PC lerdo e Impressora não instala programa

KakaSantos · 28 de outubro de 2021

Encontrei alguns vírus, mas, PC continua ruim e lento. Impressora também não reinstala programa. Já reiniciei spooler mas sem sucesso.

Elias Pereira · 31 de outubro de 2021

@KakaSantos

Por favor, atente para o seguinte:

Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento p2p/toŕŕent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Respeite a ordem das instruções passadas;
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Regras da Área de Remoção de Malware << IMPORTANTE A LEITURA

Regras Gerais do Forum Clube do Hardware << IMPORTANTE A LEITURA

Siga os passos abaixo:

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

ETAPA 1

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em

Clique em VERIFICAR AGORA/SCAN NOW. Após o termino clique em LIMPAR/CLEAN e aguarde.

Será aberto o bloco de notas com o resultado.

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

ETAPA 2

Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.majorgeeks.com/files/details/zhpcleaner.html

Execute o arquivo ZHPCleaner.exe Como Administrador

Clique no botão Scanner.
A ferramenta começara o exame do seu sistema.
Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
Em seguida clique no botão Reparar.
Será gerado um log chamado ZHPCleaner.txt

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

KakaSantos · 1 de novembro de 2021

# -------------------------------
# Malwarebytes AdwCleaner 8.3.0.0
# -------------------------------
# Build: 06-29-2021
# Database: 2021-10-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-01-2021
# Duration: 00:00:37
# OS: Windows 10 Pro
# Cleaned: 0
# Failed: 0

***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1405 octets] - [01/11/2021 11:30:16]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

~ ZHPCleaner v2021.10.27.335 by Nicolas Coolman (2021/10/27)
~ Run by Kaka (Administrator) (01/11/2021 11:56:22)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scan
~ Report : C:\Users\Kaka\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\Kaka\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point :
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 19042)

---\\ Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.

---\\ Services (0)
~ No malicious or unnecessary items found.

---\\ Browser internet (1)
FOUND data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;] =>Hijacker.Proxy

---\\ Hosts file (1)
~ The hosts file is legitimate (26)

---\\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

---\\ Explorer ( File, Folder) (5)
FOUND file: C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Users\Kaka\AppData\Local\Microsoft\Edge\User Data\Default\Preferences =>ChromiumPreference
FOUND file: C:\Windows\Prefetch\ERROS_0X000006BE-OUTBYTE-PC-R-49A8F666.pf =>SUP.Optional.Outbyte
FOUND folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
FOUND folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime

---\\ Registry ( Key, Value, Data) (1)
FOUND key: HKLM\SOFTWARE\POLICIES\Mozilla\Firefox [AdditionalScan 573] =>.SUP.FirefoxRestriction

---\\ Summary of the elements found (5)
https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy
https://nicolascoolman.eu/2020/10/01/preferences-navigateurs-chromium/ =>ChromiumPreference
https://nicolascoolman.eu/forum/Topic/-logiciel-potentiellement-superflu-lps/ =>SUP.Optional.Outbyte
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/ =>Riskware.QuickTime
https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.FirefoxRestriction

---\\ Result of repair
~ Any repair made
~ Google Chrome OK
~ Internet Explorer OK

---\\ Statistics
~ Items scanned : 113395
~ Items found : 9
~ Items cancelled : 0
~ Space saving (bytes) : 0
~ Items options : 9/17

---\\ OPTIONS NOT ACTIVES
~ Temporary file analysis
~ Temporary folder analysis
~ Empty Folder CLSID Analysis
~ Empty Other Folder Analysis
~ Empty LocalLow Folder Analysis
~ Empty Local Folder Analysis
~ Obsolete Installer File Analysis
~ Start browsers with extensions removed

~ End of search in 00h44mn04s

---\\ Reports (0)
ZHPCleaner-[S]-01112021-12_40_26.txt

Elias Pereira · 4 de novembro de 2021

@KakaSantos

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop)

roguekiller.exe (x64) << link

Feche todos os programas
Execute o RogueKiller.exe.
** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em
Clique em SCAN
Clique no primeiro START "Standard Scan (recommended)" e aguarde o scan...
Clique no botão RESULTS
Clique na opção REPORT e em EXPORT e selecione a opção Text file...
Salve o arquivo na area de trabalho com o nome roguekiller_report

Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

KakaSantos · 7 de novembro de 2021

Programa informou pontecial virus a ser removido: MpSigtub.exe

Program : RogueKiller Anti-Malware
Version : 15.1.2.0
x64 : Yes
Program Date : Nov 3 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Kaka
User is Admin : Yes
Date : 2021/11/07 16:47:24
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 10777
Found items : 1
Total scanned : 64497
Signatures Version : 20211102_094554
Truesight Driver : Yes
Updates Count : 4

************************* Warnings *************************
(42:4545) C:\Windows\System32, LONG_FOLDER_SCAN
[+] path : C:\Windows\System32
[+] message : LONG_FOLDER_SCAN
[+] int1 : 42
[+] int2 : 4545

(24:2851) C:\Windows\SysWOW64, LONG_FOLDER_SCAN
[+] path : C:\Windows\SysWOW64
[+] message : LONG_FOLDER_SCAN
[+] int1 : 24
[+] int2 : 2851

************************* Updates *************************
WinRAR 6.00 (64-bit) (64-bit), version 6.00.0
[+] Available Version : 6.02
[+] Size : 9,95 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR\

Malwarebytes version 4.4.9.142 (64-bit), version 4.4.9.142
[+] Available Version : 4.4.10
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Malwarebytes\Anti-Malware

K-Lite Codec Pack 16.4.9 Basic (32-bit), version 16.4.9
[+] Available Version : 16.5.3
[+] Size : 79,6 MB
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\K-Lite Codec Pack\

µTorrent (64-bit), version 3.5.5.46010
[+] Available Version : 3.5.5.46074
[+] Size : 20,8 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\Kaka\AppData\Roaming\uTorrent

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************

************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************

************************* Web Browsers *************************

************************* Antirootkit *************************

Elias Pereira · 9 de novembro de 2021

@KakaSantos

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Execute o FRST64.EXE

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:Clique com o direito sobre o arquivo FRST.EXE, depois clique em EXECUTAR COMO ADMINISTRADOR

Na opção Search, digite: MpSigtub.exe

Clique no botão SEARCH FILES

Aguarde e ao final, o log Search.txt será salvo no seu desktop.

Abra o arquivo Search.txt, copie e cole seu conteudo na sua proxima resposta.

KakaSantos · 12 de novembro de 2021

Farbar Recovery Scan Tool (x64) Versão: 09-11-2021
Executado por Kaka (11-11-2021 19:53:13)
Executando a partir de C:\Users\Kaka\Desktop
Modo da Inicialização: Normal

================== Pesquisar Arquivos: "MpSigtub.exe" =============

====== Fim de Pesquisar ======

Elias Pereira · 12 de novembro de 2021

@KakaSantos

O MpSigtub.exe foi removido.

Clique no menu Iniciar, e após isso clique com o botão direito do mouse sob Este computador e selecione a opção Propriedades.
Em Propriedades, selecione a opção Configurações avançadas do sistema.
Vá na aba Proteção do Sistema, e em Restauração do Sistema, vá na opção Criar.
OBS: Atente para a correta criação do ponto de restauração
Depois basta seguir as instruções em tela, para criar seu ponto de restauração.
OBS: Lembre-se de colocar um nome de fácil entendimento para uma posterior restauração a partir deste ponto.

Pressione as teclas Windows + R e digite: msconfig
- Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo
- Clique na guia Inicialização de Programas e clique em Abrir Gerenciador de Tarefas
- Clique com o botão direito em cada entrada da inicialização e clique em Desabilitar/Desativar.

Volte para a tela de Configurações do Sistema e clique em Aplicar e depois em OK.

Siga as mensagens ate que seja solicitado a reiniciar.

Me informe se tudo ok ou se ocorreu algum problema.

