Alexander Cunha

16 de janeiro

Boa tarde a todos os amigos do forum.

Peço que por favor analisem os logs, os sintomas são:

- Muita lentidão do PC, especialmente quando estou conectado a Internet

- Não sei se isso tem a ver com alguma infecção, mas a Net fica muito instavel principalmente pra acessar sites de banco.

- Do nada o PC fica reiniciando.

# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-16-2024
# Duration: 00:00:01
# OS:       Windows 10 (Build 19045.3930)
# Cleaned: 1
# Failed:   0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

Deleted kffplnohkmnjpakkgahhbpndamfidlkb

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1420 octets] - [30/12/2023 21:42:33]
AdwCleaner[C00].txt - [1610 octets] - [30/12/2023 21:42:50]
AdwCleaner[S01].txt - [1542 octets] - [30/12/2023 21:43:10]
AdwCleaner[S02].txt - [1631 octets] - [11/01/2024 18:13:35]
AdwCleaner[C02].txt - [1801 octets] - [11/01/2024 18:14:05]
AdwCleaner[S03].txt - [1753 octets] - [12/01/2024 11:35:23]
AdwCleaner[C03].txt - [1923 octets] - [12/01/2024 11:35:42]
AdwCleaner[S04].txt - [1875 octets] - [16/01/2024 11:36:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ##########

~ ZHPCleaner v2024.1.9.2 by Nicolas Coolman (2024/01/09)
~ Run by Icebrave (Administrator) (16/01/2024 12:19:14)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Icebrave\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Icebrave\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 19045)

---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (1)
DELETED: [5sj018hq.default-release] - user_pref("browser.topsites.contile.cachedTiles", "[{\"id\":74357,\"name\":\"Amazon\",\"url\":\"http[...] =>PUP.Optional.Booking

---\\ Hosts file (1)
~ The hosts file is legitimate (21)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (12)
MOVED file: C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\History    =>.SUP.BrowserHistoric
MOVED file: C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\History    =>.SUP.BrowserHistoric
MOVED file: \Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: \Users\Net\AppData\Local\Google\Chrome\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: \Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>Préférences Chromium
MOVED file: \Users\Net\AppData\Local\Microsoft\Edge\User Data\Default\Preferences    =>Préférences Chromium
MOVED folder: C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Mozilla\Firefox\Profiles\vpumhnyi.default\Cache2 =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Mozilla\Firefox\Profiles\5sj018hq.default-release\Cache2 =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Thunderbird\Profiles\vpumhnyi.default\Cache2 =>.SUP.BrowserCache
MOVED folder: C:\Users\Icebrave\AppData\Local\Thunderbird\Profiles\5sj018hq.default-release\Cache2 =>.SUP.BrowserCache

---\\ Registry ( Key, Value, Data) (2)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5f7bc1e2-4bda-4ca1-8d18-bb68280c1e0e}\\DhcpNameServer [Bad : 181.213.132.6 181.213.132.7] =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 181.213.132.6 181.213.132.7] =>Hijacker.Browser

---\\ Summary of the elements found (5)
https://nicolascoolman.eu/forum/Topic/booking-logiciel-potentiellement-indesirable-pup-lpi/ =>PUP.Optional.Booking
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserHistoric
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium
https://nicolascoolman.eu/2023/07/18/les-caches-et-historiques-de-navigateurs/ =>.SUP.BrowserCache
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/ =>Hijacker.Browser

---\\ Other deletions. (0)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Google Chrome OK
~ Microsoft Edge OK
~ Mozilla Firefox OK
~ Microsoft Internet Explorer OK
~ Thunderbird OK

---\\ Statistics
~ Items scanned : 4097
~ Items found : 0
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 10/18

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of clean in 00h01mn33s

---\\ Reports (2)
ZHPCleaner-[S]-16012024-12_03_10.txt
ZHPCleaner-[R]-16012024-12_20_47.txt

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 16.01.2024
Executado por Icebrave (administrador) em DESKTOP-NPVV5ON (16-01-2024 12:33:04)
Executando a partir de C:\Users\Net\Desktop\FRST64.exe
Perfis Carregados: Icebrave & Net
Plataforma: Microsoft Windows 10 Pro Versão 22H2 19045.3930 (X64) Idioma: Português (Brasil)
Navegador padrão: FF
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(explorer.exe ->) (voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <28>
(Notepad++ -> Don HO [email protected]) C:\Program Files\Notepad++\notepad++.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\prevhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Icebrave\AppData\Local\Microsoft\Teams\Update.exe [2452112 2023-12-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Nenhum Arquivo)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-702104581-954937399-490591429-1002\...\Run: [MicrosoftEdgeAutoLaunch_DE42051A7061B4E326E1FAAC622AFB84] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854272 2024-01-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Run: [MicrosoftEdgeAutoLaunch_4F469AB9D1336CB61BA9F80E8F2FF34A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854272 2024-01-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Net\AppData\Local\Microsoft\Teams\Update.exe [2452112 2023-12-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\Windows\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.217\Installer\chrmstp.exe [2024-01-12] (Google LLC -> Google LLC)
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) =================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {1DA84CB4-ABC8-43B2-8442-E6BF85B1287F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5550856 2023-12-19] (Microsoft Windows -> Microsoft Corporation)
Task: {D73C80EF-1466-4F43-93D0-CAA40A964D96} - System32\Tasks\GoogleUpdateTaskMachineCore{EAF13226-9018-4F9F-B7C9-57AFEBE1647F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-01-04] (Google LLC -> Google LLC)
Task: {BF5BE23D-9235-4F76-8318-5C927B06F61C} - System32\Tasks\GoogleUpdateTaskMachineUA{B258DE29-C842-47E0-828D-BFE7BD17BCEF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162080 2024-01-04] (Google LLC -> Google LLC)
Task: {A852E842-7B14-424B-B092-7F0D94C4CE1E} - System32\Tasks\infatica_p2b => C:\Program Files (x86)\Infatica P2B\infatica_agent.exe [3708512 2023-10-30] (Infatica Pte. Ltd. -> )
Task: {C793EEAD-FB37-44A5-B89D-ACE2A07D756C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-12-13] () [Arquivo não assinado]
Task: {A725C931-5F8D-4A19-944F-E37C17835AFB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Nenhum Arquivo)
Task: {3AD47504-F5EC-4D45-A07B-E50DED33F281} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Nenhum Arquivo)
Task: {3A737991-6F2E-4A28-863E-80443E608B42} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2024-01-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {8513B3D4-E1EC-4860-8E35-9C05E6EB8490} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2024-01-09] (Mozilla Corporation -> Mozilla Foundation)
Task: {F5B85923-5348-4286-8C7E-11A06FB6E7A8} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Net\AppData\Local\PrivaZer installation\PrivaZer.exe [24742368 2024-01-04] (Goversoft LLC -> Goversoft LLC)
Task: {EB8719A6-BC52-4D88-967F-0A281A59A7D8} - System32\Tasks\Toolbox.exe_{F4605C66-F9F4-4736-ABE8-8C2CB0E34B31} => C:\Program Files\HP\HP DeskJet 2130 series\Bin\Toolbox.exe [6075552 2021-11-15] (HP Inc. -> HP Inc.)
Task: {E2C01369-C846-4014-ADC2-5545B92D006B} - System32\Tasks\WpsExternal_Icebrave_20231217105152 => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpscloudsvr.exe [965520 2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {866E56F7-BB64-4B9E-9979-010E501BF0DE} - System32\Tasks\WpsExternal_Net_20240114165257 => C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13412\office6\wpscloudsvr.exe [965520 2024-01-14] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) -> /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugin_entry=ktaskschdtool.dll /task=wpsexternal /launchtask /ver=1.0 /start_from=task_external
Task: {93769C57-253C-4617-BCF3-96948A374067} - System32\Tasks\WpsUpdateTask_Icebrave => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpsupdate.exe [1494416 2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {93344D61-FD63-4D2C-87F1-05413414902E} - System32\Tasks\WpsUpdateTask_Net => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpsupdate.exe [1494416 2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Edge:
=======
Edge Profile: C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-16]
Edge HomePage: Default -> hxxp://www.google.com/
Edge Extension: (Documentos Google off-line) - C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-12-16]
Edge Extension: (Edge relevant text changes) - C:\Users\Icebrave\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-12-16]

