Xacamaster

Olá, Recentemente sofri alguns episódios de clonagem de cartão de crédito, razão pela qual desconfiei que talvez minha máquina estivesse infectada. Dito isso, por via das dúvidas, fiz um scan completo em meus HDs com o antivírus Kaspersky - e surpreendentemente foi encontrado o seguinte vírus em alguns arquivos do word: HUER:Trojan.MSOffice.Alien.gen. Não sei se foi o responsável pelo vazamento de dados, mas foi o suficiente para ligar o alerta. O antivírus diz que eliminou os arquivos, contudo ainda estou com uma pulga atrás da orelha, motivo pela qual peço pela ajuda dos nobres aqui. Dito isso, segue logs. AdwCleaner ZHPCleaner FRST Addition

Parou, sim, Elias. Nossa! Sumiu até uma travadinha logo ao iniciar o PC, que achei ser normal. Muito obrigado, meu amigo.

Como requerido, Elias. Fixlog.txt

Ah, sim, a culpa foi minha. Acabei interpretando errado sua mensagem. Tive uma semana difícil. Peço desculpas pelas demora, Elias. Segue o log. Searchh.txt

Entendi. Desculpe-me. Segue os logs pedidos. Elias.

Certo, Elias. Ao abrir o programa após o reiniciar da máquina ele gerou um "Bootlog.pml" com 2Gb de tamanho. Dentro da interface do programa utilizei a função "Salvar" e ela gerou um arquivo chamado "Logfile.pml" com 4Mb, o qual anexo em minha resposta. Caso não seja esse último, me avise para que eu possa subir o Bootlog na nuvem. Obs.: Por o arquivo ultrapassar o limite de 4mb do fórum, o comprimi com a ferramenta 7zip. Logfile.7z

Elias, tive dificuldades no salvamento do log, ao utilizar a opção "Salvar como" o log não estava sendo gerado em ".txt", então selecionei todos os itens e copiei e colei no bloco de notas. Caso tenha realizado o procedimento errado, peço desculpas e o realizarei novamente. Obs.: Anexarei o log, pois não estou conseguido cola-lo na resposta por este ser muito grande. output.txt

Elias, segue como pedido. Jurava ter enviado a mensagem aqui no fórum antes, mas ao que parece não foi e ficou salva no rascunho. Não aparece, não, Elias.

Como pedido, Elias.

Elias, peço desculpas pela demora. Apaguei a pasta, mas após o boot ela não é criada novamente. Contudo, o log ainda continua aparecendo. Fora isso o PC está ótimo!

Não há nada, está em branco.

Elias, notei uma melhora na utilização do PC e na navegação; quanto as telas do prompt pipocando, até agora, não surgiram mais. O único problema restante é que ao ligar o PC surge o bloco de nota com o seguinte log :

Elias, conforme pedido:

Elias, como pedido: Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 15-07-2023 Executado por Angelo (administrador) em DESKTOP-T0H8SRB (15-07-2023 20:35:21) Executando a partir de D:\Área de Trabalho\FRST64.exe Perfis Carregados: Angelo Plataforma: Microsoft Windows 10 Pro Versão 22H2 19045.3208 (X64) Idioma: Português (Brasil) Navegador padrão: Edge Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Banco Bradesco S.A. -> Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe (C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avpui.exe (C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksdeui.exe (C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Angelo Braz\AppData\Local\WebEx\WebEx64\Meetings\atmgr.exe (explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (explorer.exe ->) (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aetcrss1.exe (explorer.exe ->) (Cisco WebEx LLC -> Cisco Webex LLC) C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe (explorer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe (services.exe ->) () [Arquivo não assinado] C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe (services.exe ->) () [Arquivo não assinado] C:\Windows\SysWOW64\WIN8_MBIM.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Banco Bradesco SA -> Banco Bradesco S.A.) C:\Program Files (x86)\scpbrad\scpbradserv.exe (services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\FOXIT SOFTWARE\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe (services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (services.exe ->) (HP) [Arquivo não assinado] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe <2> (services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (services.exe ->) (Realtek Semiconductor Corp -> ) C:\Windows\runSW.exe (services.exe ->) (Wondershare Technology Co.,Ltd -> Wondershare) C:\ProgramData\Wondershare\Service\InstallAssistService.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [CertificateRegistration] => C:\WINDOWS\system32\aetcrss1.exe [25088 2017-05-09] (A.E.T. Europe B.V.) [Arquivo não assinado] HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767712 2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado] HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) [Arquivo não assinado] HKLM-x32\...\Run: [Genshin Impact Beta_Launcher] => [X] HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X] HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" HKLM-x32\...\Run: [StartCCC] => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Nenhum Arquivo) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrição <==== ATENÇÃO HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrição <==== ATENÇÃO HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) [Arquivo não assinado] HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [40496032 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Angelo Braz\AppData\Local\WebEx\WebexHost.exe [8080480 2023-07-03] (Cisco WebEx LLC -> Cisco Webex LLC) HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\Run: [CiscoSpark] => C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [1523 2023-06-27] () [Arquivo não assinado] HKLM\...\Windows x64\Print Processors\HP1006PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1006PP.dll [65024 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Windows x64\Print Processors\hpfpp70w: C:\Windows\System32\spool\prtprocs\x64\hpfpp70w.dll [249856 2009-04-20] (Hewlett-Packard Corporation) [Arquivo não assinado] HKLM\...\Print\Monitors\Advanced TCP/IP Port Monitor: C:\WINDOWS\system32\mvtcpmon.dll [541184 2009-06-25] (Marvell Semiconductor, Inc.) [Arquivo não assinado] HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\HP1006LM: C:\WINDOWS\system32\HP1006LM.DLL [198144 2013-04-15] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Print\Monitors\novaPDF 7 Monitor: C:\WINDOWS\system32\novamnk7.dll [29008 2011-02-15] (Softland -> Softland) HKLM\...\Print\Monitors\PCL hpf3l70w.dll: C:\WINDOWS\system32\hpf3l70w.dll [136704 2009-04-20] (Hewlett-Packard Company) [Arquivo não assinado] HKLM\...\Print\Monitors\Wondershare PDF Converter Monitor: C:\WINDOWS\system32\WSMonitorX64.dll [98152 2016-04-15] (Wondershare Software Co., Ltd. -> Wondershare Software) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\114.0.5735.199\Installer\chrmstp.exe [2023-06-28] (Google LLC -> Google LLC) GroupPolicy: Restrição ? <==== ATENÇÃO Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO ==================== Tarefas Agendadas (Whitelisted) ================= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {E28E667D-AF63-4A37-B5C6-18E7C360FAB2} - System32\Tasks\AdwCleaner_onReboot => D:\Área de Trabalho\adwcleaner_8.0.6.exe /r (Nenhum Arquivo) Task: {5CE1A06E-9F59-4F0F-83C4-319A08AF1D73} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe (Nenhum Arquivo) Task: {956E5536-0A5D-42FA-BA4B-CDFFE94CF485} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {7BAC3216-7F61-4128-8067-52911C3E37DC} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "7bde81e5-df76-4cdb-b6c4-cb680b94b0fd" --version "6.13.10517" --silent Task: {AA6F2483-CAE8-44A2-BAE9-D819EBAE96B2} - System32\Tasks\CCleanerSkipUAC - Angelo => C:\Program Files\CCleaner\CCleaner.exe [34304928 2023-06-07] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {3BCB82F7-0CA9-4FCA-A130-711B029C3A66} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [5308592 2023-07-13] (Microsoft Windows -> Microsoft Corporation) Task: {7200E7FC-D66A-4C02-8C2E-7491139B5936} - System32\Tasks\Desligar Automático => C:\WINDOWS\system32\shutdown.exe [28160 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> -s -f Task: {10E8EF05-223F-4D96-85EF-5E789C193EAA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.) Task: {6A0CC6F3-0E12-4400-AE44-42B46EE9CDFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-11] (Google Inc -> Google Inc.) Task: {BD80A129-4879-4750-8D5C-40C62FDFF034} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2022-08-08] () [Arquivo não assinado] Task: {6265A9AA-8097-4539-9FE6-039764D3FF07} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-14] (Microsoft Corporation -> Microsoft Corporation) Task: {345B8195-A8C4-49D3-99DF-F598148E1878} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26616832 2023-07-14] (Microsoft Corporation -> Microsoft Corporation) Task: {0AE8D982-82DE-49CA-AC35-953764121BC1} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124296 2023-07-14] (Microsoft Corporation -> Microsoft Corporation) Task: {40D3AB04-C119-4C03-9DD4-5FF4BDD5FEE9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124296 2023-07-14] (Microsoft Corporation -> Microsoft Corporation) Task: {18F0E1B5-30C5-4FC0-B765-10DCB0FCAE08} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [685984 2023-07-05] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {924E4F75-2F71-411D-B9E4-3B63B911C67B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-07-05] (Mozilla Corporation -> Mozilla Foundation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{81d19a1e-6325-4e6f-b780-655a8085b934}: [NameServer] 198.51.100.1,198.51.100.2 Tcpip\..\Interfaces\{f91de001-c0b5-48b3-94ee-3ccec5151877}: [NameServer] 1.0.0.1,1.1.1.1 Tcpip\..\Interfaces\{f91de001-c0b5-48b3-94ee-3ccec5151877}: [DhcpNameServer] 192.168.1.254 Edge: ======= DownloadDir: D:\Área de Trabalho Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)] Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)] Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)] Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)] Edge DefaultProfile: Default Edge Profile: C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default [2023-07-15] Edge DownloadDir: Default -> D:\Downloads Edge Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-06-12] Edge Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2023-07-14] Edge Extension: (Edge relevant text changes) - C:\Users\Angelo Braz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-18] Edge Extension: (TWP - Translate Web Pages) - C:\Tradutor EDGE [2023-06-02] [UpdateUrl:hxxps://raw.githubusercontent.com/FilipePS/Traduzir-paginas-web/master/dist/chromium/updates.xml] <==== ATENÇÃO Edge HKU\S-1-5-21-467048075-196725563-1868618205-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] FireFox: ======== FF DefaultProfile: jupdg3yp.default FF ProfilePath: C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\jupdg3yp.default [2023-05-21] FF ProfilePath: C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582 [2023-07-13] FF Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\[email protected] [2023-06-04] FF Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\[email protected] [2023-06-21] FF