KakaSantos · 14 de novembro de 2021

Feito o processo com tranquilidade! Após reiniciar e fazer alguns testes observei que o travamento constante diminuiu mas ainda existe, a lentidão é constante. A inicialização do sistema ate o menu iniciar e barras de ferramentas estar visível levaram 7 minutos, daí para abrir algum aplicativo por exemplo explorador de arquivos ou Chrome por exemplo que travou 6 vezes ate conseguir concluir essa reposta levaram 25 minutos. Ainda não consegui êxito no uso da impressora retirei as atualizações do Win10 mas sem sucesso, parece ainda ter haver com esse problema de lentidão.

Elias Pereira · 15 de novembro de 2021

@KakaSantos

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em http://i.imgur.com/VRIfczU.png .

Aceite o contrato e depois clique no botão Scan/Examinar.Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

KakaSantos · 20 de novembro de 2021

.

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14-11-2021
Executado por Kaka (administrador) em KAKA-PC (16-11-2021 19:09:24)
Executando a partir de C:\Users\Kaka\Desktop
Perfis Carregados: Kaka
Plataforma: Microsoft Windows 10 Pro Versão 21H1 19043.1348 (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Google LLC -> ) C:\Program Files\Google\Drive File Stream\52.0.6.0\crashpad_handler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe <2>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.ACRONYM\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-06-03] (Adobe Inc. -> )
HKLM-x32\...\Run: [OnScreen Control] => C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe [1820568 2020-10-19] (LG Electronics Inc. -> LG Electronics Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [49952424 2021-10-19] (Google LLC -> )
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\Run: [uTorrent] => C:\Users\Kaka\AppData\Roaming\uTorrent\uTorrent.exe [2132520 2021-05-10] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [35116160 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\52.0.6.0\GoogleDriveFS.exe [54107992 2021-10-18] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\hpfpp083: C:\Windows\System32\spool\prtprocs\x64\hpfpp083.dll [254464 2008-10-06] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Datecs Language Monitor: C:\WINDOWS\system32\prnlm_dt.dll [92160 2016-04-11] (Datecs -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\95.0.4638.69\Installer\chrmstp.exe [2021-11-02] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{26923b43-4d38-484f-9b9e-de460746276c}] -> C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2021-03-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {01C6B36D-0D60-4B62-B78D-ABA9EBC3F035} - System32\Tasks\CCleanerSkipUAC - Kaka => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {070330DE-FAFE-4F2D-873C-5B4D2ACF4843} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Nenhum Arquivo)
Task: {087FE0D1-2E27-437D-872A-4E2A4514F337} - System32\Tasks\{2B271AD6-2CDB-46D2-9857-7D1C30B79606} => C:\Windows\system32\pcalua.exe -a C:\Users\Kaka\Desktop\Atheros\setup.exe -d C:\Users\Kaka\Desktop\Atheros
Task: {0C3C4557-6D20-4E89-B5A0-10B45DA4349E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (Nenhum Arquivo)
Task: {10CC58BF-46AE-4C78-B5EB-F1C072047FF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {16A92A74-5047-43EA-A9D0-EAC4A2B6A468} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (Nenhum Arquivo)
Task: {16C311BD-0160-49BB-B159-8F414F3696B3} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {1725E09A-8745-4716-97C4-D58163ECF2D8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (Nenhum Arquivo)
Task: {1D8FF228-A7B3-4623-8D33-B4DD0890D810} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (Nenhum Arquivo)
Task: {2370E69F-2A76-414F-A068-012265B0653E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [Arquivo não assinado]
Task: {2BE2BEA5-B214-407D-990F-676B52FA5ACD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (Nenhum Arquivo)
Task: {392B3EAA-79C3-4618-8A3A-04BE77A66629} - System32\Tasks\{80381077-9AE3-49C0-9AAF-3BB1682AE9FD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}\setup.exe" -c -runfromtemp -l0x0416 -removeonly
Task: {418DC5F2-1B8B-44BF-A677-2F1E089D996A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4F0BE499-9CE6-484D-A590-3B0AA802BB52} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {5187B438-0A8D-48C9-9AFF-8042F46ABFF1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (Nenhum Arquivo)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {62226D0B-DB59-40AE-87DC-C33920102327} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-10-14] () [Arquivo não assinado]
Task: {62E0EB2F-1D59-474C-97F1-F36DDCC50FD5} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (Nenhum Arquivo)
Task: {6744419E-6075-4160-A2BC-A9DF037118A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {68D6F227-C9C8-408C-A35D-0590F9A9D1AE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (Nenhum Arquivo)
Task: {6A0B7A24-B0F3-4066-B299-A90103BADBD0} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {7158BE07-2C75-4CAA-9353-018447B08331} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314824 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {777B6E4D-F85A-4697-BC7F-DCE078D730D0} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {87B85FE1-D6B9-48C7-BEAB-F3223F1280DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (Nenhum Arquivo)
Task: {8D3B8A5E-366A-4DA1-B493-B8F7151AB219} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (Nenhum Arquivo)
Task: {8F22CC8A-DBA6-477B-9C90-7D9149FDE29C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {96B4F296-3AF2-4734-8C88-32C9D8E32665} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (Nenhum Arquivo)
Task: {99C3E9F1-514D-4213-80A7-B64AEC8DEF29} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B364E99-BFED-4504-8A92-87AEBA232A85} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (Nenhum Arquivo)
Task: {A7451315-F0DF-4C00-9CC8-3046E8F00B55} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (Nenhum Arquivo)
Task: {AD8F1369-6019-437D-9EF6-C3AEF71926DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {AE926E5C-73F0-4875-8A26-AF4464EA2380} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (Nenhum Arquivo)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B0DB17F9-C3FC-4C37-91F4-BEA29DBAB83B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6E07F63-6822-402B-ACA1-A4DDC5906233} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {C1376B8C-A19E-4C5B-A779-16F082008D82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {C657111D-DB4E-4080-B2A2-D074236C900D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (Nenhum Arquivo)
Task: {C8099BF5-3246-432E-8C16-731BBE10A5E8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {C851D3C6-1F80-41A3-BAC1-E49484AF1266} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Nenhum Arquivo)
Task: {C94CE6AE-BC92-4072-B923-A1B7D906AC11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D3BCD7FE-C2AA-4352-90F1-605DD1878ABD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (Nenhum Arquivo)
Task: {D45E0B19-0475-4001-B63D-105962763D4B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (Nenhum Arquivo)
Task: {E0CFCF8A-94F9-40B1-BB84-B3EC2AD80D03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314824 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3796FFF-39CE-426E-BEE5-966C18C1FC50} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (Nenhum Arquivo)
Task: {E6DCE9B2-5069-4F36-982B-58B5E254F22E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (Nenhum Arquivo)
Task: {E6F1B631-9D96-4B10-ADF8-593E9E606A98} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7FC3818-BB30-47B4-A5C9-EF57F7B712E1} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [Arquivo não assinado]