FireFox:
========
FF DefaultProfile: vpumhnyi.default
FF ProfilePath: C:\Users\Icebrave\AppData\Roaming\Mozilla\Firefox\Profiles\vpumhnyi.default [2023-12-16]
FF ProfilePath: C:\Users\Icebrave\AppData\Roaming\Mozilla\Firefox\Profiles\5sj018hq.default-release [2024-01-14]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-11-13] (FOXIT SOFTWARE INC. -> Foxit Corporation)

Chrome:
=======
CHR Profile: C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default [2024-01-16]
CHR Extension: (Documentos Google off-line) - C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-08]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Icebrave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-01-08]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2438128 2023-11-11] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9405400 2024-01-02] (Malwarebytes Inc. -> Malwarebytes)
S4 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe [965520 2023-12-20] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2020-09-24] (Microsoft Corporation) [Arquivo não assinado]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2024-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222784 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2024-01-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [200104 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2024-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239576 2024-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2024-01-16 12:33 - 2024-01-16 12:34 - 000014231 _____ C:\Users\Net\Desktop\FRST.txt
2024-01-16 12:32 - 2024-01-16 12:33 - 000000000 ____D C:\FRST
2024-01-16 12:20 - 2024-01-16 12:20 - 000011402 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (R).html
2024-01-16 12:20 - 2024-01-16 12:20 - 000004249 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (R).txt
2024-01-16 12:03 - 2024-01-16 12:03 - 000011107 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (S).html
2024-01-16 12:03 - 2024-01-16 12:03 - 000004063 _____ C:\Users\Icebrave\Desktop\ZHPCleaner (S).txt
2024-01-16 11:44 - 2024-01-16 12:20 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\ZHP
2024-01-16 11:44 - 2024-01-16 11:44 - 000000878 _____ C:\Users\Icebrave\Desktop\ZHPCleaner.lnk
2024-01-16 11:44 - 2024-01-16 11:44 - 000000000 ____D C:\Users\Icebrave\AppData\Local\ZHP
2024-01-16 11:43 - 2024-01-16 12:32 - 002389504 _____ (Farbar) C:\Users\Net\Desktop\FRST64.exe
2024-01-16 11:42 - 2024-01-16 11:44 - 003362976 _____ (Nicolas Coolman) C:\Users\Net\Desktop\ZHPCleaner.exe
2024-01-16 11:35 - 2024-01-16 11:35 - 000001622 _____ C:\Users\Icebrave\Desktop\MawwareBytes-160124.txt
2024-01-16 11:17 - 2024-01-16 11:17 - 000001787 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk
2024-01-16 11:17 - 2024-01-16 11:17 - 000001733 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\Users\Net\AppData\Roaming\Canneverbe Limited
2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Canneverbe Limited
2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\ProgramData\Canneverbe Limited
2024-01-16 11:17 - 2024-01-16 11:17 - 000000000 ____D C:\Program Files\CDBurnerXP
2024-01-14 16:52 - 2024-01-14 16:52 - 000004060 _____ C:\Windows\system32\Tasks\WpsExternal_Net_20240114165257
2024-01-14 02:42 - 2024-01-14 02:42 - 000323799 _____ C:\Users\Net\Downloads\kali-linux-2023.4-installer-amd64.iso.torrent
2024-01-13 11:28 - 2024-01-13 11:28 - 000000000 ____D C:\Program Files\Easy2Boot_v2.19
2024-01-11 18:10 - 2024-01-11 18:10 - 000000695 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\adwcleaner.lnk
2024-01-11 17:59 - 2024-01-11 18:07 - 000000000 ___HD C:\$WinREAgent
2024-01-11 17:51 - 2024-01-11 17:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\mbam
2024-01-11 17:51 - 2024-01-11 17:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Malwarebytes
2024-01-11 17:18 - 2024-01-11 17:18 - 000029148 _____ C:\Users\Net\Downloads\linuxmint-21.2-cinnamon-64bit.iso.torrent
2024-01-10 21:07 - 2024-01-10 21:07 - 001638416 _____ C:\Users\Net\Downloads\Tube Digger.rar
2024-01-09 21:48 - 2024-01-12 17:00 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2024-01-09 19:26 - 2024-01-09 19:26 - 000000000 ____D C:\Users\Icebrave\Downloads\MediCat USB v21.12
2024-01-09 19:25 - 2024-01-09 19:34 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\qBittorrent
2024-01-09 19:25 - 2024-01-09 19:26 - 000000000 ____D C:\Users\Icebrave\AppData\Local\qBittorrent
2024-01-09 19:14 - 2024-01-09 21:45 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-01-09 19:14 - 2024-01-09 19:14 - 031394031 _____ C:\Users\Icebrave\Downloads\COMANF REVELA QUE ET DE VARGINHA FOI CAPTURADO....mp4
2024-01-09 14:03 - 2024-01-09 14:03 - 000000112 ___SH C:\bootTel.dat
2024-01-08 20:45 - 2024-01-08 20:45 - 000000428 __RSH C:\ProgramData\ntuser.pol
2024-01-08 20:44 - 2024-01-08 20:44 - 020199818 _____ (pendrivelinux.com) C:\Users\Icebrave\Downloads\YUMI-exFAT-1.0.2.4.exe
2024-01-08 20:33 - 2024-01-08 20:40 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Rufus
2024-01-08 20:31 - 2024-01-08 20:31 - 001431624 _____ (Akeo Consulting) C:\Users\Icebrave\Downloads\rufus-4.3.exe
2024-01-08 05:45 - 2024-01-08 05:45 - 000001218 _____ C:\Users\Net\Downloads\WII Pr0 N0 TPM.txt
2024-01-07 19:03 - 2024-01-07 19:03 - 000000000 ____D C:\Users\Net\AppData\Roaming\Zoom
2024-01-07 19:03 - 2024-01-07 19:03 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-01-07 19:03 - 2024-01-07 19:03 - 000000000 ____D C:\Users\Net\AppData\Local\Zoom
2024-01-05 12:35 - 2024-01-05 12:35 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Google
2024-01-04 20:22 - 2024-01-06 11:10 - 000000000 ____D C:\Users\Net\Downloads\Telegram Desktop
2024-01-04 19:46 - 2024-01-04 19:46 - 000306466 _____ C:\Users\Net\Downloads\aula-pratica-3_ydxCDWG7.mp4.html
2024-01-04 19:46 - 2024-01-04 19:46 - 000000000 ____D C:\Users\Net\Downloads\aula-pratica-3_ydxCDWG7.mp4_files
2024-01-04 19:23 - 2024-01-04 19:24 - 126534680 _____ (Digiarty, Inc.) C:\Users\Net\Downloads\videoproc-file.exe
2024-01-04 17:49 - 2024-01-12 14:00 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-01-04 17:49 - 2024-01-04 17:49 - 000000000 ____D C:\Users\Net\AppData\Local\Google
2024-01-04 17:49 - 2024-01-04 17:49 - 000000000 ____D C:\Program Files\Google
2024-01-04 17:48 - 2024-01-16 11:15 - 000000000 ____D C:\Program Files (x86)\Google
2024-01-04 17:48 - 2024-01-04 17:48 - 001376304 _____ (Google LLC) C:\Users\Net\Downloads\ChromeSetup.exe
2024-01-04 17:48 - 2024-01-04 17:48 - 000003900 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{B258DE29-C842-47E0-828D-BFE7BD17BCEF}
2024-01-04 17:48 - 2024-01-04 17:48 - 000003776 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{EAF13226-9018-4F9F-B7C9-57AFEBE1647F}
2024-01-04 10:48 - 2024-01-04 10:48 - 000000000 ____D C:\Users\Net\AppData\Local\PrivaZer installation
2024-01-04 10:47 - 2024-01-04 10:47 - 024607200 _____ (Goversoft LLC) C:\Users\Net\Downloads\PrivaZer_free.exe
2024-01-03 14:44 - 2024-01-10 19:44 - 000000000 ____D C:\Windows\system32\Tasks\NCH Software
2024-01-03 14:44 - 2024-01-03 14:44 - 000002167 _____ C:\Users\Net\Desktop\NCH Suite.lnk
2024-01-03 14:44 - 2024-01-03 14:44 - 000002111 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2024-01-03 14:44 - 2024-01-03 14:44 - 000001311 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debut Vídeo Capture Software.lnk
2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\Users\Net\NCH Software Suite
2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\Users\Net\AppData\Roaming\NCH Software
2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2024-01-03 14:44 - 2024-01-03 14:44 - 000000000 ____D C:\ProgramData\NCH Software
2024-01-03 14:27 - 2024-01-11 15:41 - 000000000 ____D C:\Windows\system32\MRT
2024-01-03 14:14 - 2024-01-03 08:49 - 000000000 ____D C:\Users\Net\Downloads\DEBUT Vídeo RECORDER 6.34
2024-01-02 22:39 - 2024-01-02 22:39 - 052369784 _____ (GiliSoft.com ) C:\Users\Net\Downloads\screen-recorder.exe
2024-01-02 22:26 - 2024-01-02 22:26 - 044430256 _____ (GiliSoft.com ) C:\Users\Net\Downloads\Vídeo-editor-setup.exe
2024-01-02 15:51 - 2024-01-16 11:20 - 000000000 ____D C:\Users\Net\AppData\Local\Malwarebytes
2024-01-02 15:51 - 2024-01-02 15:51 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-01-02 15:51 - 2024-01-02 15:51 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-01-02 15:51 - 2024-01-02 15:51 - 000000000 ____D C:\Users\Net\AppData\Local\mbam
2024-01-02 15:50 - 2024-01-02 15:50 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-01-02 15:49 - 2024-01-02 15:50 - 000000000 ____D C:\Program Files\Malwarebytes