Extension: (TWP - Translate Web Pages) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\{036a55b4-5e72-4d05-a06c-cba2dfcc134a}.xpi [2023-06-22] FF Extension: (Gerar DANFe/DACTe) - C:\Users\Angelo Braz\AppData\Roaming\Mozilla\Firefox\Profiles\2ezh1bjm.default-release-1684703975582\Extensions\{c3e17213-5cba-412d-8e93-a2a83e6640e1}.xpi [2023-06-07] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [] [não assinado] FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [Nenhum Arquivo] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [Nenhum Arquivo] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitPDFReaderPlugin.dll [Nenhum Arquivo] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Arquivo não assinado] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2023-05-21] <==== ATENÇÃO (Aponta para arquivo *.cfg) FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2023-05-21] <==== ATENÇÃO Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default [2023-07-14] CHR Extension: (Reduza: Testador de cupons para suas compras) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\adblhjgamdlpmikabkcdleflikihalej [2022-07-03] CHR Extension: (Kaspersky Protection) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2023-06-11] CHR Extension: (Honey: Automatic Coupons & Rewards) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2023-07-03] CHR Extension: (uBlock Origin) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-06-12] CHR Extension: (Gerar DANFe/DACTe) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnalonmlenogoaknbeikifdbaokkhmjj [2022-02-02] CHR Extension: (Documentos Google off-line) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-18] CHR Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2023-07-14] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-02] CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AutoRun_MBIM; C:\WINDOWS\SysWOW64\WIN8_MBIM.exe [163840 2014-03-06] () [Arquivo não assinado] R2 AVP21.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe [32008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) S4 Change Modem Device Service; C:\WINDOWS\SysWOW64\ChgService.exe [135168 2014-02-20] () [Arquivo não assinado] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11851240 2023-07-14] (Microsoft Corporation -> Microsoft Corporation) R2 ElevationService; C:\Program Files (x86)\Wondershare\drfone\Addins\Recovery\ElevationService.exe [913408 2021-10-26] () [Arquivo não assinado] S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934368 2021-12-01] (Epic Games Inc. -> Epic Games, Inc.) R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-20] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2348512 2023-03-29] (GOG sp. z o.o -> GOG.com) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7178720 2023-03-29] (GOG sp. z o.o -> GOG.com) R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Arquivo não assinado] R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230352 2023-07-13] (HP Inc. -> HP Inc.) R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [127800 2010-04-07] (Hewlett-Packard Company -> HP) S3 klvssbridge64_21.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\vssbridge64.exe [501008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 KSDE5.13; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.13\ksde.exe [32008 2023-04-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [7770888 2017-05-09] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-06-24] (Electronic Arts, Inc. -> Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-06-24] (Electronic Arts, Inc. -> Electronic Arts) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [2703192 2022-12-22] (Rockstar Games, Inc. -> Rockstar Games) R2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] (Realtek Semiconductor Corp -> ) R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [2284400 2023-06-07] (Banco Bradesco SA -> Banco Bradesco S.A.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402216 2023-07-13] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-03-27] (Microsoft Windows Publisher -> Microsoft Corporation) R2 Wondershare InstallAssist; C:\ProgramData\Wondershare\Service\InstallAssistService.exe [262880 2022-01-05] (Wondershare Technology Co.,Ltd -> Wondershare) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 athur; C:\WINDOWS\System32\drivers\athurx.sys [1847296 2010-01-05] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.) R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [96616 2020-05-28] (Bitdefender SRL -> BitDefender) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Arquivo não assinado] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado] R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [240264 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S1 gbpddfac; C:\WINDOWS\System32\drivers\gbpddfac64.sys [28888 2015-11-18] (GAS INFORMATICA LTDA -> GAS Tecnologia) R1 klbackupdisk.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klbackupdisk.sys [112936 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klbackupflt.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klbackupflt.sys [234216 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kldisk.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\kldisk.sys [125736 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2023-04-15] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab) R1 KLFLT.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klflt.sys [548072 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klgse.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klgse.sys [729136 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 KLHK.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klhk.sys [1822784 2023-06-28] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klids.Kaspersky4Win-21-13; C:\ProgramData\Kaspersky Lab\AVP21.13\Bases\klids.sys [235704 2023-06-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 KLIF.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klif.sys [1163544 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98552 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klkbdflt.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klkbdflt.sys [115960 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klmouflt.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klmouflt.sys [113448 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpd.Kaspersky4Win-21-13; C:\WINDOWS\System32\DRIVERS\Kaspersky4Win-21-13\klpd.sys [80672 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpnpflt.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klpnpflt.sys [98040 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 kltun; C:\WINDOWS\system32\DRIVERS\kltun.sys [86776 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R0 klupd_Kaspersky4Win-21-13_arkmon; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_arkmon.sys [368416 2023-06-27] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_Kaspersky4Win-21-13_klark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_klark.sys [350848 2023-05-22] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R0 klupd_Kaspersky4Win-21-13_klbg; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_klbg.sys [179864 2023-05-22] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_Kaspersky4Win-21-13_mark; C:\WINDOWS\System32\Drivers\klupd_Kaspersky4Win-21-13_mark.sys [259440 2023-05-16] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klwfp.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klwfp.sys [179960 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klwtp.