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{55830F45-3F62-4462-8BAF-EDC8FF0391FB}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Kaka\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-16]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Kaka\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-10-23]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default [2021-11-16]
CHR Extension: (Apresentações) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-02-09]
CHR Extension: (Safe Torrent Scanner) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2021-06-30]
CHR Extension: (Documentos) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-02-09]
CHR Extension: (Google Drive) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-02-09]
CHR Extension: (YouTube) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-02-09]
CHR Extension: (Planilhas) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-02-09]
CHR Extension: (Documentos Google off-line) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-20]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-16]
CHR Extension: (Acesso rápido a apps para o Drive (do Google)) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-04-15]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-09]
CHR Extension: (Gmail) - C:\Users\Kaka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-02-09]
CHR HKU\S-1-5-21-3439908664-1470252025-331894347-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
S4 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2356800 2021-03-18] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S4 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [288360 2021-05-14] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7826104 2021-10-27] (Malwarebytes Inc -> Malwarebytes)
R2 MSSQL$ACRONYM; c:\Program Files\Microsoft SQL Server\MSSQL11.ACRONYM\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado]
S4 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [2269056 2021-02-16] (Banco Bradesco S.A. -> Scopus Soluções em TI Ltda)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$ACRONYM; c:\Program Files\Microsoft SQL Server\MSSQL11.ACRONYM\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-10-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-27] (Malwarebytes Inc -> Malwarebytes)
S4 RsFx0200; C:\WINDOWS\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-04] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-04] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; não ImagePath
S3 MpKsla256b193; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5B45C3CE-D802-4AE5-B250-1729B7DED6F8}\MpKslDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-11-16 19:09 - 2021-11-16 19:44 - 000023719 _____ C:\Users\Kaka\Desktop\FRST.txt
2021-11-14 12:56 - 2021-11-14 12:56 - 000035441 _____ C:\Users\Kaka\Downloads\FRST (1).txt
2021-11-14 12:55 - 2021-11-14 12:56 - 000035441 _____ C:\Users\Kaka\Downloads\FRST.txt
2021-11-12 17:20 - 2021-11-12 17:20 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-12 17:19 - 2021-11-12 17:19 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-12 17:19 - 2021-11-12 17:19 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-12 17:18 - 2021-11-12 17:18 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-12 12:53 - 2021-11-12 12:53 - 000000000 ___HD C:\$WinREAgent
2021-11-09 10:18 - 2021-11-16 19:25 - 000000000 ____D C:\FRST
2021-11-09 10:10 - 2021-11-15 21:54 - 002311680 _____ (Farbar) C:\Users\Kaka\Desktop\FRST64.exe
2021-11-07 11:49 - 2021-11-07 11:49 - 000002419 _____ C:\Users\Kaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-02 08:24 - 2021-11-02 08:26 - 000000000 ____D C:\Users\Kaka\Desktop\wal
2021-11-01 11:55 - 2021-11-01 13:34 - 000000000 ____D C:\Users\Kaka\AppData\Roaming\ZHP
2021-11-01 11:55 - 2021-11-01 11:55 - 000000000 ____D C:\Users\Kaka\AppData\Local\ZHP
2021-10-31 15:38 - 2021-10-31 15:45 - 000000000 ____D C:\Program Files\Defraggler
2021-10-31 15:38 - 2021-10-31 15:38 - 000001765 _____ C:\Users\Public\Desktop\Defraggler.lnk
2021-10-31 15:38 - 2021-10-31 15:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2021-10-31 14:28 - 2021-11-16 17:41 - 000000000 ____D C:\Program Files\CCleaner
2021-10-31 14:28 - 2021-10-31 14:28 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-10-31 14:28 - 2021-10-31 14:28 - 000002884 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Kaka
2021-10-31 14:28 - 2021-10-31 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2021-10-31 12:41 - 2021-10-31 12:41 - 000751253 _____ C:\Users\Kaka\Documents\Vigory Suplementos.xlsm
2021-10-28 20:16 - 2021-10-28 20:16 - 000000000 ____D C:\Users\Kaka\Desktop\MEI outros
2021-10-28 19:55 - 2021-10-28 20:16 - 000000000 ____D C:\Users\Kaka\Desktop\area de trabalho
2021-10-28 19:53 - 2021-10-28 20:03 - 000000000 ____D C:\AdwCleaner
2021-10-27 21:07 - 2021-10-27 21:07 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-10-27 21:07 - 2021-10-27 21:07 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-10-27 21:07 - 2021-10-27 21:06 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-10-27 21:07 - 2021-10-27 21:06 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-10-27 21:06 - 2021-10-27 21:06 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-10-27 21:05 - 2021-10-27 21:06 - 000000000 ____D C:\Program Files\Malwarebytes
2021-10-26 18:40 - 2021-10-26 18:48 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2021-10-26 18:37 - 2021-10-26 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-10-26 18:37 - 2021-10-26 18:37 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-10-26 18:37 - 2021-10-26 18:37 - 000000000 ____D C:\Program Files\MSBuild
2021-10-26 18:37 - 2021-10-26 18:37 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-10-26 18:37 - 2021-10-26 18:37 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-10-24 13:44 - 2021-11-12 11:09 - 000000000 ____D C:\WINDOWS\Panther
2021-10-24 13:29 - 2021-10-24 13:29 - 000003300 _____ C:\WINDOWS\system32\Tasks\klcp_update
2021-10-24 13:28 - 2021-10-24 13:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2021-10-24 13:28 - 2021-10-24 13:28 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2021-10-24 13:09 - 2021-10-24 13:09 - 000000000 ____D C:\Users\Kaka\AppData\Local\Apple Computer
2021-10-24 11:11 - 2021-10-24 11:11 - 000000382 _____ C:\Users\Kaka\Documents\appmon.reg
2021-10-24 11:02 - 2021-10-24 11:02 - 000000000 ___HD C:\$SysReset
2021-10-24 10:24 - 2021-10-24 10:24 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2021-10-23 13:58 - 2021-10-23 13:58 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll
2021-10-23 13:58 - 2021-10-23 13:58 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-10-23 13:58 - 2021-10-23 13:58 - 000203264 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll
2021-10-23 13:58 - 2021-10-23 13:58 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2021-10-23 13:58 - 2021-10-23 13:58 - 000158208 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-10-23 13:58 - 2021-10-23 13:58 - 000040960 _____ C:\WINDOWS\system32\uwfservicingapi.dll
2021-10-23 13:57 - 2021-10-23 13:57 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-10-23 13:57 - 2021-10-23 13:57 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-10-23 13:57 - 2021-10-23 13:57 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-10-23 13:57 - 2021-10-23 13:57 - 000611960 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-10-23 13:57 - 2021-10-23 13:57 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-10-23 13:56 - 2021-10-23 13:56 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-10-23 13:55 - 2021-10-23 13:55 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-10-23 13:55 - 2021-10-23 13:55 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-10-23 13:55 - 2021-10-23 13:55 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-10-23 13:55 - 2021-10-23 13:55 - 000706536 _____ C:\WINDOWS\system32\TextShaping.dll
2021-10-23 13:55 - 2021-10-23 13:55 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-10-23 13:55 - 2021-10-23 13:55 - 000098304 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-10-23 13:54 - 2021-10-23 13:54 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2021-10-23 13:54 - 2021-10-23 13:54 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-10-23 13:54 - 2021-10-23 13:54 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-10-23 13:20 - 2021-10-23 13:20 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-10-23 13:20 - 2021-10-23 13:20 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-10-22 17:19 - 2021-10-22 17:19 - 000001377 _____ C:\Users\Kaka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-10-22 17:19 - 2021-10-22 17:19 - 000000000 ____D C:\Users\Kaka\AppData\Local\PCHealthCheck
2021-10-19 20:52 - 2021-10-19 20:52 - 000000000 ____D C:\Users\Kaka\AppData\LocalLow\Oracle