2024-01-01 18:04 - 2024-01-01 18:04 - 024607200 _____ (Goversoft LLC) C:\Users\Icebrave\Downloads\PrivaZer_free.exe
2024-01-01 18:03 - 2024-01-13 21:02 - 000000000 ____D C:\Users\Icebrave\AppData\Local\privazer
2024-01-01 18:03 - 2024-01-01 18:03 - 000003262 _____ C:\Windows\system32\Tasks\PrivaZer_SkipUAC
2024-01-01 18:03 - 2024-01-01 18:03 - 000000000 ____D C:\ProgramData\privazer
2024-01-01 17:13 - 2024-01-01 17:13 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Thunderbird
2024-01-01 17:13 - 2024-01-01 17:13 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Thunderbird
2024-01-01 16:28 - 2024-01-01 16:28 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2024-01-01 16:28 - 2024-01-01 16:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2024-01-01 16:28 - 2024-01-01 16:28 - 000000000 ____D C:\Program Files\VS Revo Group
2024-01-01 16:27 - 2024-01-01 16:27 - 006970144 _____ (VS Revo Group ) C:\Users\Icebrave\Downloads\revosetup.exe
2024-01-01 15:09 - 2024-01-01 15:09 - 000000000 ____D C:\Users\Net\AppData\Roaming\Boilsoft
2024-01-01 07:29 - 2024-01-01 15:28 - 000000000 ____D C:\Users\Net\AppData\Roaming\Boilsoft Vídeo Splitter
2024-01-01 07:28 - 2024-01-01 07:28 - 000002491 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boilsoft Vídeo Splitter.lnk
2024-01-01 07:28 - 2024-01-01 07:28 - 000000000 ____D C:\Users\Net\AppData\Local\boilsoft-Vídeo-splitter-updater
2023-12-31 16:49 - 2023-12-31 16:49 - 000000056 _____ C:\Users\Net\Documents\EINSTEN.txt
2023-12-31 15:31 - 2023-12-31 15:31 - 000000000 ____D C:\Users\Net\Desktop\GiliSoft Vídeo Editor Pro
2023-12-31 15:26 - 2023-12-31 15:26 - 000000000 ____D C:\Users\Net\AppData\Roaming\VideoCrop
2023-12-31 15:25 - 2024-01-03 15:09 - 000000000 ____D C:\Users\Net\AppData\Roaming\GiliSoft
2023-12-30 22:36 - 2023-12-30 22:36 - 004796664 _____ C:\Users\Net\Downloads\videoeditorpro_installer.exe
2023-12-30 21:42 - 2024-01-11 18:13 - 000000000 ____D C:\AdwCleaner
2023-12-30 21:41 - 2023-12-30 21:41 - 008791352 _____ (Malwarebytes) C:\Users\Net\Desktop\adwcleaner.exe
2023-12-30 21:40 - 2023-12-30 21:40 - 002606880 _____ (Malwarebytes) C:\Users\Net\Downloads\MBSetup.exe
2023-12-30 19:47 - 2023-12-30 19:47 - 000001888 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2023-12-30 19:47 - 2023-12-30 19:47 - 000001876 _____ C:\Users\Public\Desktop\Shotcut.lnk
2023-12-30 19:47 - 2023-12-30 19:47 - 000000000 ____D C:\Users\Net\AppData\Local\Meltytech
2023-12-30 19:45 - 2023-12-30 19:47 - 000000000 ____D C:\Program Files\Shotcut
2023-12-30 19:44 - 2023-12-30 19:44 - 000000000 ____D C:\Users\Net\AppData\Local\OneDrive
2023-12-30 18:52 - 2023-12-30 18:52 - 104117240 _____ C:\Users\Net\Downloads\shotcut-win64-221221.exe
2023-12-30 16:13 - 2023-12-30 16:13 - 000000000 ____D C:\Users\Net\AppData\Local\ToastNotificationManagerCompat
2023-12-30 15:43 - 2023-12-30 15:43 - 000000062 _____ C:\Users\Net\Documents\SETE HOMENS.txt
2023-12-30 15:32 - 2023-12-30 19:37 - 000000000 ____D C:\Users\Net\AppData\Roaming\HandBrake
2023-12-30 15:31 - 2023-12-30 15:31 - 000000000 ____D C:\ProgramData\Package Cache
2023-12-30 15:31 - 2023-12-30 15:31 - 000000000 ____D C:\Program Files\dotnet
2023-12-30 15:28 - 2023-12-30 15:28 - 023627928 _____ C:\Users\Net\Downloads\HandBrake-1.7.2-x86_64-Win_GUI.exe
2023-12-30 15:28 - 2023-12-30 15:28 - 000000873 _____ C:\Users\Public\Desktop\HandBrake.lnk
2023-12-30 15:28 - 2023-12-30 15:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HandBrake
2023-12-30 15:28 - 2023-12-30 15:28 - 000000000 ____D C:\Program Files\HandBrake
2023-12-30 14:25 - 2024-01-11 18:28 - 000000000 ____D C:\Users\Net\AppData\LocalLow\Temp
2023-12-28 11:41 - 2023-12-28 11:41 - 000050543 _____ C:\Users\Net\Downloads\LIBRE-GASTOS-2023.xlsm - DEZEMBRO-1.pdf
2023-12-27 21:59 - 2023-12-27 21:59 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2023-12-27 21:58 - 2023-12-27 21:58 - 000003662 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask
2023-12-27 21:57 - 2023-12-27 21:57 - 000000000 ____D C:\Users\Net\Downloads\FormatFactory2023_12_27
2023-12-27 20:37 - 2023-12-27 20:37 - 000410926 _____ C:\Users\Net\Downloads\DCTORW-S1.zip
2023-12-27 20:37 - 2023-12-27 20:37 - 000000000 ____D C:\Users\Net\Downloads\DCTORW-S1
2023-12-27 20:31 - 2023-12-27 20:31 - 000137032 _____ (Zoom Vídeo Communications, Inc.) C:\Users\Net\Downloads\Zoom_cm_fo42anktZ9vvrZo4_mxAorGcvQzVJNRFIPcfqKGF5EwFOlFxGciA@ACkJAYQcjPhGkTvO_k446c39d91169dc49_.exe
2023-12-27 20:02 - 2023-12-27 20:04 - 000000000 ____D C:\Users\Net\Downloads\Quadrilogia - Piratas do Caribe (2003.2011) BDRip 1080p 5.1 Dublado - Douglasvip
2023-12-27 14:02 - 2023-12-27 14:02 - 000000000 ____D C:\Users\Net\AppData\Local\HP
2023-12-26 17:53 - 2023-12-26 17:53 - 000000077 _____ C:\Users\Net\Documents\Curso-Dalton.txt
2023-12-26 17:34 - 2023-12-26 17:34 - 000000000 ____D C:\Users\Net\Downloads\Tube Digger
2023-12-26 14:45 - 2023-12-26 14:46 - 000000000 ____D C:\ProgramData\ConfigData
2023-12-26 14:45 - 2023-12-26 14:45 - 003277304 _____ C:\Users\Net\Downloads\itubego_18.exe
2023-12-26 14:18 - 2023-12-26 14:18 - 000000000 ____D C:\Users\Icebrave\AppData\Local\FastStone
2023-12-26 13:44 - 2023-12-26 13:45 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\XnView
2023-12-26 13:44 - 2023-12-26 13:44 - 000001276 _____ C:\Users\Icebrave\Desktop\XnView.lnk
2023-12-26 13:32 - 2024-01-01 15:07 - 000000000 ____D C:\Users\Net\AppData\Roaming\XnView
2023-12-26 13:32 - 2023-12-26 13:32 - 000000000 ____D C:\Users\Net\Downloads\XnView-win-full
2023-12-26 13:31 - 2015-04-26 15:32 - 023352708 _____ C:\Users\Net\Downloads\XnView-win-full.zip
2023-12-26 13:08 - 2023-12-26 13:08 - 000000057 _____ C:\Users\Icebrave\Desktop\Hora.bat
2023-12-26 13:03 - 2023-12-26 13:03 - 000000440 _____ C:\Users\Icebrave\Desktop\text.reg
2023-12-26 12:33 - 2023-12-26 12:33 - 000003808 _____ C:\Windows\system32\Tasks\WpsUpdateTask_Icebrave
2023-12-26 10:19 - 2023-12-26 10:19 - 000000000 ____D C:\Users\Icebrave\AppData\Local\OneDrive
2023-12-26 10:17 - 2023-12-26 13:08 - 000000057 _____ C:\Users\Net\Desktop\Hora.bat
2023-12-25 13:20 - 2023-12-25 13:20 - 000000000 ____D C:\Users\Icebrave\AppData\Local\cache
2023-12-24 19:32 - 2023-12-24 19:33 - 003776223 _____ C:\Users\Icebrave\Downloads\Dism++10.1.1002.1.zip
2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\Documents\FormatFactory
2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\AppData\Local\FTMod
2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\AppData\Local\cache
2023-12-24 17:08 - 2023-12-24 17:08 - 000000000 ____D C:\Users\Net\AppData\Local\BrightData
2023-12-24 16:47 - 2023-12-24 16:55 - 000000000 ____D C:\Users\Icebrave\Downloads\Dism++10.1.1002.1
2023-12-24 16:47 - 2023-12-24 16:47 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\WinRAR
2023-12-24 13:01 - 2023-12-24 13:01 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\MPC-HC
2023-12-23 15:04 - 2023-12-23 15:04 - 000046520 _____ C:\Users\Net\Downloads\LIBRE-GASTOS-2023.xlsm - DEZEMBRO.pdf
2023-12-23 13:53 - 2023-12-23 13:53 - 000000000 ____D C:\Users\Net\Downloads\Piratas do Caribe 3 No Fim Do Mundo
2023-12-23 13:49 - 2023-12-23 13:50 - 000000000 ____D C:\Users\Net\Downloads\Piratas do Caribe 2 O Baú Da Morte
2023-12-22 15:59 - 2024-01-12 14:44 - 000000000 ____D C:\Users\Net\AppData\Roaming\Telegram Desktop
2023-12-22 15:59 - 2023-12-22 15:59 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2023-12-22 15:51 - 2023-12-22 15:53 - 042681512 _____ (Telegram FZ-LLC ) C:\Users\Net\Downloads\tsetup-x64.4.12.2.exe
2023-12-21 21:51 - 2023-12-21 21:51 - 006671414 _____ (TheBestWare Studio) C:\Users\Net\Downloads\RadioSure-2.2.1046-setup.exe
2023-12-21 21:51 - 2023-12-21 21:51 - 000001207 _____ C:\Users\Net\Desktop\RadioSure.lnk
2023-12-21 21:51 - 2023-12-21 21:51 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RadioSure
2023-12-21 21:51 - 2023-12-21 21:51 - 000000000 ____D C:\Users\Net\AppData\Local\RadioSure
2023-12-21 09:57 - 2023-12-21 09:57 - 000000000 ____D C:\ProgramData\PLUG
2023-12-21 09:18 - 2023-12-21 09:18 - 000000000 ____D C:\Program Files\RUXIM
2023-12-21 06:40 - 2024-01-16 11:15 - 000000000 ____D C:\Windows\SystemTemp
2023-12-21 06:40 - 2023-12-21 06:41 - 000000000 ____D C:\Windows\InboxApps
2023-12-21 06:40 - 2023-12-21 06:40 - 000000000 ____D C:\Windows\system32\Drivers\mde
2023-12-20 13:53 - 2023-12-20 13:53 - 000000000 ____D C:\Windows\system32\appmgmt
2023-12-20 11:39 - 2024-01-02 13:50 - 000000000 ___HD C:\Users\Net\Documents\WPS Cloud Files
