04:51 - 2023-12-18 04:51 - 000000000 ____D C:\Users\Net\AppData\Roaming\Thunderbird 2023-12-18 04:51 - 2023-12-18 04:51 - 000000000 ____D C:\Users\Net\AppData\Local\Thunderbird 2023-12-17 19:45 - 2024-01-16 12:25 - 000000000 ____D C:\Users\Net\AppData\Roaming\Notepad++ 2023-12-17 18:59 - 2024-01-15 11:50 - 000000000 ____D C:\Users\Net\AppData\Local\PrivaZer 2023-12-17 18:59 - 2023-12-17 18:59 - 000002126 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk 2023-12-17 18:59 - 2023-12-17 18:59 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer 2023-12-17 17:25 - 2023-12-17 17:25 - 000000000 __SHD C:\found.000 2023-12-17 17:00 - 2024-01-14 09:56 - 000000000 ____D C:\Users\Net\AppData\Roaming\MPC-HC 2023-12-17 11:04 - 2023-12-17 11:04 - 000004110 _____ C:\Windows\system32\Tasks\infatica_p2b 2023-12-17 11:04 - 2023-12-17 11:04 - 000003300 _____ C:\Windows\system32\Tasks\klcp_update 2023-12-17 11:04 - 2023-12-17 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2023-12-17 11:04 - 2023-12-17 11:04 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2023-12-17 11:04 - 2023-12-17 11:04 - 000000000 ____D C:\Program Files (x86)\Infatica P2B 2023-12-17 11:04 - 2019-12-28 07:00 - 000784384 _____ C:\Windows\system32\xvidcore.dll 2023-12-17 11:04 - 2019-12-28 07:00 - 000681984 _____ C:\Windows\SysWOW64\xvidcore.dll 2023-12-17 11:04 - 2019-12-28 07:00 - 000310784 _____ C:\Windows\system32\xvidvfw.dll 2023-12-17 11:04 - 2019-12-28 07:00 - 000284160 _____ C:\Windows\SysWOW64\xvidvfw.dll 2023-12-17 11:04 - 2017-07-30 08:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll 2023-12-17 11:04 - 2017-07-30 08:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll 2023-12-17 11:04 - 2012-07-21 08:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm 2023-12-17 11:04 - 2012-07-21 08:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm 2023-12-17 11:04 - 2011-12-07 15:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll 2023-12-17 11:04 - 2011-12-07 15:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll 2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\WinRAR 2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Office 2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Excel 2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\AddIns 2023-12-17 10:55 - 2024-01-04 17:37 - 000000000 ___HD C:\Users\Icebrave\Documents\WPS Cloud Files 2023-12-17 10:51 - 2023-12-17 10:51 - 000004100 _____ C:\Windows\system32\Tasks\WpsExternal_Icebrave_20231217105152 2023-12-17 10:51 - 2023-12-17 10:51 - 000002551 _____ C:\Users\Icebrave\Desktop\WPS PDF.lnk 2023-12-17 10:51 - 2023-12-17 10:51 - 000002459 _____ C:\Users\Icebrave\Desktop\WPS Office.lnk 2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ___HD C:\Users\Icebrave\Documents\KingsoftData 2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office 2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Kingsoft 2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\CEF 2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\ProgramData\Kingsoft 2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Program Files (x86)\Kingsoft 2023-12-17 10:50 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\kingsoft 2023-12-17 10:50 - 2023-12-17 10:50 - 223112928 _____ (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Icebrave\Downloads\WPSOffice_12.2.0.13359.exe 2023-12-17 10:31 - 2023-12-17 10:31 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2023-12-17 10:31 - 2023-12-17 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2023-12-17 10:31 - 2023-12-17 10:31 - 000000000 ____D C:\Program Files (x86)\WinRAR ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2024-01-16 14:13 - 2023-12-16 18:13 - 000008192 ___SH C:\DumpStack.log.tmp 2024-01-16 14:13 - 2020-09-23 15:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2024-01-16 12:24 - 2023-12-16 17:21 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2024-01-16 11:43 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-01-15 20:36 - 2023-12-16 15:29 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2024-01-15 20:36 - 2019-12-07 06:03 - 000786432 _____ C:\Windows\system32\config\BBI 2024-01-15 19:14 - 2020-09-23 15:16 - 001741824 _____ C:\Windows\system32\PerfStringBackup.INI 2024-01-15 19:14 - 2019-12-07 11:54 - 000752436 _____ C:\Windows\system32\prfh0416.dat 2024-01-15 19:14 - 2019-12-07 11:54 - 000148550 _____ C:\Windows\system32\prfc0416.dat 2024-01-15 19:14 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF 2024-01-15 13:57 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness 2024-01-15 05:02 - 2023-12-16 17:32 - 000000000 ____D C:\Users\Net 2024-01-14 14:04 - 2020-09-23 15:05 - 000000000 ____D C:\Windows\system32\SleepStudy 2024-01-14 13:56 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2024-01-14 13:52 - 2023-12-16 17:34 - 000000000 ____D C:\Users\Net\AppData\Local\D3DSCache 2024-01-14 03:01 - 2023-12-16 16:33 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Everything 2024-01-14 03:01 - 2023-12-16 16:27 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Everything 