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\klwtp.sys [415480 2023-04-15] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kneps.Kaspersky4Win-21-13; C:\WINDOWS\system32\DRIVERS\Kaspersky4Win-21-13\kneps.sys [340208 2023-06-05] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] (ASUSTeK Computer Inc. -> ) S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.) S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49608 2023-03-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [495896 2023-03-27] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-27] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-07-14 08:12 - 2023-07-15 20:00 - 000873472 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-wal 2023-07-14 08:12 - 2023-07-14 08:12 - 000032768 _____ C:\WINDOWS\SysWOW64\DnsStorage-shm 2023-07-14 08:12 - 2023-07-14 08:12 - 000032768 _____ C:\WINDOWS\SysWOW64\AppRulesStorage-shm 2023-07-14 08:12 - 2023-07-14 08:12 - 000000000 _____ C:\WINDOWS\SysWOW64\DnsStorage-wal 2023-07-13 16:09 - 2023-07-13 17:10 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\ZHP 2023-07-13 09:13 - 2023-07-13 09:13 - 000000000 ___HD C:\$WinREAgent 2023-07-10 14:55 - 2023-07-15 20:36 - 000000000 ____D C:\FRST 2023-07-07 20:29 - 2023-07-08 11:48 - 000000000 ____D C:\Program Files\Mozilla Thunderbird 2023-06-27 21:14 - 2023-07-11 22:28 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CiscoSparkLauncher 2023-06-27 21:14 - 2023-07-11 22:28 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CiscoSpark 2023-06-27 19:23 - 2023-06-27 19:23 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex 2023-06-27 18:28 - 2023-06-27 19:21 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\webex 2023-06-27 18:25 - 2023-07-15 13:18 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\WebEx 2023-06-27 18:25 - 2023-06-29 18:56 - 000000000 ____D C:\Users\Angelo Braz\AppData\LocalLow\WebEx ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-07-15 20:39 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-07-15 20:35 - 2020-08-17 17:46 - 000004182 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{D560E2BD-2729-4B68-9016-45F841C9ACEA} 2023-07-15 20:04 - 2021-12-16 21:16 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-07-15 20:04 - 2015-08-11 22:55 - 000000000 ____D C:\Program Files (x86)\Google 2023-07-15 16:02 - 2022-02-09 20:11 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-07-15 16:01 - 2016-11-18 06:31 - 000000000 ____D C:\Users\Angelo Braz\AppData\LocalLow\Mozilla 2023-07-15 13:37 - 2020-08-17 17:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-07-15 09:53 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-07-15 09:53 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-07-15 09:38 - 2020-04-06 13:53 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-07-14 20:54 - 2020-04-19 23:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2023-07-14 19:25 - 2022-12-18 19:51 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-467048075-196725563-1868618205-1001 2023-07-14 19:25 - 2020-08-17 17:46 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-467048075-196725563-1868618205-1001 2023-07-14 19:25 - 2020-08-17 15:16 - 000002448 _____ C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-07-14 11:09 - 2019-12-07 06:03 - 000065536 _____ C:\WINDOWS\system32\config\ELAM 2023-07-13 21:22 - 2022-03-22 08:53 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP 2023-07-13 21:22 - 2021-07-27 22:47 - 000000000 ____D C:\Program Files\HPPrintScanDoctor 2023-07-13 16:40 - 2020-08-17 17:43 - 001749624 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-07-13 16:40 - 2019-12-07 11:53 - 000755378 _____ C:\WINDOWS\system32\prfh0416.dat 2023-07-13 16:40 - 2019-12-07 11:53 - 000149432 _____ C:\WINDOWS\system32\prfc0416.dat 2023-07-13 16:40 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF 2023-07-13 16:06 - 2020-07-22 20:42 - 000000000 ____D C:\AdwCleaner 2023-07-13 15:57 - 2023-05-02 15:25 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage 2023-07-13 12:15 - 2023-06-01 12:54 - 000000000 ____D C:\ProgramData\NVIDIA 2023-07-13 12:15 - 2020-08-17 17:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-07-13 12:15 - 2020-08-17 17:33 - 000008192 ___SH C:\DumpStack.log.tmp 2023-07-13 09:59 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2023-07-13 09:59 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-07-13 09:55 - 2020-08-17 17:33 - 000462752 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-07-13 09:54 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources 2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup 2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-07-13 09:54 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-07-13 09:41 - 2020-08-17 17:36 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2023-07-13 09:10 - 2017-08-30 09:34 - 000000000 ____D C:\ProgramData\Package Cache 2023-07-13 09:09 - 2022-09-23 18:37 - 000000000 ____D C:\Program Files (x86)\dotnet 2023-07-13 09:03 - 2015-08-12 12:56 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-07-13 08:50 - 2015-08-12 12:56 - 173351160 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-07-12 23:13 - 2020-08-17 15:16 - 000000000 ____D C:\Users\Angelo Braz 2023-07-12 09:52 - 2015-07-31 15:54 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Excel 2023-07-12 09:49 - 2015-07-31 15:53 - 000000000 ____D C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Word 2023-07-11 17:57 - 2020-08-17 17:46 - 000003674 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-07-11 17:57 - 2020-08-17 17:46 - 000003550 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-07-08 11:48 - 2023-05-21 18:18 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-07-08 11:48 - 2015-07-30 14:58 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-07-08 11:46 - 2023-06-01 14:05 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\ElevatedDiagnostics 2023-07-07 20:31 - 2021-03-09 16:52 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-07-05 12:34 - 2023-05-21 18:18 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-07-03 10:58 - 2017-10-18 01:12 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\Packages 2023-07-02 15:13 - 2023-05-02 14:28 - 000000000 ____D C:\WINDOWS\system32\Drivers\Kaspersky4Win-21-13 2023-06-28 18:51 - 2015-08-11 22:57 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2023-06-27 19:16 - 2022-10-13 11:25 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job 2023-06-27 19:16 - 2015-07-30 13:48 - 000000000 ____D C:\Program Files\CCleaner 2023-06-22 08:09 - 2018-11-29 23:01 - 000000000 ____D C:\Users\Angelo Braz\AppData\Local\CrashDumps 2023-06-22 08:08 - 2022-10-13 11:25 - 000003472 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting 2023-06-22 08:08 - 2020-08-17 17:46 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2023-06-15 13:44 - 2020-08-17 17:46 - 000003884 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2023-06-15 13:44 - 2020-08-17 17:46 - 000003760 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore ==================== Arquivos na raiz de alguns diretórios ======== 2016-03-26 12:02 - 2016-03-26 12:02 - 000000001 _____ () C:\Users\Angelo Braz\AppData\Local\llftool.4.40.agreement 2016-03-26 12:03 - 2016-03-26 12:03 - 000000019 _____ () C:\Users\Angelo Braz\AppData\Local\llftool.license 2017-09-04 22:53 - 2017-09-04 22:53 - 000003379 _____ () C:\Users\Angelo Braz\AppData\Local\recently-used.xbel 2015-11-02 21:17 - 2022-11-30 14:48 - 000007610 _____ () C:\Users\Angelo Braz\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 15-07-2023 Executado por Angelo (15-07-2023 20:43:46) Executando a partir de D:\Área de Trabalho Microsoft Windows 10 Pro Versão 22H2 19045.3208 (X64) (2020-08-17 20:46:23) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-467048075-196725563-1868618205-500 - Administrator - Disabled) Angelo (S-1-5-21-467048075-196725563-1868618205-1001 - Administrator - Enabled) => C:\Users\Angelo Braz Convidado (S-1-5-21-467048075-196725563-1868618205-501 - Limited - Enabled) DefaultAccount (S-1-5-21-467048075-196725563-1868618205-503 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-467048075-196725563-1868618205-1006 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-467048075-196725563-1868618205-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 22.01 (x64) (HKLM\...\7-Zip) (Version: 22.01 - Igor Pavlov) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.) AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD_Chipset_Drivers (HKLM-x32\...\{fa489a41-09bb-480e-95ff-0856f05112eb}) (Version: 5.05.16.529 - Advanced Micro Devices, Inc.) Hidden Anki (HKLM-x32\...\Anki) (Version: 2.1.43 - ) Aplicativo Itaú (HKLM-x32\...\{D0A058D6-4688-4E33-8894-8951D057990E}) (Version: 1.0.182 - Banco Itaú) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 6.13 - Piriform) Cisco Webex Meetings (HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\ActiveTouchMeetingClient) (Version: 43.6.4 - Cisco Webex LLC) Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.) Configurações da câmera Logitech (HKLM-x32\...\LogiUCDPP) (Version: 2.12.20.0 - Logitech Europe S.A.) digiCamControl (HKLM-x32\...\{051b8fc1-d433-4428-bcd1-f90aa50afa23}) (Version: 2.1.4.0 - ) Hidden ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden Epic Games Launcher (HKLM-x32\...\{59C0032B-88B5-41F3-B8FD-5B3356670B4F}) (Version: 1.1.167.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{4B31654B-80C2-405C-91C9-49B14AEB0F42}) (Version: 2.0.32.0 - Epic Games, Inc.) Foxit PDF Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 12.1.2.15332 - Foxit Software Inc.) GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.61.63 - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 114.0.5735.199 - Google LLC) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Identiv uTrust Smart Card Reader (HKLM-x32\...