2023-12-20 11:36 - 2023-12-20 11:36 - 000000000 ____D C:\Users\Net\AppData\Local\CEF
2023-12-20 11:35 - 2024-01-15 04:46 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2023-12-20 11:35 - 2023-12-27 14:15 - 000003788 _____ C:\Windows\system32\Tasks\WpsUpdateTask_Net
2023-12-20 11:35 - 2023-12-20 11:35 - 000000000 ___HD C:\Users\Net\Documents\KingsoftData
2023-12-20 11:34 - 2023-12-20 11:38 - 000000000 ____D C:\Users\Net\AppData\Roaming\kingsoft
2023-12-20 11:34 - 2023-12-20 11:34 - 000000000 ____D C:\Users\Net\AppData\Local\Kingsoft
2023-12-20 11:33 - 2023-12-20 11:34 - 223112928 _____ (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Net\Downloads\WPSOffice_12.2.0.13359.exe
2023-12-19 10:09 - 2023-12-19 10:09 - 000016707 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2023-12-19 09:27 - 2023-12-19 09:27 - 000000000 ____D C:\Users\Net\AppData\Roaming\Foxit Software
2023-12-19 09:26 - 2023-12-19 09:26 - 000000000 ____D C:\Users\Public\Foxit Software
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Foxit Software
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Foxit AgentInformation
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\ProgramData\Foxit Software
2023-12-19 09:25 - 2023-12-19 09:25 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2023-12-19 09:24 - 2023-12-19 09:24 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2023-12-19 09:22 - 2023-12-19 09:23 - 153014392 _____ (Foxit Software Inc. ) C:\Users\Icebrave\Downloads\FoxitPDFReader20233_L10N_Setup_Prom.exe
2023-12-19 08:33 - 2023-12-19 08:33 - 000003140 _____ C:\Windows\system32\Tasks\Toolbox.exe_{F4605C66-F9F4-4736-ABE8-8C2CB0E34B31}
2023-12-19 08:33 - 2023-12-19 08:33 - 000002289 _____ C:\Users\Public\Desktop\HP DeskJet 2130 series.lnk
2023-12-19 08:33 - 2023-12-19 08:33 - 000001236 _____ C:\Users\Public\Desktop\Comprar suprimentos - HP DeskJet 2130 series.lnk
2023-12-19 08:33 - 2023-12-19 08:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2023-12-19 08:32 - 2023-12-19 08:33 - 000000000 ____D C:\Program Files (x86)\HP
2023-12-19 08:32 - 2023-12-19 08:32 - 000000000 ____D C:\Program Files\HP
2023-12-19 08:31 - 2023-12-19 08:31 - 000000000 ____D C:\Users\Icebrave\AppData\Local\HP
2023-12-19 08:30 - 2023-12-19 08:31 - 144964672 _____ C:\Users\Icebrave\Downloads\Full_Webpack-40.15.1230-DJ2130_Full_Webpack.exe
2023-12-19 08:28 - 2023-12-19 08:28 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\HP_Easy_Start
2023-12-19 08:26 - 2023-12-19 08:32 - 000000000 ____D C:\ProgramData\HP
2023-12-19 08:25 - 2017-04-14 07:17 - 003744256 _____ (Hewlett-Packard Development Company, LP) C:\Windows\SysWOW64\HPScanTRDrv_DJ2130.dll
2023-12-19 08:25 - 2017-04-14 07:17 - 003744256 _____ (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPScanTRDrv_DJ2130.dll
2023-12-19 08:25 - 2017-04-14 07:17 - 002952840 _____ (HP Inc.) C:\Windows\system32\hpinkinsE111.exe
2023-12-19 08:25 - 2017-04-14 07:17 - 000583168 _____ (Hewlett-Packard) C:\Windows\system32\HPWia2_DJ2130.dll
2023-12-19 08:25 - 2017-04-14 07:17 - 000393352 _____ (HP Inc.) C:\Windows\system32\hpinkstsE111LM.dll
2023-12-19 08:25 - 2017-04-14 07:17 - 000328328 _____ (HP Inc.) C:\Windows\system32\hpinkcoiE111.dll
2023-12-18 17:43 - 2023-12-18 17:45 - 000000000 ____D C:\Users\Net\Downloads\Esquadrão Suicida 720p WWW.TORRENTDOSFIMES.COM
2023-12-18 17:20 - 2024-01-01 18:26 - 000000000 ____D C:\FFOutput
2023-12-18 17:20 - 2023-12-18 17:20 - 000000000 ____D C:\Users\Icebrave\Documents\FormatFactory
2023-12-18 17:20 - 2023-12-18 17:20 - 000000000 ____D C:\Users\Icebrave\AppData\Local\FTMod
2023-12-18 17:18 - 2023-12-27 21:58 - 000000000 ____D C:\Users\Icebrave\AppData\Local\BrightData
2023-12-18 17:18 - 2023-12-27 21:58 - 000000000 ____D C:\ProgramData\BrightData
2023-12-18 17:18 - 2023-12-18 17:18 - 000000000 ____D C:\Users\Icebrave\AppData\Local\PeerDistRepub
2023-12-18 17:17 - 2023-12-27 21:58 - 000000000 ____D C:\Program Files\FormatFactory
2023-12-18 17:16 - 2023-12-18 17:17 - 102072624 _____ (Free Time Co., Ltd) C:\Users\Net\Downloads\FFSetup5.16.0.0.exe
2023-12-18 17:00 - 2023-12-18 17:03 - 000000000 ____D C:\Users\Net\Downloads\X-Men 2 2003 WWW.BLUDV.COM
2023-12-18 16:56 - 2024-01-14 10:03 - 000000000 ____D C:\Users\Net\AppData\Roaming\qBittorrent
2023-12-18 16:56 - 2023-12-18 16:57 - 000000000 ____D C:\Users\Net\AppData\Local\qBittorrent
2023-12-18 16:56 - 2023-12-18 16:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2023-12-18 16:56 - 2023-12-18 16:56 - 000000000 ____D C:\Program Files\qBittorrent
2023-12-18 16:32 - 2023-12-18 16:32 - 000000000 ____D C:\Users\Net\AppData\Local\FastStone
2023-12-18 16:31 - 2023-12-18 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer
2023-12-18 16:31 - 2023-12-18 16:31 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2023-12-18 04:51 - 2024-01-12 14:16 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-12-18 04:51 - 2023-12-18 04:51 - 000000000 ____D C:\Users\Net\AppData\Roaming\Thunderbird
2023-12-18 04:51 - 2023-12-18 04:51 - 000000000 ____D C:\Users\Net\AppData\Local\Thunderbird
2023-12-17 19:45 - 2024-01-16 12:25 - 000000000 ____D C:\Users\Net\AppData\Roaming\Notepad++
2023-12-17 18:59 - 2024-01-15 11:50 - 000000000 ____D C:\Users\Net\AppData\Local\PrivaZer
2023-12-17 18:59 - 2023-12-17 18:59 - 000002126 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2023-12-17 18:59 - 2023-12-17 18:59 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2023-12-17 17:25 - 2023-12-17 17:25 - 000000000 __SHD C:\found.000
2023-12-17 17:00 - 2024-01-14 09:56 - 000000000 ____D C:\Users\Net\AppData\Roaming\MPC-HC
2023-12-17 11:04 - 2023-12-17 11:04 - 000004110 _____ C:\Windows\system32\Tasks\infatica_p2b
2023-12-17 11:04 - 2023-12-17 11:04 - 000003300 _____ C:\Windows\system32\Tasks\klcp_update
2023-12-17 11:04 - 2023-12-17 11:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2023-12-17 11:04 - 2023-12-17 11:04 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2023-12-17 11:04 - 2023-12-17 11:04 - 000000000 ____D C:\Program Files (x86)\Infatica P2B
2023-12-17 11:04 - 2019-12-28 07:00 - 000784384 _____ C:\Windows\system32\xvidcore.dll
2023-12-17 11:04 - 2019-12-28 07:00 - 000681984 _____ C:\Windows\SysWOW64\xvidcore.dll
2023-12-17 11:04 - 2019-12-28 07:00 - 000310784 _____ C:\Windows\system32\xvidvfw.dll
2023-12-17 11:04 - 2019-12-28 07:00 - 000284160 _____ C:\Windows\SysWOW64\xvidvfw.dll
2023-12-17 11:04 - 2017-07-30 08:50 - 003850240 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2023-12-17 11:04 - 2017-07-30 08:50 - 003799552 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2023-12-17 11:04 - 2012-07-21 08:55 - 000180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2023-12-17 11:04 - 2012-07-21 08:54 - 000122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2023-12-17 11:04 - 2011-12-07 15:37 - 000148992 _____ ( ) C:\Windows\system32\lagarith.dll
2023-12-17 11:04 - 2011-12-07 15:32 - 000216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\WinRAR
2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Office
2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Excel
2023-12-17 10:57 - 2023-12-17 10:57 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\AddIns
2023-12-17 10:55 - 2024-01-04 17:37 - 000000000 ___HD C:\Users\Icebrave\Documents\WPS Cloud Files
2023-12-17 10:51 - 2023-12-17 10:51 - 000004100 _____ C:\Windows\system32\Tasks\WpsExternal_Icebrave_20231217105152
2023-12-17 10:51 - 2023-12-17 10:51 - 000002551 _____ C:\Users\Icebrave\Desktop\WPS PDF.lnk
2023-12-17 10:51 - 2023-12-17 10:51 - 000002459 _____ C:\Users\Icebrave\Desktop\WPS Office.lnk
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ___HD C:\Users\Icebrave\Documents\KingsoftData
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Kingsoft
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Local\CEF
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\ProgramData\Kingsoft
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-12-17 10:51 - 2023-12-17 10:51 - 000000000 ____D C:\Program Files (x86)\Kingsoft
2023-12-17 10:50 - 2023-12-17 10:51 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\kingsoft
2023-12-17 10:50 - 2023-12-17 10:50 - 223112928 _____ (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Icebrave\Downloads\WPSOffice_12.2.0.13359.exe
2023-12-17 10:31 - 2023-12-17 10:31 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-12-17 10:31 - 2023-12-17 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-12-17 10:31 - 2023-12-17 10:31 - 000000000 ____D C:\Program Files (x86)\WinRAR