2024-01-14 02:40 - 2023-12-16 16:02 - 000000000 ____D C:\Users\Icebrave 2024-01-14 01:17 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2024-01-12 17:10 - 2023-12-16 18:19 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-01-12 17:00 - 2023-12-16 17:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2024-01-12 13:53 - 2020-09-23 15:05 - 000445928 _____ C:\Windows\system32\FNTCACHE.DAT 2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs 2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources 2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup 2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellExperiences 2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr 2024-01-11 20:06 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp 2024-01-09 19:42 - 2023-12-16 17:21 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2024-01-08 20:32 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2024-01-08 20:03 - 2023-12-16 16:07 - 000000000 ____D C:\Users\Icebrave\AppData\Local\D3DSCache 2024-01-08 15:01 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Packages 2024-01-04 19:55 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\ConnectedDevicesPlatform 2024-01-04 17:35 - 2023-12-16 16:44 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Notepad++ 2024-01-04 17:31 - 2023-12-16 16:44 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2024-01-02 15:50 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2024-01-01 18:02 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Publishers 2024-01-01 18:02 - 2020-09-23 15:09 - 000000000 ____D C:\ProgramData\Packages 2024-01-01 18:01 - 2023-12-16 16:07 - 000000000 ____D C:\Users\Icebrave\AppData\Local\PlaceholderTileLogoFolder 2024-01-01 18:01 - 2020-09-23 15:09 - 000000000 __RHD C:\Users\Public\AccountPictures 2024-01-01 17:58 - 2023-12-16 16:10 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Excel 2023-12-26 12:34 - 2023-12-16 16:41 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Publisher Building Blocks 2023-12-25 13:20 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\AMD 2023-12-24 17:08 - 2023-12-16 17:32 - 000000000 ____D C:\Users\Net\AppData\Local\AMD 2023-12-23 11:20 - 2023-12-16 16:06 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Teams 2023-12-23 11:19 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-12-22 16:21 - 2023-12-16 17:32 - 000000000 ____D C:\Users\Net\AppData\Local\Packages 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\SysWOW64\F12 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\UNP 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Com 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform 2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Sysprep 2023-12-21 06:41 - 2020-09-23 17:00 - 000000000 ___SD C:\Windows\system32\AppV 2023-12-21 06:41 - 2020-09-23 17:00 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2023-12-21 06:41 - 2019-12-07 11:57 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2023-12-21 06:41 - 2019-12-07 11:57 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\F12 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\PrintDialog 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\ShellExperiences 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lv-LV 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lt-LT 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Keywords 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\et-EE 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\es-MX 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\DDFs 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Com 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellComponents 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\Provisioning 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\IME 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\DiagTrack 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System 2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2023-12-21 06:41 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\servicing 2023-12-21 06:40 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemApps 2023-12-21 06:40 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\appcompat 2023-12-20 11:39 - 2019-12-07 11:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll 2023-12-20 11:39 - 2019-12-07 11:57 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml 2023-12-20 11:39 - 2019-12-07 06:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll 2023-12-20 11:39 - 2019-12-07 06:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll 2023-12-19 10:08 - 2020-09-23 15:07 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-12-19 09:14 - 2023-12-16 16:07 - 000003580 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-702104581-954937399-490591429-1002 2023-12-19 09:13 - 2023-12-16 16:06 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-702104581-954937399-490591429-1002 2023-12-19 09:13 - 2023-12-16 16:02 - 000002390 _____ C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-12-18 