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2021-11-16 20:07 - 2021-02-09 17:05 - 000000000 ____D C:\Program Files (x86)\Google
2021-11-16 18:53 - 2021-03-14 12:18 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-16 18:35 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-16 18:28 - 2020-11-18 23:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-16 17:43 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-16 17:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-15 22:36 - 2021-02-14 19:22 - 000000000 ____D C:\Users\Kaka
2021-11-15 22:21 - 2021-02-14 19:16 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-15 22:21 - 2020-11-18 23:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-15 21:58 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-14 12:44 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-11-14 11:11 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-14 09:33 - 2020-11-18 23:48 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-11-13 14:20 - 2021-02-14 19:22 - 002181608 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-13 14:20 - 2019-12-07 11:53 - 000905964 _____ C:\WINDOWS\system32\prfh0416.dat
2021-11-13 14:20 - 2019-12-07 11:53 - 000211886 _____ C:\WINDOWS\system32\prfc0416.dat
2021-11-13 13:17 - 2021-02-10 19:40 - 000000000 ____D C:\ProgramData\NVIDIA
2021-11-13 12:33 - 2021-05-02 12:54 - 000000000 ____D C:\Users\Kaka\AppData\Local\CrashDumps
2021-11-12 17:45 - 2021-02-09 17:06 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-12 17:42 - 2020-11-18 23:45 - 000308528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-12 17:32 - 2019-12-07 11:56 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-11-12 17:32 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-11-12 17:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-12 17:32 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-12 17:31 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-12 11:54 - 2021-02-14 19:36 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-08 16:37 - 2021-04-16 13:23 - 000000000 ____D C:\Users\Kaka\Desktop\vigory
2021-11-07 12:01 - 2021-02-14 19:35 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3439908664-1470252025-331894347-1000
2021-11-04 10:53 - 2020-11-18 23:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-11-02 08:30 - 2021-10-04 18:56 - 000000000 ____D C:\Users\Kaka\Desktop\Aula Motion
2021-10-31 15:22 - 2021-05-02 12:43 - 000000000 ____D C:\Users\Kaka\AppData\Roaming\uTorrent
2021-10-31 14:18 - 2021-06-18 15:21 - 000000000 ____D C:\Users\Kaka\AppData\LocalLow\IGDump
2021-10-31 12:01 - 2021-02-14 19:29 - 000000000 ____D C:\Users\Kaka\AppData\Local\Packages
2021-10-29 21:02 - 2021-02-15 11:28 - 000000000 ____D C:\Users\Kaka\AppData\Local\D3DSCache
2021-10-27 21:07 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-26 18:37 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-10-26 18:37 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-10-26 12:59 - 2021-09-25 15:05 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2021-10-26 12:59 - 2021-09-25 15:05 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk
2021-10-26 12:59 - 2021-09-25 15:05 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk
2021-10-26 12:59 - 2021-09-25 15:05 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk
2021-10-24 09:51 - 2021-10-04 19:23 - 000000000 ____D C:\Program Files\KMPlayer 64X
2021-10-23 20:32 - 2021-06-20 11:56 - 000000000 ____D C:\Users\Kaka\AppData\Local\ElevatedDiagnostics
2021-10-23 16:31 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-10-23 15:15 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-10-23 14:18 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-10-23 13:20 - 2021-02-26 16:12 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-10-23 13:07 - 2010-11-21 00:27 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-10-22 17:10 - 2021-04-15 18:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2021-10-20 06:02 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Catroot2.old
2021-10-20 05:52 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-10-19 20:54 - 2021-04-25 18:02 - 000000000 ____D C:\Program Files\Java
2021-10-19 20:53 - 2021-04-25 18:02 - 000191832 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2021-10-19 20:53 - 2021-04-25 18:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 14-11-2021
Executado por Kaka (16-11-2021 20:48:34)
Executando a partir de C:\Users\Kaka\Desktop
Microsoft Windows 10 Pro Versão 21H1 19043.1348 (X64) (2021-02-14 22:28:14)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-3439908664-1470252025-331894347-500 - Administrator - Disabled)
Convidado (S-1-5-21-3439908664-1470252025-331894347-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3439908664-1470252025-331894347-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3439908664-1470252025-331894347-1002 - Limited - Enabled)
Kaka (S-1-5-21-3439908664-1470252025-331894347-1000 - Administrator - Enabled) => C:\Users\Kaka
WDAGUtilityAccount (S-1-5-21-3439908664-1470252025-331894347-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

µTorrent (HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\uTorrent) (Version: 3.5.5.46010 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_5_1) (Version: 17.5.1 - Adobe Inc.)
Adobe Illustrator 2021 (HKLM-x32\...\ILST_25_2_1) (Version: 25.2.1 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_3_1) (Version: 14.3.1 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_4) (Version: 14.4 - Adobe Systems Incorporated)
Backup and Sync from Google (HKLM\...\{685BAD50-A3AA-4B91-A15B-77F9DC7346D4}) (Version: 3.57.4043.4118 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.86 - Piriform)
Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0 - Banco Bradesco S.A.)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.3.37598 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 95.0.4638.69 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 52.0.6.0 - Google LLC)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{82D96D11-AF74-4449-8811-4D6CE66FEF63}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Instalação (HKLM-x32\...\{EDCFF0E5-A992-4C2C-A8B9-286867A143D4}) (Version: 1.0.0 - Configurando Windows)
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
IRPF2021 (HKLM-x32\...\IRPF2021) (Version: 1.2 - Receita Federal do Brasil)
Java 8 Update 311 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
K-Lite Codec Pack 16.4.9 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.4.9 - KLCP)
Malwarebytes version 4.4.9.142 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.9.142 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 95.0.1020.53 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - en-us (HKLM\...\ProPlus2019Retail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - pt-br (HKLM\...\ProPlus2019Retail - pt-br) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\OneDriveSetup.exe) (Version: 21.205.1003.0005 - Microsoft Corporation)
Microsoft Project - en-us (HKLM\...\ProjectPro2019Retail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Project - pt-br (HKLM\...\ProjectPro2019Retail - pt-br) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visio - en-us (HKLM\...\VisioPro2019Retail - en-us) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Visio - pt-br (HKLM\...\VisioPro2019Retail - pt-br) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
NVIDIA Driver de áudio HD 1.3.38.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.35 - NVIDIA Corporation)
NVIDIA Driver de gráficos 456.71 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
OnScreen Control (HKLM-x32\...\{E5C1B339-0E4E-49A5-859E-5E1DE1938706}) (Version: 6.82 - LG Electronics Inc)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Verificação de integridade do PC Windows (HKLM\...\{7B8625FE-28B8-4926-B150-AB5EDC01AB3E}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Verificação de integridade do PC Windows (HKLM\...\{BDA76587-4949-46D7-8427-AE49451F93D4}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Windows Driver Package - Datecs Ltd (usbser) Ports (10/28/2015 2.0.5.0) (HKLM\...\DB69C63965A8FEFF35670752784E87162B6F7609) (Version: 10/28/2015 2.0.5.0 - Datecs Ltd)
WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.2.261.0_x64__v10z8vjag6ke6 [2021-11-12] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0 [2021-11-13] (Spotify AB) [Startup Task]

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3439908664-1470252025-331894347-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ShellIconOverlayIdentifiers: [ GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2021-10-19] (Google LLC -> Google)
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\52.0.6.0\drivefsext.dll [2021-10-18] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2020-10-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2021-06-03] (Adobe Inc. -> )
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2020-08-03] (Piriform Software Ltd -> Piriform Software Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-10-27] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Módulos Carregados (Whitelisted) =============

2021-02-15 10:57 - 2021-02-15 10:57 - 000182272 _____ (Microsoft Corporation) [Arquivo não assinado] C:\WINDOWS\SYSTEM32\prntvpt.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-3439908664-1470252025-331894347-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-3439908664-1470252025-331894347-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 23:34 - 2021-04-25 14:14 - 000000935 ____R C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 activation.easeus.com
0.0.0.0 track.easeus.com
0.0.0.0 easeus.com
0.0.0.0 update.easeus.com

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\DTS\Binn\
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kaka\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{c570512c-5f34-4b5f-b5f2-8c25b5e78db1}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Nenhum Arquivo)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