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2024-01-16 14:13 - 2023-12-16 18:13 - 000008192 ___SH C:\DumpStack.log.tmp
2024-01-16 14:13 - 2020-09-23 15:05 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-01-16 12:24 - 2023-12-16 17:21 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-16 11:43 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-15 20:36 - 2023-12-16 15:29 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2024-01-15 20:36 - 2019-12-07 06:03 - 000786432 _____ C:\Windows\system32\config\BBI
2024-01-15 19:14 - 2020-09-23 15:16 - 001741824 _____ C:\Windows\system32\PerfStringBackup.INI
2024-01-15 19:14 - 2019-12-07 11:54 - 000752436 _____ C:\Windows\system32\prfh0416.dat
2024-01-15 19:14 - 2019-12-07 11:54 - 000148550 _____ C:\Windows\system32\prfc0416.dat
2024-01-15 19:14 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF
2024-01-15 13:57 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness
2024-01-15 05:02 - 2023-12-16 17:32 - 000000000 ____D C:\Users\Net
2024-01-14 14:04 - 2020-09-23 15:05 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-01-14 13:56 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-14 13:52 - 2023-12-16 17:34 - 000000000 ____D C:\Users\Net\AppData\Local\D3DSCache
2024-01-14 03:01 - 2023-12-16 16:33 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Everything
2024-01-14 03:01 - 2023-12-16 16:27 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Everything
2024-01-14 02:40 - 2023-12-16 16:02 - 000000000 ____D C:\Users\Icebrave
2024-01-14 01:17 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-01-12 17:10 - 2023-12-16 18:19 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-12 17:00 - 2023-12-16 17:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-01-12 13:53 - 2020-09-23 15:05 - 000445928 _____ C:\Windows\system32\FNTCACHE.DAT
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellExperiences
2024-01-11 20:08 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr
2024-01-11 20:06 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp
2024-01-09 19:42 - 2023-12-16 17:21 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-01-08 20:32 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2024-01-08 20:03 - 2023-12-16 16:07 - 000000000 ____D C:\Users\Icebrave\AppData\Local\D3DSCache
2024-01-08 15:01 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Packages
2024-01-04 19:55 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\ConnectedDevicesPlatform
2024-01-04 17:35 - 2023-12-16 16:44 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Notepad++
2024-01-04 17:31 - 2023-12-16 16:44 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2024-01-02 15:50 - 2019-12-07 06:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2024-01-01 18:02 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\Publishers
2024-01-01 18:02 - 2020-09-23 15:09 - 000000000 ____D C:\ProgramData\Packages
2024-01-01 18:01 - 2023-12-16 16:07 - 000000000 ____D C:\Users\Icebrave\AppData\Local\PlaceholderTileLogoFolder
2024-01-01 18:01 - 2020-09-23 15:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-01-01 17:58 - 2023-12-16 16:10 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Excel
2023-12-26 12:34 - 2023-12-16 16:41 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Publisher Building Blocks
2023-12-25 13:20 - 2023-12-16 16:04 - 000000000 ____D C:\Users\Icebrave\AppData\Local\AMD
2023-12-24 17:08 - 2023-12-16 17:32 - 000000000 ____D C:\Users\Net\AppData\Local\AMD
2023-12-23 11:20 - 2023-12-16 16:06 - 000000000 ____D C:\Users\Icebrave\AppData\Roaming\Microsoft\Teams
2023-12-23 11:19 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-12-22 16:21 - 2023-12-16 17:32 - 000000000 ____D C:\Users\Net\AppData\Local\Packages
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\UNP
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\lv-LV
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\lt-LT
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\et-EE
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\es-MX
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2023-12-21 06:42 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Sysprep
2023-12-21 06:41 - 2020-09-23 17:00 - 000000000 ___SD C:\Windows\system32\AppV
2023-12-21 06:41 - 2020-09-23 17:00 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-12-21 06:41 - 2019-12-07 11:57 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-12-21 06:41 - 2019-12-07 11:57 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ___SD C:\Windows\system32\F12
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\migwiz
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lv-LV
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lt-LT
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Keywords
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\et-EE
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\es-MX
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Dism
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\DDFs
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\Com
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\appraiser
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\ShellComponents
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\Provisioning
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\IME
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\DiagTrack
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Windows Defender
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-12-21 06:41 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-12-21 06:41 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\servicing
2023-12-21 06:40 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemApps
2023-12-21 06:40 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\appcompat
2023-12-20 11:39 - 2019-12-07 11:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\system32\OEMDefaultAssociations.dll
2023-12-20 11:39 - 2019-12-07 11:57 - 000020827 _____ C:\Windows\system32\OEMDefaultAssociations.xml
2023-12-20 11:39 - 2019-12-07 06:15 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2023-12-20 11:39 - 2019-12-07 06:14 - 000232448 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2023-12-19 10:08 - 2020-09-23 15:07 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-12-19 09:14 - 2023-12-16 16:07 - 000003580 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-702104581-954937399-490591429-1002
2023-12-19 09:13 - 2023-12-16 16:06 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-702104581-954937399-490591429-1002
2023-12-19 09:13 - 2023-12-16 16:02 - 000002390 _____ C:\Users\Icebrave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-12-18 17:06 - 2020-09-23 15:04 - 000000000 ____D C:\Windows\Panther
2023-12-18 16:29 - 2023-12-16 17:37 - 000000000 ____D C:\Users\Net\AppData\Local\PlaceholderTileLogoFolder
2023-12-17 18:33 - 2023-12-16 17:33 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Teams
2023-12-17 17:21 - 2023-12-16 17:34 - 000003580 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-702104581-954937399-490591429-1003
2023-12-17 17:21 - 2023-12-16 17:34 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-702104581-954937399-490591429-1003
2023-12-17 17:21 - 2023-12-16 17:32 - 000002375 _____ C:\Users\Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-12-17 17:20 - 2023-12-16 17:40 - 000000000 ____D C:\Users\Net\AppData\Roaming\Microsoft\Spelling