\{307F1256-AB13-4987-BAED-104752D425C8}) (Version: 1.17.0 - Identiv) IRPF 2023 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País (HKLM\...\6908-8355-8468-2086) (Version: 1.3 - Receita Federal do Brasil) IRPF2017 (HKLM-x32\...\IRPF2017) (Version: 1.1 - Receita Federal do Brasil) IRPF2018 (HKLM-x32\...\IRPF2018) (Version: 1.4 - Receita Federal do Brasil) IRPF2019 (HKLM-x32\...\IRPF2019) (Version: 1.5 - Receita Federal do Brasil) IRPF2020 (HKLM-x32\...\IRPF2020) (Version: 1.9 - Receita Federal do Brasil) IRPF2021 (HKLM-x32\...\IRPF2021) (Version: 1.2 - Receita Federal do Brasil) IRPF2022 (HKLM-x32\...\IRPF2022) (Version: 1.3 - Receita Federal do Brasil) Kaspersky (HKLM-x32\...\{E396C2E3-5292-33E9-949C-349C23D784D8}) (Version: 21.13.5.506 - Kaspersky) Hidden Kaspersky (HKLM-x32\...\InstallWIX_{E396C2E3-5292-33E9-949C-349C23D784D8}) (Version: 21.13.5.506 - Kaspersky) Kaspersky VPN (HKLM-x32\...\{4DC8ED2C-8DA1-3701-A234-66AF6EF1CEFF}) (Version: 21.13.5.506 - Kaspersky) Hidden Kaspersky VPN (HKLM-x32\...\InstallWIX_{4DC8ED2C-8DA1-3701-A234-66AF6EF1CEFF}) (Version: 21.13.5.506 - Kaspersky) K-Lite Codec Pack 17.1.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.1.5 - KLCP) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Microsoft .NET Host - 5.0.17 (x86) (HKLM-x32\...\{54DE7EA9-E391-4BD2-A373-3A72A18EBDB5}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Host - 6.0.20 (x86) (HKLM-x32\...\{82F89EDB-1DF1-402B-BED6-01C736967B6F}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.17 (x86) (HKLM-x32\...\{AF01038B-6523-4EA7-9D9E-4F1E2927D88B}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.20 (x86) (HKLM-x32\...\{561137EF-2ECE-48F0-A6D6-6260AC7112A5}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.17 (x86) (HKLM-x32\...\{59650A2A-3839-46EC-9D9C-6B3B1C743C55}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.20 (x86) (HKLM-x32\...\{6E4984A9-4321-4D96-861F-D03578E68C8B}) (Version: 48.83.63169 - Microsoft Corporation) Hidden Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.16529.20182 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 114.0.1823.82 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.79 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\OneDriveSetup.exe) (Version: 23.132.0625.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (HKLM\...\{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}) (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (HKLM\...\{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}) (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (HKLM-x32\...\{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}) (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (HKLM-x32\...\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}) (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016 (HKLM\...\{F07B1E25-5670-4556-9C7F-5A1966C83269}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016 (HKLM\...\{E493B8F4-E300-43EC-95D0-BDF3711297EA}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016 (HKLM-x32\...\{5CD4E357-9ED6-42AC-B654-F1FC21DD60C9}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016 (HKLM-x32\...\{E2C131AD-D30F-4D67-ACE9-B3D485E84DA8}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{098c6ff7-1af1-4c4a-b86f-c60608c98e31}) (Version: 5.0.17.31219 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.17 (x86) (HKLM-x32\...\{0D02D706-44F2-4957-A448-E7259A0B56B9}) (Version: 40.68.31219 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{39139702-799e-4843-8d90-cfe9330b285a}) (Version: 6.0.20.32621 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.20 (x86) (HKLM-x32\...\{FC641ACB-FE5E-4F88-B392-9421BDCA1143}) (Version: 48.83.63194 - Microsoft Corporation) Hidden Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 115.0 (x64 pt-BR)) (Version: 115.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 113.0.1 - Mozilla) Mozilla Thunderbird (x64 pt-BR) (HKLM\...\Mozilla Thunderbird 102.13.0 (x64 pt-BR)) (Version: 102.13.0 - Mozilla) MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team) NVIDIA Driver de controle do 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA Driver de gráficos 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation) NVIDIA Driver do 3D Vision 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.125 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.125 - NVIDIA Corporation) NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA Software do sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6514 - NVIDIA Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.16529.20182 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.5.101.48500 - Electronic Arts, Inc.) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) PDFsam Basic (HKLM\...\{24493C22-01EA-4E07-AB21-84910EB826B0}) (Version: 4.3.3.0 - Sober Lemur S.a.s. di Vacondio Andrea) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.64.316.2023 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5880 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.23.252 - Rockstar Games) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.5.5 - Rockstar Games) SafeSign 64-bits (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.124 - A.E.T. Europe B.V.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Suporte do iPod (HKLM\...\{713ABB2F-9ACB-4A4A-945A-CEA53C08644C}) (Version: 12.11.3.7 - Apple Inc.) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 82.0 - Ubisoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{9CBA860F-7437-4A75-941C-8EF559F2D145}) (Version: 2.52.0.0 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation) Webex (HKLM\...\{03482546-35AA-4BEC-A702-8B95FE6F4E02}) (Version: 43.6.0.26407 - Cisco Systems, Inc) Packages: ========= Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-08-14] (Microsoft Corporation) HP Scan and Capture -> C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6 [2020-05-08] (Hewlett-Packard Company) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_147.1.1079.0_x64__v10z8vjag6ke6 [2023-07-13] (HP Inc.) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-06-13] (Apple Inc.) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-07] (Microsoft Corporation) [MS Ad] Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2305.14002.0_x64__8wekyb3d8bbwe [2023-05-31] (Microsoft Corporation) [Startup Task] RecForth -> C:\Program Files\WindowsApps\IOForth.Screenrecord-screenrecorder_1.1.11.0_x64__pxs7cjhtcq1xt [2023-06-21] (IOForth) ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-467048075-196725563-1868618205-1001_Classes\CLSID\{DDC34D5E-7D6D-E686-AB5A-C82D0DE991A3}\InprocServer32 -> não caminho do arquivo ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado] ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> Nenhum Arquivo ContextMenuHandlers1: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> Nenhum Arquivo ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado] ContextMenuHandlers4: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll -> Nenhum Arquivo ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Arquivo não assinado] ContextMenuHandlers6: [Kaspersky Anti-Virus 21.13] -> {0E70CD47-F3F0-4C43-B347-796CF9B1F06C} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\shellex.dll [2023-05-02] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-04-19] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) ContextMenuHandlers1_S-1-5-21-467048075-196725563-1868618205-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo ContextMenuHandlers1_S-1-5-21-467048075-196725563-1868618205-1001: [kpdf2wordshellext] -> {70239788-4DAE-49B8-9270-5D8614384B49} => -> Nenhum Arquivo ContextMenuHandlers4_S-1-5-21-467048075-196725563-1868618205-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo ==================== Codecs (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Drivers32: [VIDC.FPS1] => C:\WINDOWS\system32\frapsv64.dll [105984 2015-09-05] (Beepa P/L) [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.FPS1] => C:\Windows\SysWOW64\frapsvid.dll [94208 2015-09-05] (Beepa P/L) [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [Arquivo não assinado] ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Angelo Braz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Módulos Carregados (Whitelisted) ============= 2017-05-09 09:27 - 2017-05-09 09:27 - 003067904 _____ (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aetpkss1.dll 2017-05-09 09:27 - 2017-05-09 09:27 - 000040960 _____ (A.E.T. Europe B.V.) [Arquivo não assinado] C:\Windows\System32\aettask.dll 2016-07-19 20:59 - 2009-04-20 12:29 - 000136704 _____ (Hewlett-Packard