MSCONFIG\Services: FoxitReaderUpdateService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HPPrintScanDoctorService => 2
MSCONFIG\Services: NVDisplay.ContainerLocalSystem => 2
MSCONFIG\Services: rkrtservice => 2
MSCONFIG\Services: scpbradserv => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKLM\...\StartupApproved\Run32: => "Adobe CCXProcess"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-3439908664-1470252025-331894347-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\WINDOWS\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{2E936FB9-F1B0-4AE5-B916-BBC110475E8D}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{AAAFC81F-FAD5-4387-8BD7-FED87E222CDE}C:\program files\google\chrome\application\chrome.exe] => (Block) C:\program files\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{882D42A0-4359-47BC-910E-B0275B25ACAA}C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe] => (Allow) C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe
FirewallRules: [UDP Query User{7AB45F9F-B65D-4129-8117-90EC8C7642FC}C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe] => (Allow) C:\arquivos de programas rfb\irpf2021\java-runtime\bin\javaw.exe
FirewallRules: [{88459DA8-B9C7-45C0-8EEE-A6E86632CA0F}] => (Allow) C:\Users\Kaka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7F3A20F2-A5E7-4D2A-8FC3-58991570446E}] => (Allow) C:\Users\Kaka\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{82AECD36-8E59-4967-9169-21B058444AB9}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{79630C1D-C8B0-4412-8518-531CBD30AA28}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9FA6CB2C-E0D8-4AF1-B6DD-82EE22591F4F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5067841A-26C1-4EDB-9AB6-2123E856B432}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B3EB1505-5F7F-4270-9621-BB6F9EC185ED}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D7A3B4B6-738B-4942-8FD4-218675B53666}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{87414145-B755-42DF-B4FB-4667467D72B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{51FB5318-D4AE-4BEC-950C-6DBE759FB2FB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{22F10A09-0E62-402C-95E8-3B24FEE12D97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{377EA868-DD3E-4927-945B-44A7A9F41CAC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{50665C73-D273-4A25-A3CA-FAE302167306}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A60ED942-8E9B-4CD8-BE3C-5420DBF476E2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{581BA072-C681-48A9-893D-A5298CF156E6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.172.439.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)

==================== Pontos de Restauração =========================

26-10-2021 18:17:32 Instalador de Módulos do Windows
26-10-2021 18:29:15 Instalador de Módulos do Windows
26-10-2021 18:32:32 Instalador de Módulos do Windows
01-11-2021 13:18:17 ZHPcleaner
04-11-2021 11:53:03 Removed Apple Software Update
04-11-2021 12:18:14 Removed QuickTime 7
12-11-2021 11:30:00 Removed QuickTime 7
12-11-2021 11:47:53 Removed QuickTime 7
12-11-2021 12:51:05 Instalador de Módulos do Windows
12-11-2021 14:17:04 Instalador de Módulos do Windows
13-11-2021 12:44:44 Restauracao1 13/11/21
13-11-2021 13:09:55 Restauraçao 13/11/21
13-11-2021 14:00:24 Removed Suporte para Aplicativos Apple

==================== Dispositivos Apresentando Falhas No Gerenciador ============

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (11/16/2021 09:26:46 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo C:\Windows\System32\prntvpt.dll por um destes motivos:
há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente.
O Windows fechou o programa Spooler SubSystem App por causa desse erro.

Programa: Spooler SubSystem App
Arquivo: C:\Windows\System32\prntvpt.dll

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: C000009C
Tipo de disco: 3

Error: (11/16/2021 09:26:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: spoolsv.exe, versão: 10.0.19041.1288, carimbo de data/hora: 0x025024ad
Nome do módulo com falha: ntdll.dll, versão: 10.0.19041.1288, carimbo de data/hora: 0xa280d1d6
Código de exceção: 0xc0000006
Deslocamento da falha: 0x0000000000017a0b
ID do processo com falha: 0x2138
Hora de início do aplicativo com falha: 0x01d7db49be616fad
Caminho do aplicativo com falha: C:\WINDOWS\System32\spoolsv.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: e10cc5b2-ec5c-4070-8db9-04ef4ea7a287
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (11/16/2021 09:26:16 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo C:\Windows\System32\prntvpt.dll por um destes motivos:
há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente.
O Windows fechou o programa Spooler SubSystem App por causa desse erro.

Programa: Spooler SubSystem App
Arquivo: C:\Windows\System32\prntvpt.dll

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: C000009C
Tipo de disco: 3

Error: (11/16/2021 09:26:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: spoolsv.exe, versão: 10.0.19041.1288, carimbo de data/hora: 0x025024ad
Nome do módulo com falha: ntdll.dll, versão: 10.0.19041.1288, carimbo de data/hora: 0xa280d1d6
Código de exceção: 0xc0000006
Deslocamento da falha: 0x0000000000017a0b
ID do processo com falha: 0xf70
Hora de início do aplicativo com falha: 0x01d7db49aa5f2845
Caminho do aplicativo com falha: C:\WINDOWS\System32\spoolsv.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: 5593ab80-0454-4bfb-8186-1b1fae2ccfbf
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (11/16/2021 09:25:41 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo C:\Windows\System32\prntvpt.dll por um destes motivos:
há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente.
O Windows fechou o programa Spooler SubSystem App por causa desse erro.

Programa: Spooler SubSystem App
Arquivo: C:\Windows\System32\prntvpt.dll

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: C000009C
Tipo de disco: 3

Error: (11/16/2021 09:25:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: spoolsv.exe, versão: 10.0.19041.1288, carimbo de data/hora: 0x025024ad
Nome do módulo com falha: ntdll.dll, versão: 10.0.19041.1288, carimbo de data/hora: 0xa280d1d6
Código de exceção: 0xc0000006
Deslocamento da falha: 0x0000000000017a0b
ID do processo com falha: 0x45c
Hora de início do aplicativo com falha: 0x01d7db4997f54423
Caminho do aplicativo com falha: C:\WINDOWS\System32\spoolsv.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: 31536dd3-5910-43b4-923b-e95eaf4fb15b
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Error: (11/16/2021 09:25:09 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: O Windows não pode acessar o arquivo C:\Windows\System32\prntvpt.dll por um destes motivos:
há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento
instalados neste computador, ou o disco está ausente.
O Windows fechou o programa Spooler SubSystem App por causa desse erro.

Programa: Spooler SubSystem App
Arquivo: C:\Windows\System32\prntvpt.dll

O valor do erro está listado na seção Dados Adicionais.
Ação do Usuário
1. Abra o arquivo novamente.
Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente.
2.
Se o arquivo ainda não puder ser acessado e
- não estiver na rede,
o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado.
- Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador.
3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER.
4. Se o problema persistir, restaure o arquivo de uma cópia de backup.
5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para
obter assistência adicional.

Dados Adicionais
Valor do erro: C000009C
Tipo de disco: 3

Error: (11/16/2021 09:25:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: spoolsv.exe, versão: 10.0.19041.1288, carimbo de data/hora: 0x025024ad
Nome do módulo com falha: ntdll.dll, versão: 10.0.19041.1288, carimbo de data/hora: 0xa280d1d6
Código de exceção: 0xc0000006
Deslocamento da falha: 0x0000000000017a0b
ID do processo com falha: 0xeb4
Hora de início do aplicativo com falha: 0x01d7db4987214bc2
Caminho do aplicativo com falha: C:\WINDOWS\System32\spoolsv.exe
Caminho do módulo com falha: C:\WINDOWS\SYSTEM32\ntdll.dll
ID do Relatório: 4d3e3be5-bbd1-429b-b09e-220c517ff9bf
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

Erros de Sistema:
=============
Error: (11/16/2021 09:26:44 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Error: (11/16/2021 09:26:42 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Error: (11/16/2021 09:26:40 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Error: (11/16/2021 09:26:38 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Error: (11/16/2021 09:26:36 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Error: (11/16/2021 09:26:34 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Error: (11/16/2021 09:26:32 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Error: (11/16/2021 09:26:30 PM) (Source: disk) (EventID: 7) (User: )
Description: O dispositivo, \Device\Harddisk0\DR0, possui um setor defeituoso.