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 16.01.2024
Executado por Icebrave (16-01-2024 12:38:46)
Executando a partir de C:\Users\Net\Desktop
Microsoft Windows 10 Pro Versão 22H2 19045.3930 (X64) (2023-12-16 18:23:59)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-702104581-954937399-490591429-500 - Administrator - Disabled)
Convidado (S-1-5-21-702104581-954937399-490591429-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-702104581-954937399-490591429-503 - Limited - Disabled)
Icebrave (S-1-5-21-702104581-954937399-490591429-1002 - Administrator - Enabled) => C:\Users\Icebrave
Net (S-1-5-21-702104581-954937399-490591429-1003 - Limited - Enabled) => C:\Users\Net
WDAGUtilityAccount (S-1-5-21-702104581-954937399-490591429-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Boilsoft Vídeo Splitter 8.3.3 (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\cfc26c2a-150b-5ef7-9bdf-a41433ec180c) (Version: 8.3.3 - )
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
Debut Vídeo Capture Software (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Debut) (Version: 9.46 - NCH Software)
Everything 1.4.1.1024 (x64) (HKLM\...\Everything) (Version: 1.4.1.1024 - voidtools)
FastStone Image Viewer 7.8 (HKLM-x32\...\FastStone Image Viewer) (Version: 7.8 - FastStone Corporation)
FormatFactory 5.16.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.16.0.0 - Free Time)
Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 2023.3.0.23028 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.217 - Google LLC)
HandBrake 1.7.2 (HKLM-x32\...\HandBrake) (Version: 1.7.2 - )
HP DeskJet 2130 series Software básico do dispositivo (HKLM\...\{30135B68-7334-4D1B-8AB4-A79EF84ECDE1}) (Version: 40.15.1230.21319 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{8533E879-3794-426D-96B1-B010B56B03F5}) (Version: 40.13.54.81239 - HP)
HP Google Drive Plugin (HKLM-x32\...\{57E78C1A-6BCB-42E9-B3A5-54A05CA85E1C}) (Version: 40.13.54.81239 - HP)
Infatica P2B Network (HKLM-x32\...\{C989163F-E0E5-4DE3-B7F5-46C77F411451}_is1) (Version: 1.1.4.0 - )
K-Lite Mega Codec Pack 18.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 18.0.0 - KLCP)
Malwarebytes version 4.6.7.301 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.7.301 - Malwarebytes)
Microsoft .NET Host - 6.0.25 (x64) (HKLM\...\{C7141A99-592B-4226-A4E9-B767C1D0FBAF}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.25 (x64) (HKLM\...\{AE86D888-1404-47CC-A7BB-8D86C0503E58}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.25 (x64) (HKLM\...\{3544B2EE-E62F-4D11-B79C-3DDEACE94DA5}) (Version: 48.100.4028 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.133 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.133 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-702104581-954937399-490591429-1002\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM\...\{E016F2B9-01FE-4FAA-882E-ECC43FA49751}) (Version: 48.100.4037 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.25 (x64) (HKLM-x32\...\{fb0500c1-f968-4621-a48b-985b52884c49}) (Version: 6.0.25.33020 - Microsoft Corporation)
Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 121.0.1 (x64 pt-BR)) (Version: 121.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 115.5.2 - Mozilla)
Mozilla Thunderbird (x64 pt-BR) (HKLM\...\Mozilla Thunderbird 115.6.1 (x64 pt-BR)) (Version: 115.6.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.6 - Notepad++ Team)
PrivaZer (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\PrivaZer) (Version: 4.0.81.0 - Goversoft LLC)
qBittorrent (HKLM-x32\...\qBittorrent) (Version: 4.6.2 - The qBittorrent project)
RadioSure (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\RadioSure) (Version: - )
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Shotcut (HKLM\...\Shotcut) (Version: 22.12.21 - Meltytech, LLC)
Telegram Desktop (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 4.14.4 - Telegram FZ-LLC)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{7B63012A-4AC6-40C6-B6AF-B24A84359DD5}) (Version: 8.93.0.0 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WPS Office (12.2.0.13359) (HKU\S-1-5-21-702104581-954937399-490591429-1002\...\Kingsoft Office) (Version: 12.2.0.13359 - Kingsoft Corp.)
WPS Office (12.2.0.13412) (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\Kingsoft Office) (Version: 12.2.0.13412 - Kingsoft Corp.)
Zoom (HKU\S-1-5-21-702104581-954937399-490591429-1003\...\ZoomUMX) (Version: 5.17.1 (28914) - Zoom Vídeo Communications, Inc.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.1.1087.0_x64__v10z8vjag6ke6 [2024-01-08] (HP Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-12-23] (Microsoft Studios) [MS Ad]