Company) [Arquivo não assinado] C:\WINDOWS\System32\hpf3l70w.dll 2016-07-19 21:03 - 2009-04-20 11:29 - 000249856 _____ (Hewlett-Packard Corporation) [Arquivo não assinado] C:\WINDOWS\system32\spool\PRTPROCS\x64\hpfpp70w.dll 2009-06-24 10:57 - 2009-06-24 10:57 - 000029696 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\DebugLogger.dll 2009-06-24 10:57 - 2009-06-24 10:57 - 000032768 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll 2009-06-24 10:57 - 2009-06-24 10:57 - 000031744 _____ (HP) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll 2015-08-23 23:42 - 2022-07-15 11:00 - 000094720 _____ (Igor Pavlov) [Arquivo não assinado] C:\Program Files\7-Zip\7-zip.dll 2009-06-25 09:27 - 2009-06-25 09:27 - 000541184 _____ (Marvell Semiconductor, Inc.) [Arquivo não assinado] C:\WINDOWS\System32\mvtcpmon.dll 2023-06-01 14:01 - 2016-11-14 09:30 - 001300688 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Arquivo não assinado] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll 2009-06-25 09:25 - 2009-06-25 09:25 - 000144896 _____ (OpenSLP) [Arquivo não assinado] C:\WINDOWS\System32\slp64.dll ==================== Alternate Data Streams (Whitelisted) ======== (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:r0d3jo5 [20] AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [254] AlternateDataStreams: C:\ProgramData\TEMP:D061F04D [184] ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-07-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-07-01] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\google.com -> www.google.com IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\google.com.br -> www.google.com.br IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.b.br -> www.itau.b.br IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.com.br -> hxxps://bankline.itau.com.br IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itau.com.br -> bankline.itau.com.br IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itaupersonnalite.com.br -> hxxp://www.itaupersonnalite.com.br IE trusted site: HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\itaupersonnalite.com.br -> www.itaupersonnalite.com.br ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2015-07-10 08:04 - 2022-06-10 19:36 - 000000000 _____ C:\WINDOWS\system32\drivers\etc\hosts 2021-10-01 16:12 - 2021-10-01 16:13 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static HKU\S-1-5-21-467048075-196725563-1868618205-1001\Control Panel\Desktop\\Wallpaper -> D:\Área de Trabalho\838293.jpg DNS Servers: 1.0.0.1 - 1.1.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AutoRun_MBIM => 2 MSCONFIG\Services: Change Modem Device Service => 2 MSCONFIG\Services: DevMgmtService => 2 MSCONFIG\Services: GalaxyClientService => 3 MSCONFIG\Services: GalaxyCommunication => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: HPSIService => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: Origin Client Service => 3 MSCONFIG\Services: Origin Web Helper Service => 2 MSCONFIG\Services: ProductAgentService => 2 MSCONFIG\Services: Steam Client Service => 3 HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk" HKLM\...\StartupApproved\Run: => "StartCN" HKLM\...\StartupApproved\Run: => "VIVO INTERNET 4G" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKLM\...\StartupApproved\Run32: => "ISUSScheduler" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "VIVO INTERNET 4G" HKLM\...\StartupApproved\Run32: => "Genshin Impact_Launcher" HKLM\...\StartupApproved\Run32: => "Genshin Impact Beta_Launcher" HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "Spotify Web Helper" HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "ISUSPM Startup" HKU\S-1-5-21-467048075-196725563-1868618205-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{9704DFD4-4832-4BA2-AD86-B1FA9825F1F5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{B8524ED1-C8B3-42D3-8377-9007CD2EAA50}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{2FA0FB6A-3668-45DF-BB38-CA9816E4F7CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{60982F0A-8A31-47A3-B257-549FBC515CA2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{9DE48766-BD8F-4E57-9A48-50B2D7A9F735}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) FirewallRules: [{0EAAE5A9-8970-47BB-A4F2-6A1742F28E41}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) FirewallRules: [{C69FB424-B5AD-4AD0-BD4C-43D5DE3B800A}] => (Allow) D:\Games Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe () [Arquivo não assinado] FirewallRules: [{D9B48F0D-AE4E-4B45-80AD-9881E874D23B}] => (Allow) D:\Games Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe () [Arquivo não assinado] FirewallRules: [{7F4F876F-6B2E-463B-B1C0-4F8D31B6DE0E}] => (Allow) LPort=57209 FirewallRules: [{B6E1770B-8CAD-4D20-A5EF-AA5E16123919}] => (Allow) LPort=57209 FirewallRules: [{ECF732B5-EE5C-4091-9D65-5E8D0926D921}] => (Allow) LPort=9100 FirewallRules: [{21270FD4-3BF9-4EAC-9CFE-E71669980D50}] => (Allow) LPort=427 FirewallRules: [{04EB6426-E32A-44E6-AF67-70FFED25D5F8}] => (Allow) LPort=161 FirewallRules: [TCP Query User{9DB0A4D1-CBE4-464B-94F0-F3C42A376D1D}C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe] => (Allow) C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe (ITAU UNIBANCO S.A. -> Banco Itaú) FirewallRules: [UDP Query User{04E3C43F-4BF3-485C-9E90-F35D803C4123}C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe] => (Allow) C:\users\angelo braz\appdata\local\aplicativo itau\itauaplicativo.exe (ITAU UNIBANCO S.A. -> Banco Itaú) FirewallRules: [{112F261F-4506-4B4E-BC4F-A32D6499DFDB}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP) FirewallRules: [{29EB09DF-8EE5-4FE0-B8F2-7713B4BA3E85}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP) FirewallRules: [{756953E8-A221-4F00-AEEB-038FDAECCBFB}] => (Allow) LPort=9100 FirewallRules: [{79FFF101-D1B6-4085-97B3-E76F504E1D4D}] => (Allow) LPort=427 FirewallRules: [{A0BB0B35-3961-4770-985C-F673DACB5911}] => (Allow) LPort=161 FirewallRules: [{0C508160-3801-4AB0-940C-D97A9E5C9820}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett-Packard Company -> Hewlett Packard) FirewallRules: [{955D43DB-DDAA-41E9-8C4A-B581CCCC7559}] => (Allow) C:\Program Files\HP\HP LaserJet P1100 Series\wificonfig.exe (Hewlett-Packard Company -> Hewlett Packard) FirewallRules: [{1AA059A1-5AB1-4335-B21F-CA0DD4C3CC27}] => (Allow) LPort=57209 FirewallRules: [{D7659CAC-C449-438C-9994-F84DD097CE69}] => (Allow) LPort=57210 FirewallRules: [{AF1355A8-C405-4208-AB10-33ED0A67F073}] => (Allow) LPort=57211 FirewallRules: [{45962D66-4A6B-45DD-BF35-E761F56AD9B2}] => (Allow) LPort=57212 FirewallRules: [{B5CCDEE1-DC04-41A0-9361-45381456A761}] => (Allow) LPort=57213 FirewallRules: [{61ACAA29-9085-4F20-B5E8-57AC45E3870A}] => (Allow) LPort=57214 FirewallRules: [{F9770054-8423-418C-B688-C5C9B3963DFE}] => (Allow) LPort=57215 FirewallRules: [{8C2914B5-15B3-4C48-AA82-78DEA6F2D379}] => (Allow) LPort=57216 FirewallRules: [{810BAA4E-1B8B-4FDA-8B72-CD45A01BE72F}] => (Allow) LPort=57217 FirewallRules: [{58F42371-9689-4D51-89AB-606D1A001BAD}] => (Allow) LPort=57218 FirewallRules: [{527DD172-FEEF-4424-84CB-9E49472E4D7F}] => (Allow) LPort=57209 FirewallRules: [{7234C66E-E760-47B9-9218-588B0194ACEE}] => (Allow) LPort=57210 FirewallRules: [{89C4D8BE-B71A-4BF3-B61E-B8169AD76902}] => (Allow) LPort=57211 FirewallRules: [{7B303FB5-0AF9-4AD1-9423-FECC397BD8A4}] => (Allow) LPort=57212 FirewallRules: [{FD6CE65C-1A77-4D7A-B1BE-3CA958B6704F}] => (Allow) LPort=57213 FirewallRules: [{CB0FB2C6-32D5-4167-A20B-63975E68D2D5}] => (Allow) LPort=57214 FirewallRules: [{00FA6BF7-B5A6-4804-B943-117AB3F24EC2}] => (Allow) LPort=57215 FirewallRules: [{9A46CF73-52B0-4155-8D32-3AC1D3DBDDD9}] => (Allow) LPort=57216 FirewallRules: [{1BFD7944-E93E-4D03-8342-7397C837FC1D}] => (Allow) LPort=57217 FirewallRules: [{07D1F187-4D33-4E9F-AABF-D958A367E8F2}] => (Allow) LPort=57218 FirewallRules: [{115E9E6E-EEEC-4B8E-877C-85F97D65B924}] => (Allow) LPort=23007 FirewallRules: [{5D10575B-15A2-47EB-A5E3-52C0030B676D}] => (Allow) LPort=23008 FirewallRules: [{88908B64-7FB1-4D51-B4FF-E7374FF75DB2}] => (Allow) LPort=33009 FirewallRules: [{0D97A74D-EF16-44D3-B3C9-A3F9AE2E9F1C}] => (Allow) LPort=33010 FirewallRules: [{51FB394C-330C-4FFB-BE85-B266C3868486}] => (Allow) LPort=33011 FirewallRules: [{50E3A043-B0B1-49D2-AABF-83F624CE67D4}] => (Allow) LPort=43012 FirewallRules: [{2AFF7942-479D-436D-B639-6E13C1F82ACC}] => (Allow) LPort=43013 FirewallRules: [{2D9EE3AE-5FEF-465D-A998-D55D06D59387}] => (Allow) LPort=53014 FirewallRules: [{FBCDA599-CAA8-4C13-A217-5A0E8D854BA9}] => (Allow) LPort=53015 FirewallRules: [{8D5B5EA6-E8AA-484A-BBA0-5D24BB080E72}] => (Allow) LPort=53016 FirewallRules: [{BFE86399-281C-4061-B880-5DC1EDB87DF1}] => (Allow) LPort=23007 