Windows Defender:
================
Date: 2021-10-31 15:24:15
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {EE6BB954-AA44-4425-84D8-7DE8288DA9A0}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-10-26 20:52:42
Description:
Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado.
Para obter mais informações, veja a seguir:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Emotet!ml&threatid=2147748173&enterprise=0
Nome: Trojan:Win32/Emotet!ml
Gravidade: Grave
Categoria: Cavalo de Tróia
Caminho: containerfile:_C:\Users\Kaka\insólito\qq.zip; file:_C:\Users\Kaka\insólito\qq.zip->nvImage.dll
Origem da Detecção: Computador local
Tipo da Detecção: FastPath
Fonte da Detecção: Usuário
Usuário: Kaka-PC\Kaka
Nome do Processo: Unknown
Versão da Inteligência de Segurança: AV: 1.351.1123.0, AS: 1.351.1123.0, NIS: 1.351.1123.0
Versão do Mecanismo: AM: 1.1.18600.4, NIS: 1.1.18600.4

Date: 2021-10-26 17:41:56
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {D0449389-B027-4366-A95A-3418A9DEF88F}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SERVIÇO DE REDE

Date: 2021-10-23 20:52:40
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {F084E128-8858-41EF-9491-13439A48FCCE}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SISTEMA

Date: 2021-10-22 17:31:00
Description:
O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão.
ID do Exame: {71B56C2B-B7E9-4A4B-ABEB-5243F91FBBBB}
Tipo de Exame: Antimalware
Parâmetros do Exame: Verificação Rápida
Usuário: AUTORIDADE NT\SERVIÇO DE REDE
Event[0]:

Date: 2021-11-16 17:54:01
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.353.986.0
Fonte da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SERVIÇO DE REDE
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.18700.4
Código de Erro: 0x80070020
Descrição do Erro: O arquivo já está sendo usado por outro processo.

Date: 2021-11-16 17:54:01
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.353.986.0
Fonte da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo da Inteligência de Segurança: Anti-spyware
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SERVIÇO DE REDE
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.18700.4
Código de Erro: 0x80070020
Descrição do Erro: O arquivo já está sendo usado por outro processo.

Date: 2021-11-16 17:54:01
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.353.986.0
Fonte da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SERVIÇO DE REDE
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.18700.4
Código de Erro: 0x80070020
Descrição do Erro: O arquivo já está sendo usado por outro processo.

Date: 2021-11-16 17:13:09
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.353.986.0
Fonte da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SERVIÇO DE REDE
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.18700.4
Código de Erro: 0x80070102
Descrição do Erro: O tempo limite de espera foi atingido.

Date: 2021-11-11 19:58:11
Description:
Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança.
Nova Versão da Inteligência de Segurança:
Versão da Inteligência de Segurança anterior: 1.353.652.0
Fonte da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo da Inteligência de Segurança: Antivírus
Tipo da atualização: Completa
Usuário: AUTORIDADE NT\SERVIÇO DE REDE
Versão Atual do Mecanismo:
Versão Anterior do Mecanismo: 1.1.18700.4
Código de Erro: 0x80070102
Descrição do Erro: O tempo limite de espera foi atingido.

CodeIntegrity:
===============
Date: 2021-11-13 16:00:27
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Informações da Memória ===========================

BIOS: American Megatrends Inc. F14 04/17/2013
placa-mãe: Gigabyte Technology Co., Ltd. B75M-D3H
Processador: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentagem de memória em uso: 43%
RAM física total: 8137.74 MB
RAM física disponível: 4606.08 MB
Virtual Total: 16329.74 MB
Virtual disponível: 11969.49 MB

==================== Drives ================================

Drive () (Fixed) (Total:465.6 GB) (Free:306.11 GB) NTFS
Drive z: () (Fixed) (Total:0.16 GB) (Free:0.13 GB) FAT32

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6029638E)

Partition: GPT.

==================== Fim de Addition.txt =======================

Elias Pereira · 23 de novembro de 2021

@KakaSantos

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {01C6B36D-0D60-4B62-B78D-ABA9EBC3F035} - System32\Tasks\CCleanerSkipUAC - Kaka => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {070330DE-FAFE-4F2D-873C-5B4D2ACF4843} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Nenhum Arquivo)
Task: {087FE0D1-2E27-437D-872A-4E2A4514F337} - System32\Tasks\{2B271AD6-2CDB-46D2-9857-7D1C30B79606} => C:\Windows\system32\pcalua.exe -a C:\Users\Kaka\Desktop\Atheros\setup.exe -d C:\Users\Kaka\Desktop\Atheros
Task: {0C3C4557-6D20-4E89-B5A0-10B45DA4349E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (Nenhum Arquivo)
Task: {10CC58BF-46AE-4C78-B5EB-F1C072047FF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {16A92A74-5047-43EA-A9D0-EAC4A2B6A468} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (Nenhum Arquivo)
Task: {16C311BD-0160-49BB-B159-8F414F3696B3} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {1725E09A-8745-4716-97C4-D58163ECF2D8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (Nenhum Arquivo)
Task: {1D8FF228-A7B3-4623-8D33-B4DD0890D810} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (Nenhum Arquivo)
Task: {2370E69F-2A76-414F-A068-012265B0653E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [Arquivo não assinado]
Task: {2BE2BEA5-B214-407D-990F-676B52FA5ACD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (Nenhum Arquivo)
Task: {392B3EAA-79C3-4618-8A3A-04BE77A66629} - System32\Tasks\{80381077-9AE3-49C0-9AAF-3BB1682AE9FD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}\setup.exe" -c -runfromtemp -l0x0416 -removeonly
Task: {418DC5F2-1B8B-44BF-A677-2F1E089D996A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4F0BE499-9CE6-484D-A590-3B0AA802BB52} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {5187B438-0A8D-48C9-9AFF-8042F46ABFF1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (Nenhum Arquivo)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {62226D0B-DB59-40AE-87DC-C33920102327} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-10-14] () [Arquivo não assinado]
Task: {62E0EB2F-1D59-474C-97F1-F36DDCC50FD5} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (Nenhum Arquivo)
Task: {6744419E-6075-4160-A2BC-A9DF037118A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {68D6F227-C9C8-408C-A35D-0590F9A9D1AE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (Nenhum Arquivo)
Task: {6A0B7A24-B0F3-4066-B299-A90103BADBD0} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {7158BE07-2C75-4CAA-9353-018447B08331} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314824 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {777B6E4D-F85A-4697-BC7F-DCE078D730D0} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {87B85FE1-D6B9-48C7-BEAB-F3223F1280DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (Nenhum Arquivo)
Task: {8D3B8A5E-366A-4DA1-B493-B8F7151AB219} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (Nenhum Arquivo)
Task: {8F22CC8A-DBA6-477B-9C90-7D9149FDE29C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {96B4F296-3AF2-4734-8C88-32C9D8E32665} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (Nenhum Arquivo)
Task: {99C3E9F1-514D-4213-80A7-B64AEC8DEF29} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B364E99-BFED-4504-8A92-87AEBA232A85} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (Nenhum Arquivo)
Task: {A7451315-F0DF-4C00-9CC8-3046E8F00B55} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (Nenhum Arquivo)
Task: {AD8F1369-6019-437D-9EF6-C3AEF71926DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {AE926E5C-73F0-4875-8A26-AF4464EA2380} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (Nenhum Arquivo)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B0DB17F9-C3FC-4C37-91F4-BEA29DBAB83B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6E07F63-6822-402B-ACA1-A4DDC5906233} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {C1376B8C-A19E-4C5B-A779-16F082008D82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {C657111D-DB4E-4080-B2A2-D074236C900D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (Nenhum Arquivo)
Task: {C8099BF5-3246-432E-8C16-731BBE10A5E8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {C851D3C6-1F80-41A3-BAC1-E49484AF1266} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Nenhum Arquivo)
Task: {C94CE6AE-BC92-4072-B923-A1B7D906AC11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D3BCD7FE-C2AA-4352-90F1-605DD1878ABD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (Nenhum Arquivo)
Task: {D45E0B19-0475-4001-B63D-105962763D4B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (Nenhum Arquivo)
Task: {E0CFCF8A-94F9-40B1-BB84-B3EC2AD80D03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314824 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3796FFF-39CE-426E-BEE5-966C18C1FC50} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (Nenhum Arquivo)
Task: {E6DCE9B2-5069-4F36-982B-58B5E254F22E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (Nenhum Arquivo)
Task: {E6F1B631-9D96-4B10-ADF8-593E9E606A98} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7FC3818-BB30-47B4-A5C9-EF57F7B712E1} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [Arquivo não assinado]
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
File: C:\WINDOWS\SYSTEM32\prntvpt.dll
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