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1002_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1002_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{1a46400f-4c81-802a-c2c1-1e9a687a9340}\localserver32 -> C:\Program Files\HandBrake\HandBrake.exe (HandBrake Team) [Arquivo não assinado]
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13412\office6\kwpsmenushellext64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 -> C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kmso2pdfplugins64.dll (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-702104581-954937399-490591429-1003_Classes\CLSID\{9ed26d04-bb53-4559-a405-a0245d494b44}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Nenhum Arquivo
ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2023-07-21] (Free Time) [Arquivo não assinado]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [Arquivo não assinado]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [Arquivo não assinado]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files\FormatFactory\ShellEx_108.dll [2023-07-21] (Free Time) [Arquivo não assinado]
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [Arquivo não assinado]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [Arquivo não assinado]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-01-02] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2008-06-20] () [Arquivo não assinado]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2008-09-16] () [Arquivo não assinado]
ContextMenuHandlers1_S-1-5-21-702104581-954937399-490591429-1002: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-702104581-954937399-490591429-1002: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers1_S-1-5-21-702104581-954937399-490591429-1003: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
ContextMenuHandlers4_S-1-5-21-702104581-954937399-490591429-1003: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Icebrave\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\kwpsmenushellext64.dll [2023-12-17] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [148992 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [310784 2019-12-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [284160 2019-12-28] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [Arquivo não assinado]