17:06 - 2020-09-23 15:04 - 000000000 ____D C:\Windows\Panther 2023-12-18 16:29 - 2023-12-16 17:37 - 000000000 ____D C:\Users\Net\AppData\Local\PlaceholderTileLogoFolder 2023-12-17 18:33 - 2023-12-16 17:33 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Teams 2023-12-17 17:21 - 2023-12-16 17:34 - 000003580 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-702104581-954937399-490591429-1003 2023-12-17 17:21 - 2023-12-16 17:34 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-702104581-954937399-490591429-1003 2023-12-17 17:21 - 2023-12-16 17:32 - 000002375 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-12-17 17:20 - 2023-12-16 17:40 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Spelling ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 16.01.2024 Executado por Icebrave (16-01-2024 12:38:46) Executando a partir de C:\Users\Net\Desktop Microsoft Windows 10 Pro Versão 22H2 19045.3930 (X64) (2023-12-16 18:23:59) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-702104581-954937399-490591429-500 - Administrator - Disabled) Convidado (S-1-5-21-702104581-954937399-490591429-501 - Limited - Disabled) DefaultAccount (S-1-5-21-702104581-954937399-490591429-503 - Limited - Disabled) Icebrave (S-1-5-21-702104581-954937399-490591429-1002 - Administrator - Enabled) => C:\Users\Icebrave Net (S-1-5-21-702104581-954937399-490591429-1003 - Limited - Enabled) => C:\Users\Net WDAGUtilityAccount (S-1-5-21-702104581-954937399-490591429-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Boilsoft Vídeo Splitter 8.3.3 (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\cfc26c2a-150b-5ef7-9bdf-a41433ec180c) (Version: 8.3.3 - ) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP) Debut Vídeo Capture Software (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Debut) (Version: 9.46 - NCH Software) Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools) FastStone Image Viewer 7.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.8 - FastStone Corporation) FormatFactory 5.16.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.16.0.0 - Free Time) Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2023.3.0.23028 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.217 - Google LLC) HandBrake 1.7.2 (HKLM-x32\...\HandBrake) (Version: 1.7.2 - ) HP DeskJet 2130 series Software básico do dispositivo (HKLM\...\{30135B68-7334-4D1B-8AB4-A79EF84ECDE1}) (Version: 40.15.1230.21319 - HP Inc.) HP Dropbox Plugin (HKLM-x32\...\{8533E879-3794-426D-96B1-B010B56B03F5}) (Version: 40.13.54.81239 - HP) HP Google Drive Plugin (HKLM-x32\...\{57E78C1A-6BCB-42E9-B3A5-54A05CA85E1C}) (Version: 40.13.54.81239 - HP) Infatica P2B Network (HKLM-x32\...\{C989163F-E0E5-4DE3-B7F5-46C77F411451}_is1) (Version: 1.1.4.0 - ) K-Lite Mega Codec Pack 18.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 18.0.0 - KLCP) Malwarebytes version 4.6.7.301 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.7.301 - Malwarebytes) Microsoft .NET Host - 6.0.25 (x64) (HKLM\...\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM\...\{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.25 (x64) (HKLM\...\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.133 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.133 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-702104581-954937399-490591429-1002\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM\...\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32\...\{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation) Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 121.0.1 (x64 pt-BR)) (Version: 121.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.5.2 - Mozilla) Mozilla Thunderbird (x64 pt-BR) (HKLM\...\Mozilla Thunderbird 115.6.1 (x64 pt-BR)) (Version: 115.6.1 - Mozilla) Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6 - Notepad++ Team) PrivaZer (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\PrivaZer) (Version: 4.0.81.0 - Goversoft LLC) qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.2 - The qBittorrent project) RadioSure (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\RadioSure) (Version: - ) Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.) Shotcut (HKLM\...\Shotcut) (Version: 22.12.21 - Meltytech, LLC) Telegram Desktop (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.14.4 - Telegram FZ-LLC) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation) WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) WPS Office (12.2.0.13359) (HKU\S-1-5-21-702104581-954937399-490591429-1002\...\Kingsoft Office) (Version: 12.2.0.13359 - Kingsoft Corp.) WPS Office (12.2.0.13412) (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Kingsoft Office) (Version: 12.2.0.13412 - Kingsoft Corp.) Zoom (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\ZoomUMX) (Version: 5.17.1 (28914) - Zoom Vídeo Communications, Inc.) Packages: ========= HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.1.1087.0_x64__v10z8vjag6ke6 [2024-01-08] (HP Inc.) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-12-23] (Microsoft Studios) [MS Ad] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1002_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1002_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [Arquivo não assinado] CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13412\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{9ed26d04-bb53-4559-a405-a0245d494b44}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Nenhum Arquivo ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2023-07-21] (Free Time) [Arquivo não assinado] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [Arquivo não assinado] ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [Arquivo não assinado] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-02] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2023-07-21] (Free Time) [Arquivo não assinado] ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [Arquivo não assinado] ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [Arquivo não assinado] ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-02] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [Arquivo não assinado] ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [Arquivo não assinado] ContextMenuHandlers1_S-1-5-21-702104581-954937399-490591429-1002: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ContextMenuHandlers4_S-1-5-21-702104581-954937399-490591429-1002: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ContextMenuHandlers1_S-1-5-21-702104581-954937399-490591429-1003: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ContextMenuHandlers4_S-1-5-21-702104581-954937399-490591429-1003: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) ==================== Codecs (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [Arquivo não assinado] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [Arquivo não assinado] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Arquivo não assinado] ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= 2023-12-17 10:31 - 2008-06-20 00:41 - 000062464 _____ () [Arquivo não assinado] C:\Program Files (x86)\WinRAR\rarext64.dll 2023-07-21 09:20 - 2023-07-21 09:20 - 000344064 _____ (Free Time) [Arquivo não assinado] C:\Program Files\FormatFactory\ShellEx_108.dll ==================== Alternate Data Streams (Whitelisted) ======== (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\Users\Net\Desktop\FRST64.exe:MBAM.Zone.Identifier [193] AlternateDataStreams: C:\Users\Net\Desktop\ZHPCleaner.exe:MBAM.Zone.Identifier [172] ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== Handler: mso-minsb-roaming.16 - Nenhum Valor CLSID Handler: mso-minsb.16 - Nenhum Valor CLSID Handler: osf-roaming.16 - Nenhum Valor CLSID Handler: osf.16 - Nenhum Valor CLSID ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-12-07 06:14 - 2024-01-03 14:48 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-702104581-954937399-490591429-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg HKU\S-1-5-21-702104581-954937399-490591429-1003\Control Panel\Desktop\\Wallpaper -> DNS Servers: O Suporte não está conectado à internet. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) HKLM\...\StartupApproved\Run: => "SecurityHealth" HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData" HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData" HKU\S-1-5-21-702104581-954937399-490591429-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_DE42051A7061B4E326E1FAAC622AFB84" HKU\S-1-5-21-702104581-954937399-490591429-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-702104581-954937399-490591429-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-702104581-954937399-490591429-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_4F469AB9D1336CB61BA9F80E8F2FF34A" HKU\S-1-5-21-702104581-954937399-490591429-1003\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-702104581-954937399-490591429-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{C72086E9-20EC-41B7-B93A-4A41281BB9D4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => Nenhum Arquivo FirewallRules: [{E11EED0C-28DC-41E3-A86C-732347E676DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => Nenhum Arquivo FirewallRules: [{9354F41F-CE9E-40B2-B496-D8F77F543E72}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{ECD57F3B-6C35-4B81-8A04-5F7B94AEF261}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{0AC9FBB3-AA69-440F-B89F-4B9263CC9B0B}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wps.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) FirewallRules: [{BE929A88-4ECB-407F-B05F-2E32C8E00C36}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpscloudsvr.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) FirewallRules: [{B65D91CC-DC47-473F-9288-7ECC671493D6}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\promecefpluginhost.