FirewallRules: [{9A4B665D-B1F9-4C2F-B541-8517A8E16C98}] => (Allow) LPort=23008 FirewallRules: [{073E55E9-3949-42EB-8F95-DFF6B37A8945}] => (Allow) LPort=33009 FirewallRules: [{D631D813-84EE-4E2D-868E-F080A7DBE7AC}] => (Allow) LPort=33010 FirewallRules: [{759E29DB-3902-4EBF-B109-32E4341B5907}] => (Allow) LPort=33011 FirewallRules: [{116E6146-CB2E-4BDC-90A4-F00EA1AD4377}] => (Allow) LPort=43012 FirewallRules: [{32C1D800-6BDE-42C1-8E03-04A7ED274A83}] => (Allow) LPort=43013 FirewallRules: [{7838B0FE-A664-40F5-BF45-AC25607BD7F0}] => (Allow) LPort=53014 FirewallRules: [{29E4851B-E360-4337-93E3-EFE1331587FB}] => (Allow) LPort=53015 FirewallRules: [{36B1C54D-C58D-4F1A-AB42-333D338B7A00}] => (Allow) LPort=53016 FirewallRules: [{E4F0A1DA-EF72-4E1C-A87E-1B71F971477F}] => (Allow) LPort=50053 FirewallRules: [{02A83C19-C6C1-45F4-9B50-1C73B1EDC322}] => (Allow) LPort=50053 FirewallRules: [{322A0D8E-AA8D-4A50-B4A3-A8E3EA7B838A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{0D0E2360-084D-47AC-BC5B-0F52F486118E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{59F3EB46-7110-4BD6-A6A0-32841E67EE07}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D26BDEAB-488A-4ABA-A3E1-782D4249B379}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{E797C231-379C-4588-A66A-E8C48FAF680D}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP) FirewallRules: [{2C17A881-B1FF-47EE-BD1F-957AE7B9C3A2}] => (Allow) C:\LJP1100_P1560_P1600_Full_Solution\ProductInst64.exe (Hewlett-Packard Company -> HP) FirewallRules: [TCP Query User{AE1F08BC-BA00-4214-B1D0-4E1098B05D36}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{19694063-9D68-4774-8786-24271BA34A28}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Block) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{02FA6EC5-5843-47B0-9579-517E8C1D7A59}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Nenhum Arquivo FirewallRules: [{47A1D1A1-4C71-4545-A814-F6B7F7314D44}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe => Nenhum Arquivo FirewallRules: [{A96CFB8E-99A5-4DD9-B7C5-67B3FA7A102D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6BB2E303-7F11-4581-B66F-2D32FDD47735}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{7A86D96F-8823-48BD-8969-184FE89706BD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{D08F0EB9-1FCA-4F89-BF4D-822CA7622AD1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{ADD6CED8-054F-4731-ADAE-BD0240723ACB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{57B7D3F7-0D1B-421D-AAEF-29AA187E39F6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{1F9E6F74-E687-4100-842D-5AEF0E6E932E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{EA0740D0-B82D-479B-9FAA-62CAE172F128}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{8AC3F5F4-018A-4A03-A891-31F876C6444C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{2E719CE5-4254-457E-9649-F342B9BB05DE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{E0BD1869-4663-4D21-8ABA-877D1E0158D9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{026D2377-C507-44E3-9A36-C54137B7F563}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{47501A06-826E-41C0-93ED-B77E57A3BE5B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.79\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Pontos de Restauração ========================= 13-07-2023 17:04:45 ZHPcleaner ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (07/13/2023 09:44:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: wuauclt.exe, versão: 10.0.19041.3031, carimbo de data/hora: 0x35946a52 Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.19041.3086, carimbo de data/hora: 0xe1ac3f79 Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000012d8b2 ID do processo com falha: 0x2a94 Hora de início do aplicativo com falha: 0x01d9b583486b4bdf Caminho do aplicativo com falha: C:\WINDOWS\system32\wuauclt.exe Caminho do módulo com falha: C:\WINDOWS\System32\KERNELBASE.dll ID do Relatório: 709e54b5-ea80-49b0-b66b-86cb12a3188f Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (07/01/2023 08:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-T0H8SRB.local already in use; will try DESKTOP-T0H8SRB-2.local instead Error: (07/01/2023 08:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 DESKTOP-T0H8SRB.local. Addr 192.168.1.5 Error: (07/01/2023 08:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 16 DESKTOP-T0H8SRB.local. AAAA 2804:0D41:A226:D600:B64C:22FF:8C4C:ABAA Error: (06/30/2023 12:54:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-T0H8SRB.local already in use; will try DESKTOP-T0H8SRB-2.local instead Error: (06/30/2023 12:54:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DESKTOP-T0H8SRB.local. Addr 192.168.1.5 Error: (06/30/2023 12:54:38 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: mDNSCoreReceiveResponse: Received from 192.168.1.5:5353 16 DESKTOP-T0H8SRB.local. AAAA 2804:0D41:A226:D600:B64C:22FF:8C4C:ABAA Error: (06/30/2023 07:43:13 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Local Hostname DESKTOP-T0H8SRB.local already in use; will try DESKTOP-T0H8SRB-2.local instead Erros de Sistema: ============= Error: (07/14/2023 08:10:16 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB) Description: O servidor {94269C4E-071A-4116-90E6-52E557067E4E} não se registrou no DCOM dentro do tempo limite necessário. Error: (07/13/2023 10:26:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Error: (07/13/2023 10:26:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Error: (07/13/2023 10:26:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Error: (07/13/2023 10:26:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Error: (07/13/2023 10:26:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Error: (07/13/2023 10:26:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Error: (07/13/2023 10:26:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-T0H8SRB) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Windows Defender: ================ Date: 2023-03-28 10:27:25 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {33B9A05B-B9F9-466D-ACB9-3B59DDE6C71B} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2023-03-28 10:22:34 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {C889AA89-6F2A-43ED-981E-7AE295922696} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2023-03-28 09:56:14 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {5EDCBF41-C554-420E-AFB2-B5AB38A29F92} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2023-03-28 09:21:13 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {2E00FDA6-61BE-4E36-A497-DC9117BECA80} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2023-03-28 09:10:33 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {349F2248-1234-4A31-950F-AC518C2008D8} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Event[0]: Date: 2022-05-22 23:54:51 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.283.1164.0 Fonte da Atualização: Servidor do Microsoft Update Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.15500.2 Código de Erro: 0x8024001e Descrição do Erro: Erro inesperado ao verificar atualizações. Para obter informações sobre como instalar ou solucionar problemas de atualizações, consulte Ajuda e Suporte. CodeIntegrity: =============== Date: 2023-07-15 20:45:41 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2023-07-15 20:45:15 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\avp.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2023-07-15 20:41:17 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky 21.13\x64\com_antivirus.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: American Megatrends Inc. 2105 07/23/2010 placa-mãe: ASUSTeK Computer INC. M4A785TD-V EVO Processador: AMD Phenom(tm) II X6 1055T Processor Percentagem de memória em uso: 34% RAM física total: 9982.18 MB RAM física disponível: 6552.67 MB Virtual Total: 10622.18 MB Virtual disponível: 7044.58 MB ==================== Drives ================================ Drive () (Fixed) (Total:110.78 GB) (Free:28.03 GB) (Model: KINGSTON SV300S37A120G ATA Device) NTFS Drive d: (Anjo) (Fixed) (Total:931.51 GB) (Free:385.86 GB) (Model: SAMSUNG HD103SI ATA Device) NTFS ==>[sistema com componentes de inicialização (obtido através de drive)] \\?\Volume{70b2a5bd-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS \\?\Volume{70b2a5bd-0000-0000-0000-90d11b000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 70B2A5BD) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=110.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=526 MB) - (Type=27) ========================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 6BF97209) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt =======================