==================== Atalhos & WMI ========================

==================== Módulos Carregados (Whitelisted) =============

2023-12-17 10:31 - 2008-06-20 00:41 - 000062464 _____ () [Arquivo não assinado] C:\Program Files (x86)\WinRAR\rarext64.dll
2023-07-21 09:20 - 2023-07-21 09:20 - 000344064 _____ (Free Time) [Arquivo não assinado] C:\Program Files\FormatFactory\ShellEx_108.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Users\Net\Desktop\FRST64.exe:MBAM.Zone.Identifier [193]
AlternateDataStreams: C:\Users\Net\Desktop\ZHPCleaner.exe:MBAM.Zone.Identifier [172]

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

Handler: mso-minsb-roaming.16 - Nenhum Valor CLSID
Handler: mso-minsb.16 - Nenhum Valor CLSID
Handler: osf-roaming.16 - Nenhum Valor CLSID
Handler: osf.16 - Nenhum Valor CLSID

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2019-12-07 06:14 - 2024-01-03 14:48 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-702104581-954937399-490591429-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
HKU\S-1-5-21-702104581-954937399-490591429-1003\Control Panel\Desktop\\Wallpaper ->
DNS Servers: O Suporte não está conectado à internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerLocalAppData"
HKLM\...\StartupApproved\Run32: => "TeamsMachineUninstallerProgramData"
HKU\S-1-5-21-702104581-954937399-490591429-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_DE42051A7061B4E326E1FAAC622AFB84"
HKU\S-1-5-21-702104581-954937399-490591429-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-702104581-954937399-490591429-1002\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_4F469AB9D1336CB61BA9F80E8F2FF34A"
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-702104581-954937399-490591429-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{C72086E9-20EC-41B7-B93A-4A41281BB9D4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => Nenhum Arquivo
FirewallRules: [{E11EED0C-28DC-41E3-A86C-732347E676DD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => Nenhum Arquivo
FirewallRules: [{9354F41F-CE9E-40B2-B496-D8F77F543E72}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{ECD57F3B-6C35-4B81-8A04-5F7B94AEF261}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0AC9FBB3-AA69-440F-B89F-4B9263CC9B0B}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wps.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [{BE929A88-4ECB-407F-B05F-2E32C8E00C36}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\wpscloudsvr.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [{B65D91CC-DC47-473F-9288-7ECC671493D6}] => (Allow) C:\Users\Net\AppData\Local\Kingsoft\WPS Office\12.2.0.13359\office6\promecefpluginhost.exe (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
FirewallRules: [{903536E5-925A-4C71-ABA0-56EC3B96D3D8}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [{8F1997F6-0D78-4DCA-B232-6E0B9CB675B7}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [{18E257FE-20BF-41D2-8155-1D584FA20E10}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{647CDAA6-F9F7-4074-839C-9DF0B7A35C97}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2E7A89E0-811A-46B0-9A15-727EE08BD25A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{69C3EA7D-9647-4D5F-9895-739EE48C21B6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7056C802-9E87-43A5-88A6-81FD770A91EA}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{E5E4D007-00A9-484F-B0CF-39CE558546E6}] => (Allow) C:\Users\Net\AppData\Local\Temp\7zS4823\HP.EasyStart.exe => Nenhum Arquivo
FirewallRules: [{CC08EF41-5A84-4988-8B5D-3964E7AD9813}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\USBSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{D68557E5-1363-4609-BC52-DCFDEDC3D62A}] => (Allow) C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{B9415BBD-E501-463F-9EED-A36A6ECE3923}] => (Allow) C:\Users\Icebrave\AppData\Local\Temp\7zS4C2F\HP.EasyStart.exe (HP Inc. -> HP)
FirewallRules: [TCP Query User{844943BF-F5A1-4CEC-83B9-3050C6F93F38}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [UDP Query User{CF5FCAF9-7F8A-4562-B600-E4494FF286E5}C:\program files\qbittorrent\qbittorrent.exe] => (Allow) C:\program files\qbittorrent\qbittorrent.exe (The qBittorrent Project) [Arquivo não assinado]
FirewallRules: [{2EA5C0AF-013B-400E-BD3D-5C129EC63237}] => (Allow) C:\Program Files\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.)
FirewallRules: [{87BCE124-CFB1-4234-AF99-1726E72E7478}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8C8A6240-24CC-46FC-96E4-865B3CCF8CDB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.133\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Pontos de Restauração =========================

16-01-2024 12:08:11 ZHPcleaner

==================== Dispositivos Apresentando Falhas No Gerenciador ============

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (01/16/2024 11:16:11 AM) (Source: Firefox Notification Server) (EventID: 0) (User: )
Description: Event-ID 0

Error: (01/14/2024 09:18:33 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (01/09/2024 10:22:07 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Não é possível inicializar o monitoramento de desempenho não para o objeto coletor, pois os contadores não estão carregados ou o objeto de memória compartilhado não pode ser aberto. Isso afeta somente a disponibilidade dos contadores de desempenho. Reinicie o computador.

Contexto: Aplicativo , Catálogo SystemIndex

Error: (01/09/2024 07:05:57 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (01/08/2024 08:02:07 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (01/08/2024 03:06:43 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Error: (01/07/2024 01:54:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em FILES (E:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A)

Error: (01/06/2024 11:15:43 AM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2

Erros de Sistema:
=============
Error: (01/16/2024 11:36:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Foxit PDF Reader Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (01/16/2024 11:36:31 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço AMD External Events Utility foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (01/14/2024 10:45:24 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-NPVV5ON)
Description: O servidor {5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25} não se registrou no DCOM dentro do tempo limite necessário.

Error: (01/14/2024 01:52:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: O desligamento do sistema que ocorreu às 01:12:12 do dia ‎14/‎01/‎2024 não era esperado.

Error: (01/12/2024 11:35:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

Error: (01/12/2024 11:35:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Foxit PDF Reader Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (01/12/2024 11:35:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço AMD External Events Utility foi encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error: (01/11/2024 06:13:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Serviço Clique para Executar do Microsoft Office foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.

==================== Informações da Memória ===========================

BIOS: American Megatrends Inc. 0701 06/23/2014
placa-mãe: ASUSTeK COMPUTER INC. A58M-A/BR
Processador: AMD A8-7650K Radeon R7, 10 Compute Cores 4C+6G
Percentagem de memória em uso: 59%
RAM física total: 7110.45 MB
RAM física disponível: 2860.32 MB
Virtual Total: 8262.45 MB
Virtual disponível: 3302.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:540.12 GB) (Free:442.96 GB) (Model: ST31000524AS) NTFS
Drive d: (Novo volume) (Fixed) (Total:292.96 GB) (Free:219.59 GB) (Model: ST31000524AS) exFAT

\\?\Volume{759ddace-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.57 GB) (Free:0.15 GB) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 759DDACE)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=540.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.9 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=293 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt =======================

Desde já agradeço por alguma ajuda e fico no aguardo de mais procedimentos.

Att. Alexander Cunha

Entrar

Alexander Cunha

Posts

Cadastrado em

Última visita

Tipo de conteúdo

Artigos

Selos

Fabricantes

Livros

Cursos

Análises

Fórum

posts postados por Alexander Cunha

Analise de logs de uma possível Infecção

Sobre o Clube do Hardware

Direitos autorais

Mais

Fórum

Atividades

Artigos

Análises

Livros

Cursos