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) FirewallRules: [{903536E5-925A-4C71-ABA0-56EC3B96D3D8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado] FirewallRules: [{8F1997F6-0D78-4DCA-B232-6E0B9CB675B7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado] FirewallRules: [{18E257FE-20BF-41D2-8155-1D584FA20E10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{647CDAA6-F9F7-4074-839C-9DF0B7A35C97}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2E7A89E0-811A-46B0-9A15-727EE08BD25A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{69C3EA7D-9647-4D5F-9895-739EE48C21B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7056C802-9E87-43A5-88A6-81FD770A91EA}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{E5E4D007-00A9-484F-B0CF-39CE558546E6}] => (Allow) C:\Users\Net\AppData\Local\Temp\7zS4823\HP.EasyStart.exe => Nenhum Arquivo FirewallRules: [{CC08EF41-5A84-4988-8B5D-3964E7AD9813}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (HP Inc. -> HP Inc.) FirewallRules: [{D68557E5-1363-4609-BC52-DCFDEDC3D62A}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.) FirewallRules: [{B9415BBD-E501-463F-9EED-A36A6ECE3923}] => (Allow) C:\Users\Icebrave\AppData\Local\Temp\7zS4C2F\HP.EasyStart.exe (HP Inc. -> HP) FirewallRules: [TCP Query User{844943BF-F5A1-4CEC-83B9-3050C6F93F38}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado] FirewallRules: [UDP Query User{CF5FCAF9-7F8A-4562-B600-E4494FF286E5}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado] FirewallRules: [{2EA5C0AF-013B-400E-BD3D-5C129EC63237}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{87BCE124-CFB1-4234-AF99-1726E72E7478}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{8C8A6240-24CC-46FC-96E4-865B3CCF8CDB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.133\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Pontos de Restauração ========================= 16-01-2024 12:08:11 ZHPcleaner ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (01/16/2024 11:16:11 AM) (Source: Firefox Notification Server) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/14/2024 09:18:33 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (01/09/2024 10:22:07 PM) (Source: Windows Search Service) (EventID: 3007) (User: ) Description: Não é possível inicializar o monitoramento de desempenho não para o objeto coletor, pois os contadores não estão carregados ou o objeto de memória compartilhado não pode ser aberto. Isso afeta somente a disponibilidade dos contadores de desempenho. Reinicie o computador. Contexto: Aplicativo , Catálogo SystemIndex Error: (01/09/2024 07:05:57 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (01/08/2024 08:02:07 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (01/08/2024 03:06:43 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (01/07/2024 01:54:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em FILES (E:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A) Error: (01/06/2024 11:15:43 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Erros de Sistema: ============= Error: (01/16/2024 11:36:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Foxit PDF Reader Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/16/2024 11:36:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço AMD External Events Utility foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/14/2024 10:45:24 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NPVV5ON) Description: O servidor {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} não se registrou no DCOM dentro do tempo limite necessário. Error: (01/14/2024 01:52:44 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento do sistema que ocorreu às 01:12:12 do dia ‎14/‎01/‎2024 não era esperado. Error: (01/12/2024 11:35:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Serviço Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (01/12/2024 11:35:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Foxit PDF Reader Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/12/2024 11:35:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço AMD External Events Utility foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/11/2024 06:13:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Serviço Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. ==================== Informações da Memória =========================== BIOS: American Megatrends Inc. 0701 06/23/2014 placa-mãe: ASUSTeK COMPUTER INC. A58M-A/BR Processador: AMD A8-7650K Radeon R7, 10 Compute Cores 4C+6G Percentagem de memória em uso: 59% RAM física total: 7110.45 MB RAM física disponível: 2860.32 MB Virtual Total: 8262.45 MB Virtual disponível: 3302.41 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:540.12 GB) (Free:442.96 GB) (Model: ST31000524AS) NTFS Drive d: (Novo volume) (Fixed) (Total:292.96 GB) (Free:219.59 GB) (Model: ST31000524AS) exFAT \\?\Volume{759ddace-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.57 GB) (Free:0.15 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 759DDACE) Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=540.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=97.9 GB) - (Type=0F Extended) Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ======================= Desde já agradeço por alguma ajuda e fico no aguardo de mais procedimentos. Att. Alexander Cunha