Olá, Elias Pereira. Como requerido segue logs, também em anexo. # AdwCleaner 7.0.3.1 - Logfile created on Thu Jul 13 19:06:04 2023 # Updated on 2017/29/09 by Malwarebytes # Database: 09-29-2017.1 # Running on Windows 10 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* C:/AdwCleaner/AdwCleaner[C0].txt - [1345 B] - [2021/11/8 18:12:2] C:/AdwCleaner/AdwCleaner[C1].txt - [1309 B] - [2022/4/21 12:27:12] C:/AdwCleaner/AdwCleaner[S0].txt - [1200 B] - [2021/11/8 18:10:54] C:/AdwCleaner/AdwCleaner[S1].txt - [1137 B] - [2022/4/21 12:26:40] C:/AdwCleaner/AdwCleaner[S2].txt - [1215 B] - [2023/7/10 17:53:0] ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ########## ------------------------------------------------------------------------------------------------------------------------------------------------- ~ ZHPCleaner v2023.7.13.32 by Nicolas Coolman (2023/07/13) ~ Run by Angelo (Administrator) (13/07/2023 17:08:14) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : D:\Área de Trabalho\ZHPCleaner (R).txt ~ Quarantine : C:\Users\Angelo Braz\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 19045) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;*.local] =>Hijacker.Proxy ---\\ Hosts file (0) ~ No malicious or unnecessary items found. ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (289) MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\024eb950-bd75-4a72-ae7a-cd20a41519f7.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\0ccc7390-1e5f-42c3-b367-73c63b775cb3.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\1194d8eb-cf43-4707-9f02-476686bc5ac5.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\154ed016-8ad2-4407-8953-c917eebdcf83.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\160fbf1b-0924-4fee-aa23-21bc1f9bfa64.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\1b16a52a-57fb-4809-82eb-c399f12e94b2.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\1eb80ae1-3599-4747-a972-b20ceac7f7a2.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\22212a91-458b-4c2e-834b-9a6d30e819d1.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\31a4889b-6a53-4ca2-a346-254c915f192d.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\357573f5-db5e-48d6-91e9-20abd387d1ee.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\40a89361-e348-4d0e-8915-d8cd020f4bc0.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\4e46aca6-d883-4bb3-91b2-9ffef7d629d5.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\5d280eb0-1673-4313-921d-291c9475413b.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\631b6fcc-3fb2-42b6-a03f-e270d751fd50.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\636cafdf-7823-4800-97b2-6800e94c5f27.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\692d0ec3-7432-41de-81ac-1ec48e492e4b.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\6d4711fc-b641-4a22-aecf-eb7a6db4586e.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\7cb424ce-cb98-44b4-bf9b-94191db87d62.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\808b8323-da74-4386-a13c-b004bb095db6.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\82696429-8cbb-46c4-8ae0-41ba81450433.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\881900b9-615a-4bb7-8f1f-056c6e108a6a.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\88a4b54d-ed7b-4a14-b23e-4deb6e4ac3db.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\8e698eab-5255-4212-989d-97a9b08db854.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\8f1586b6-752b-41dc-8d37-c097e91c6c45.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\a17ca52a-07d5-41be-8111-0019fdcbf004.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\a2ef433e-dae8-4ed9-8323-2d05825bbaf9.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\ac293c95-9d5f-4bf0-bb1e-3cc3d0d4d93d.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\ad65cd63-3d57-4e42-b72e-f2bd0676866e.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\b319befe-9273-45b5-9b1e-8333d4949ffe.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\b4bb3575-272a-4959-9895-76c0c89e1d97.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\b7e306ea-91cb-4cd4-8b99-bccde0603e48.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\c01f5efd-ef24-4556-b51c-1cf9b72bcab8.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\c21f51dd-e9a4-485e-b794-9c5ef314f417.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\d5912153-650c-4975-85d7-b674ece38603.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\da5fe1be-1711-4942-8304-bb896ce6b59f.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\e22f7323-d592-455d-8588-f88e8aade361.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\e9c3b750-e1c9-4eac-9dd6-1ce89a9a510b.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wbx7ztempoutput.txt =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct114D.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct11CA.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1274.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1400.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct14E6.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct15F0.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1645.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct18B1.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct18BF.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1914.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1A75.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1AB3.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct1E08.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct24D5.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct24D6.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct28A5.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2972.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2982.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2B5C.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2B9D.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2DF0.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct2F4A.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct313B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3173.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct31AA.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct31FB.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3324.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct339D.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3423.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3610.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct36FC.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3A0B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3BD5.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3BD7.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3C53.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3D56.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct3FA8.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct418C.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct41DC.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct428.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct473C.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct474B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct492.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4935.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4B1D.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4C16.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4CAC.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4E91.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct4F1E.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct508C.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5139.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5276.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct533D.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct53A6.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct547B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct57BA.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct580C.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5AAF.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5AEB.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5DF2.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5E4B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5E4D.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5EB5.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct5FEE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct60F3.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct61B6.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct61D5.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6344.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct63EE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6978.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6A0E.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6A49.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6ABC.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6C67.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6D0E.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6D57.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct6D6C.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct708F.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7106.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7300.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7301.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct731B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7396.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7397.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct73F7.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7567.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct757E.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct77B2.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct78D8.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct79B0.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7AE4.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7BC1.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7C21.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7E98.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7FDB.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct7FF7.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct804A.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct80B2.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8109.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct81CD.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8295.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8297.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct83B4.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct83DB.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8475.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct84C5.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct84D0.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct855A.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct859A.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct85F4.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct872.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct87F7.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8B89.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8B96.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8BE2.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8C1D.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct8E18.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9195.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9526.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct95A4.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9676.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct96D4.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct97B8.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9893.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9974.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9A91.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9B68.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9BAE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9BF6.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9CF0.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wct9D49.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA0BE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA1AE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA33A.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA41.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA426.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA4AC.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA6F.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA7A6.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctA95B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctABED.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctAD50.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctADC0.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctAE2F.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB04B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB07B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB0CE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB210.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB368.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB38F.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB485.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB486.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB4EA.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB57F.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB687.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB6B0.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctB8EE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBCC2.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBDA5.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBE75.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBEB9.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctBEBD.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC091.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC0A3.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC155.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC393.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC395.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC4C8.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC4FD.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC877.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctC9DC.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCA1C.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCAEF.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCB17.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCCE7.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctCFEF.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD029.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD213.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD2D5.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD36.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD58B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD5D8.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD676.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD79B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD84B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctD949.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDA7B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDAB6.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDB3A.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDB4B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDB78.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDB95.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDC24.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDC4D.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDDE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctDE1.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE023.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE035.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE150.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE221.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE2A8.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE41C.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE6F9.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE81A.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE877.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE8CF.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE923.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctE960.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEB72.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEBAB.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEBD7.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEBE3.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEC49.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctED6B.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctEF30.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF02C.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF056.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF097.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF0BB.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF2AB.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF41.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF5DC.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF6DE.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF7A6.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctF9CA.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFA29.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFBC1.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFC4D.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFD18.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\wctFDA8.tmp =>.SUP.Temporary.Office MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{0827A233-217F-45B0-816C-C9B42273B406} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{1F692887-615D-46BC-94D6-BCCD038620D3} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{2DC70F18-8D2B-44D2-A187-8FF26AF279D7} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{35E96602-72AD-4C59-8A83-E77F9B849F95} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{535C4D7C-3A80-4E66-98D7-98BCAF6EEBCF} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{579A5651-38F4-4279-A396-20971BCBD238} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{57CFDB3A-EF55-4581-9C87-36649E47A7C2} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{5EE95DF4-E485-4002-A9D4-F7BDE44E4487} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{6E5231B6-303F-41A9-A2DA-B362D2E50BBC} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{87EE91B0-B099-4D8F-8548-AA0401275EBA} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{A66BCDA3-0CFF-4B7A-A6F9-B31993058545} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{B7934BBB-88AC-41B2-9886-C306A7384DC2} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{D1FD8CFD-5527-4213-A1F5-25531B3185F3} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{EB6417AD-98E2-45E8-BFE5-D9418771AD35} - OProcSessId.dat =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\{F6B240FB-C5D1-4C42-BC45-0E4C8C6424C4}.png =>.SUP.Temporary.Picture MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~8627.tmp =>.SUP.Temporary.Empty MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~DF6F4354FF5D0EC2CD.TMP =>.SUP.Temporary.Other MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~DFC5B5412829B61ADD.TMP =>.SUP.Temporary.Other MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~DFCFA2CB0663D1E55E.TMP =>.SUP.Temporary.Other MOVED file: C:\Users\Angelo Braz\AppData\Local\Temp\~DFF1AC9DF54B8D8558.TMP =>.SUP.Temporary.Other MOVED folder: C:\Users\Angelo Braz\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome ---\\ Registry ( Key, Value, Data) (45) DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\qBittorrent\qbittorrent.exe.FriendlyAppName [qBittorrent - A Bittorrent Client] =>.SUP.Orphan.MUICache DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\qBittorrent\qbittorrent.exe.ApplicationCompany [The qBittorrent Project] =>.SUP.Orphan.MUICache DELETED value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReader.exe [Foxit PDF Reader 12.1] =>.SUP.Orphan.MUICache DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CNext\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CNext\CNBranding\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CIM\Config\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CIM\Bin64\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\AMD\CNext\CNext\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\AMD\Chipset_IODrivers\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\cs\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\da\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\de\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\el\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\en-US\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\es\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\fi\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\fr\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\hu\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\it\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\ja\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\ko\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\nl\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\no\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\pl\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\pt-BR\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\ru\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\sv\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\th\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\tr\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\zh_CHS\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\help\zh_CHT\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\MOM-InstallProxy\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Welcome\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\ATI Technologies\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\ATI Technologies\ATI.ACE\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Welcome\en-US\images\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\x86\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Kaspersky Lab\KSDE5.13\Bases\Cache\ [No Folder] =>.SUP.Obsolete.NoFolder ---\\ Summary of the elements found (8) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Temporary.Office https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Temporary.Picture https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Temporary.Other https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/forum/Topic/orphan-muicache-logiciel-potentiellement-superflu-lps/ =>.SUP.Orphan.MUICache https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Obsolete.NoFolder ---\\ Other deletions. (11) ~ Registry Keys Tracing deleted (11) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Microsoft Edge OK ~ Mozilla Firefox OK ~ Microsoft Internet Explorer OK ~ Thunderbird OK ~ Chromium OK ---\\ Statistics ~ Items scanned : 1716 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 503923982 ~ Items options : 16/18 ---\\ OPTIONS NOT ACTIVES ~ Start browsers with extensions removed ~ Clearing browser caches and histories ~ End of clean in 00h01mn54s ---\\ Reports (2) ZHPCleaner-[S]-13072023-16_54_50.txt ZHPCleaner-[R]-13072023-17_10_08.txt AdwCleaner.txt ZHPCleaner (R).txt