Clique no botão

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

KakaSantos · 23 de novembro de 2021

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-11-2021
Executado por Kaka (23-11-2021 00:27:30) Run:1
Executando a partir de C:\Users\Kaka\Desktop
Perfis Carregados: Kaka
Modo da Inicialização: Normal
==============================================

fixlist Conteúdo:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {01C6B36D-0D60-4B62-B78D-ABA9EBC3F035} - System32\Tasks\CCleanerSkipUAC - Kaka => C:\Program Files\CCleaner\CCleaner.exe [29200512 2021-10-19] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {070330DE-FAFE-4F2D-873C-5B4D2ACF4843} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Nenhum Arquivo)
Task: {087FE0D1-2E27-437D-872A-4E2A4514F337} - System32\Tasks\{2B271AD6-2CDB-46D2-9857-7D1C30B79606} => C:\Windows\system32\pcalua.exe -a C:\Users\Kaka\Desktop\Atheros\setup.exe -d C:\Users\Kaka\Desktop\Atheros
Task: {0C3C4557-6D20-4E89-B5A0-10B45DA4349E} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (Nenhum Arquivo)
Task: {10CC58BF-46AE-4C78-B5EB-F1C072047FF5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {16A92A74-5047-43EA-A9D0-EAC4A2B6A468} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (Nenhum Arquivo)
Task: {16C311BD-0160-49BB-B159-8F414F3696B3} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {1725E09A-8745-4716-97C4-D58163ECF2D8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (Nenhum Arquivo)
Task: {1D8FF228-A7B3-4623-8D33-B4DD0890D810} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (Nenhum Arquivo)
Task: {2370E69F-2A76-414F-A068-012265B0653E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [Arquivo não assinado]
Task: {2BE2BEA5-B214-407D-990F-676B52FA5ACD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (Nenhum Arquivo)
Task: {392B3EAA-79C3-4618-8A3A-04BE77A66629} - System32\Tasks\{80381077-9AE3-49C0-9AAF-3BB1682AE9FD} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}\setup.exe" -c -runfromtemp -l0x0416 -removeonly
Task: {418DC5F2-1B8B-44BF-A677-2F1E089D996A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4F0BE499-9CE6-484D-A590-3B0AA802BB52} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {5187B438-0A8D-48C9-9AFF-8042F46ABFF1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (Nenhum Arquivo)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {62226D0B-DB59-40AE-87DC-C33920102327} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1907712 2021-10-14] () [Arquivo não assinado]
Task: {62E0EB2F-1D59-474C-97F1-F36DDCC50FD5} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (Nenhum Arquivo)
Task: {6744419E-6075-4160-A2BC-A9DF037118A8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {68D6F227-C9C8-408C-A35D-0590F9A9D1AE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (Nenhum Arquivo)
Task: {6A0B7A24-B0F3-4066-B299-A90103BADBD0} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {7158BE07-2C75-4CAA-9353-018447B08331} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314824 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {777B6E4D-F85A-4697-BC7F-DCE078D730D0} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {87B85FE1-D6B9-48C7-BEAB-F3223F1280DA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (Nenhum Arquivo)
Task: {8D3B8A5E-366A-4DA1-B493-B8F7151AB219} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (Nenhum Arquivo)
Task: {8F22CC8A-DBA6-477B-9C90-7D9149FDE29C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {96B4F296-3AF2-4734-8C88-32C9D8E32665} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (Nenhum Arquivo)
Task: {99C3E9F1-514D-4213-80A7-B64AEC8DEF29} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9B364E99-BFED-4504-8A92-87AEBA232A85} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (Nenhum Arquivo)
Task: {A7451315-F0DF-4C00-9CC8-3046E8F00B55} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (Nenhum Arquivo)
Task: {AD8F1369-6019-437D-9EF6-C3AEF71926DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {AE926E5C-73F0-4875-8A26-AF4464EA2380} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (Nenhum Arquivo)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B0DB17F9-C3FC-4C37-91F4-BEA29DBAB83B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6E07F63-6822-402B-ACA1-A4DDC5906233} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {C1376B8C-A19E-4C5B-A779-16F082008D82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-02-09] (Google LLC -> Google LLC)
Task: {C657111D-DB4E-4080-B2A2-D074236C900D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (Nenhum Arquivo)
Task: {C8099BF5-3246-432E-8C16-731BBE10A5E8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-10-19] (Piriform Software Ltd -> Piriform)
Task: {C851D3C6-1F80-41A3-BAC1-E49484AF1266} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Nenhum Arquivo)
Task: {C94CE6AE-BC92-4072-B923-A1B7D906AC11} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D3BCD7FE-C2AA-4352-90F1-605DD1878ABD} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (Nenhum Arquivo)
Task: {D45E0B19-0475-4001-B63D-105962763D4B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (Nenhum Arquivo)
Task: {E0CFCF8A-94F9-40B1-BB84-B3EC2AD80D03} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8314824 2021-11-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3796FFF-39CE-426E-BEE5-966C18C1FC50} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (Nenhum Arquivo)
Task: {E6DCE9B2-5069-4F36-982B-58B5E254F22E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (Nenhum Arquivo)
Task: {E6F1B631-9D96-4B10-ADF8-593E9E606A98} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7FC3818-BB30-47B4-A5C9-EF57F7B712E1} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe [338944 2019-10-10] (Microsoft Corporation) [Arquivo não assinado]
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
File: C:\WINDOWS\SYSTEM32\prntvpt.dll
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01C6B36D-0D60-4B62-B78D-ABA9EBC3F035}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01C6B36D-0D60-4B62-B78D-ABA9EBC3F035}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleanerSkipUAC - Kaka => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC - Kaka" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{070330DE-FAFE-4F2D-873C-5B4D2ACF4843}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{070330DE-FAFE-4F2D-873C-5B4D2ACF4843}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\InstallPlayReady" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{087FE0D1-2E27-437D-872A-4E2A4514F337}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{087FE0D1-2E27-437D-872A-4E2A4514F337}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\{2B271AD6-2CDB-46D2-9857-7D1C30B79606} => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B271AD6-2CDB-46D2-9857-7D1C30B79606}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3C4557-6D20-4E89-B5A0-10B45DA4349E}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3C4557-6D20-4E89-B5A0-10B45DA4349E}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\DispatchRecoveryTasks" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{10CC58BF-46AE-4C78-B5EB-F1C072047FF5}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10CC58BF-46AE-4C78-B5EB-F1C072047FF5}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16A92A74-5047-43EA-A9D0-EAC4A2B6A468}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16A92A74-5047-43EA-A9D0-EAC4A2B6A468}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ConfigureInternetTimeService" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{16C311BD-0160-49BB-B159-8F414F3696B3}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16C311BD-0160-49BB-B159-8F414F3696B3}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\AutoWake => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1725E09A-8745-4716-97C4-D58163ECF2D8}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1725E09A-8745-4716-97C4-D58163ECF2D8}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D8FF228-A7B3-4623-8D33-B4DD0890D810}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D8FF228-A7B3-4623-8D33-B4DD0890D810}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2370E69F-2A76-414F-A068-012265B0653E}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2370E69F-2A76-414F-A068-012265B0653E}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\End Of Support\Notify2" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BE2BEA5-B214-407D-990F-676B52FA5ACD}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BE2BEA5-B214-407D-990F-676B52FA5ACD}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{392B3EAA-79C3-4618-8A3A-04BE77A66629}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{392B3EAA-79C3-4618-8A3A-04BE77A66629}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\{80381077-9AE3-49C0-9AAF-3BB1682AE9FD} => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{80381077-9AE3-49C0-9AAF-3BB1682AE9FD}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{418DC5F2-1B8B-44BF-A677-2F1E089D996A}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{418DC5F2-1B8B-44BF-A677-2F1E089D996A}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\MobilePC\HotStart => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControlsMigration" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4F0BE499-9CE6-484D-A590-3B0AA802BB52}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F0BE499-9CE6-484D-A590-3B0AA802BB52}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5187B438-0A8D-48C9-9AFF-8042F46ABFF1}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5187B438-0A8D-48C9-9AFF-8042F46ABFF1}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscovery" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\WindowsParentalControls" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62226D0B-DB59-40AE-87DC-C33920102327}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62226D0B-DB59-40AE-87DC-C33920102327}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\klcp_update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klcp_update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62E0EB2F-1D59-474C-97F1-F36DDCC50FD5}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62E0EB2F-1D59-474C-97F1-F36DDCC50FD5}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ReindexSearchRoot" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6744419E-6075-4160-A2BC-A9DF037118A8}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6744419E-6075-4160-A2BC-A9DF037118A8}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cleanup" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68D6F227-C9C8-408C-A35D-0590F9A9D1AE}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68D6F227-C9C8-408C-A35D-0590F9A9D1AE}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RegisterSearch" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6A0B7A24-B0F3-4066-B299-A90103BADBD0}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A0B7A24-B0F3-4066-B299-A90103BADBD0}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7158BE07-2C75-4CAA-9353-018447B08331}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7158BE07-2C75-4CAA-9353-018447B08331}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack2016" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{777B6E4D-F85A-4697-BC7F-DCE078D730D0}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{777B6E4D-F85A-4697-BC7F-DCE078D730D0}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87B85FE1-D6B9-48C7-BEAB-F3223F1280DA}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87B85FE1-D6B9-48C7-BEAB-F3223F1280DA}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D3B8A5E-366A-4DA1-B493-B8F7151AB219}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D3B8A5E-366A-4DA1-B493-B8F7151AB219}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW1" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F22CC8A-DBA6-477B-9C90-7D9149FDE29C}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F22CC8A-DBA6-477B-9C90-7D9149FDE29C}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96B4F296-3AF2-4734-8C88-32C9D8E32665}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96B4F296-3AF2-4734-8C88-32C9D8E32665}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ActivateWindowsSearch" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99C3E9F1-514D-4213-80A7-B64AEC8DEF29}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99C3E9F1-514D-4213-80A7-B64AEC8DEF29}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B364E99-BFED-4504-8A92-87AEBA232A85}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B364E99-BFED-4504-8A92-87AEBA232A85}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7451315-F0DF-4C00-9CC8-3046E8F00B55}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7451315-F0DF-4C00-9CC8-3046E8F00B55}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD8F1369-6019-437D-9EF6-C3AEF71926DC}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD8F1369-6019-437D-9EF6-C3AEF71926DC}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE926E5C-73F0-4875-8A26-AF4464EA2380}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE926E5C-73F0-4875-8A26-AF4464EA2380}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrRecoveryTask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0DB17F9-C3FC-4C37-91F4-BEA29DBAB83B}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0DB17F9-C3FC-4C37-91F4-BEA29DBAB83B}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6E07F63-6822-402B-ACA1-A4DDC5906233}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6E07F63-6822-402B-ACA1-A4DDC5906233}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Feature Updates => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1376B8C-A19E-4C5B-A779-16F082008D82}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1376B8C-A19E-4C5B-A779-16F082008D82}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C657111D-DB4E-4080-B2A2-D074236C900D}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C657111D-DB4E-4080-B2A2-D074236C900D}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C8099BF5-3246-432E-8C16-731BBE10A5E8}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C8099BF5-3246-432E-8C16-731BBE10A5E8}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\CCleaner Update => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C851D3C6-1F80-41A3-BAC1-E49484AF1266}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C851D3C6-1F80-41A3-BAC1-E49484AF1266}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PBDADiscoveryW2" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C94CE6AE-BC92-4072-B923-A1B7D906AC11}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C94CE6AE-BC92-4072-B923-A1B7D906AC11}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Verification" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D3BCD7FE-C2AA-4352-90F1-605DD1878ABD}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3BCD7FE-C2AA-4352-90F1-605DD1878ABD}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\RecordingRestart" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D45E0B19-0475-4001-B63D-105962763D4B}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D45E0B19-0475-4001-B63D-105962763D4B}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E0CFCF8A-94F9-40B1-BB84-B3EC2AD80D03}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0CFCF8A-94F9-40B1-BB84-B3EC2AD80D03}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn2016" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3796FFF-39CE-426E-BEE5-966C18C1FC50}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3796FFF-39CE-426E-BEE5-966C18C1FC50}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PeriodicScanRetry" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6DCE9B2-5069-4F36-982B-58B5E254F22E}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6DCE9B2-5069-4F36-982B-58B5E254F22E}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6F1B631-9D96-4B10-ADF8-593E9E606A98}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6F1B631-9D96-4B10-ADF8-593E9E606A98}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E7FC3818-BB30-47B4-A5C9-EF57F7B712E1}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7FC3818-BB30-47B4-A5C9-EF57F7B712E1}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\End Of Support\Notify1" => removido (a) com sucesso.
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => movido com sucesso
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removido (a) com sucesso.
"BVTFilter" => removido (a) com sucesso.
"BVTConsumer" => removido (a) com sucesso.

========================= File: C:\WINDOWS\SYSTEM32\prntvpt.dll ========================

C:\WINDOWS\SYSTEM32\prntvpt.dll
Arquivo não assinado
MD5: ADDE39A0B25859FF2DA6629E71E33A11
Data de criação e modificação: 2021-02-15 10:57 - 2021-02-15 10:57
Tamanho: 000182272
Atributos: ----A
Nome Da Empresa: Microsoft Corporation
Interno Nome: prntvpt.dll
Original Nome: prntvpt.dll
Produto: Microsoft® Windows® Operating System
Descrição: Print Ticket Services Module
Arquivo Versão: 10.0.19041.746 (WinBuild.160101.0800)
Produto Versão: 10.0.19041.746
Copyright: © Microsoft Corporation. All rights reserved.
VirusTotal: 0

====== Fim de File: ======

========= ipconfig /flushdns =========

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========= Fim de CMD: =========

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.
"HKU\S-1-5-21-3439908664-1470252025-331894347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso.
"HKU\S-1-5-21-3439908664-1470252025-331894347-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso.

========= Fim de RemoveProxy: =========

Ponto de Restauração criado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21134862 B
Java, Flash, Steam htmlcache => 1156 B
Windows/system/drivers => 462210853 B
Edge => 0 B
Chrome => 459249651 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 349967072 B
Kaka => 435918961 B

RecycleBin => 2386871 B
EmptyTemp: => 1.6 GB de dados temporários Removidos.

================================

O sistema precisou ser reiniciado.

==== Fim de Fixlog 00:44:36 ====

Elias Pereira · 23 de novembro de 2021

@KakaSantos

A principio não tinha nada de mais nas remoções que eu solicitei nesse ultima etapa.

Se a lentidão continua, sugiro verificar por problemas de memoria e HD.

Em relação a malwares, não temos mais problemas.

MANTENHA O SO ATUALIZADO:
Mantenha como "automatica" as atualizações do windows. Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações. Por isso é fundamental manter o seu sistema atualizado.

Se não tiver mais problema em relação a malwares, clique em Denunciar Post localizado no topo da pagina e diga que seu topico está RESOLVIDO. Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do CdH.

Elias Pereira · 10 de dezembro de 2021

Problema resolvido!

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com um Analista de Segurança ou Coordenador solicitando o desbloqueio.