Annluciap
Members-
Total de itens
454 -
Registro em
-
Última visita
Reputação
0 ComumSobre Annluciap
Informações Pessoais
-
Sexo
Indefinido
-
[Resolvido] PC lento
Annluciap respondeu ao tópico de Annluciap em Tópicos Resolvidos (Seguranca & Malwares)
Boa tarde, DigRam! Agora está tudo ok com o computador. Muitíssimo obrigada pelo auxílio. -
[Resolvido] PC lento
Annluciap respondeu ao tópico de Annluciap em Tópicos Resolvidos (Seguranca & Malwares)
Boa noite, DigRam! Procedimentos executados, conforme log abaixo: # Run at 14/09/2022 23:25:07 # KpRm (Kernel-panik) version 2.9.3 # Website https://kernel-panik.me/tool/kprm/ # Run by usuario from C:\Users\Ana\Desktop # Computer Name: DESKTOP-HTI9PPS # OS: Windows 10 X64 (19044) # Number of passes: 1 - Checked options - ~ Delete Tools ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines - Delete Tools - ## FRST [OK] \FRST deleted - Clear Restore Points - ~ [OK] RP named Instalador de Módulos do Windows created at 08/27/2022 16:46:28 deleted [OK] All system restore points have been successfully deleted - Create Restore Point - [OK] System Restore Point created - Display System Restore Point - ~ RP named KpRm created at 09/15/2022 02:26:05 -- KPRM finished in 249.31s -- Muito obrigada novamente! -
[Resolvido] PC lento
Annluciap respondeu ao tópico de Annluciap em Tópicos Resolvidos (Seguranca & Malwares)
Boa noite, DigRam! Agradeço o pronto retorno. Segue o log: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 30-08-2022 Executado por usuario (12-09-2022 22:21:06) Run:2 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: usuario & Ivan & Ana & Administrador Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** Start:: C:\Program Files\Avast Software\Avast\aswAMSI.dll C:\Program Files\Avast Software\Avast C:\Program Files\Avast Software 2022-09-07 22:46 - 2022-06-07 10:57 - 000000000 ____D C:\Users\Ivan\AppData\Local\Avast Software 2022-09-07 22:46 - 2022-06-03 12:52 - 000000000 ____D C:\ProgramData\Avast Software ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe (Nenhum Arquivo) CMD: net start vss CMD: sfc /scannow EmptyTemp: End:: ***************** "C:\Program Files\Avast Software\Avast\aswAMSI.dll" => não encontrado (a) "C:\Program Files\Avast Software\Avast" => não encontrado (a) "C:\Program Files\Avast Software" => não encontrado (a) C:\Users\Ivan\AppData\Local\Avast Software => movido com sucesso C:\ProgramData\Avast Software => movido com sucesso "C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe" => não encontrado (a) ========= net start vss ========= O servi‡o de C¢pia de Sombra de Volume est sendo iniciado. O servi‡o de C¢pia de Sombra de Volume foi iniciado com ˆxito. ========= Fim de CMD: ========= ========= sfc /scannow ========= Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído. Iniciando fase de verificação de verificação do sistema. Verificação 0% concluída. Verificação 1% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 99% concluída. Verificação 100% concluída. A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito. Para reparos online, os detalhes são incluídos no arquivo de log CBS localizado em windir\Logs\CBS\CBS.log. Por exemplo, C:\Windows\Logs\CBS\CBS.log. Para reparos offline, os detalhes são incluídos no arquivo de log fornecido pelo sinalizador /OFFLOGFILE. ========= Fim de CMD: ========= =========== EmptyTemp: ========== FlushDNS => completado BITS transfer queue => 1572864 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27350912 B Java, Discord, Steam htmlcache => 0 B Windows/system/drivers => 522662616 B Edge => 0 B Chrome => 8272285 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 30538 B NetworkService => 58480 B usuario => 235985736 B Ivan => 297342968 B Ana => 475909882 B Administrador => 518897128 B RecycleBin => 482949 B EmptyTemp: => 1.9 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 22:43:29 ==== Obrigada. -
[Resolvido] PC lento
Annluciap respondeu ao tópico de Annluciap em Tópicos Resolvidos (Seguranca & Malwares)
Boa noite, DigRam! Sim, desinstalei o AVAST. Seguem os logs da FRST. Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 30-08-2022 Executado por usuario (11-09-2022 21:33:22) Executando a partir de C:\Users\Ana\Desktop Microsoft Windows 10 Pro Versão 21H2 19044.1889 (X64) (2022-06-03 04:27:41) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-1607871373-324708402-1829963724-500 - Administrator - Disabled) => C:\Users\Administrador Ana (S-1-5-21-1607871373-324708402-1829963724-1004 - Limited - Enabled) => C:\Users\Ana Convidado (S-1-5-21-1607871373-324708402-1829963724-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1607871373-324708402-1829963724-503 - Limited - Disabled) Ivan (S-1-5-21-1607871373-324708402-1829963724-1002 - Limited - Enabled) => C:\Users\Ivan usuario (S-1-5-21-1607871373-324708402-1829963724-1001 - Administrator - Enabled) => C:\Users\usuario WDAGUtilityAccount (S-1-5-21-1607871373-324708402-1829963724-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.102 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden LibreOffice 7.3.4.2 (HKLM\...\{C9090ED0-F3EE-4FF2-A3E1-0F2598FC7107}) (Version: 7.3.4.2 - The Document Foundation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.33 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.33 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1607871373-324708402-1829963724-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1607871373-324708402-1829963724-1002\...\OneDriveSetup.exe) (Version: 22.166.0807.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1607871373-324708402-1829963724-1004\...\OneDriveSetup.exe) (Version: 22.166.0807.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1607871373-324708402-1829963724-500\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 104.0.1 (x64 pt-BR)) (Version: 104.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 101.0 - Mozilla) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.) VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation) Packages: ========= Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.33.1.0_x64__6rarf9sa4v8jt [2022-07-21] (Disney) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-21] (Spotify AB) [Startup Task] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2022-06-02 22:41 - 2022-06-02 22:33 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1607871373-324708402-1829963724-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\usuario\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg HKU\S-1-5-21-1607871373-324708402-1829963724-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg HKU\S-1-5-21-1607871373-324708402-1829963724-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg HKU\S-1-5-21-1607871373-324708402-1829963724-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 181.213.132.4 - 181.213.132.5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{9ED7F1AD-A841-4C06-ADCE-7B53934E6508}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{A5966836-EA2B-4748-A278-0266A050293B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4E77945E-7AE6-4AC9-B3BE-050E855E4091}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C85D41C2-3040-4716-8F5E-243B803CAAF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5F25F6BA-B5D3-429E-8E4D-75260FE09651}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0FC8DA75-4468-4F9F-B974-BDE669BECE19}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{77220A3A-0A96-41AE-949C-4553FE73E6E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E6DC7F5D-38BA-404F-BE50-12423135001C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D3CDBCA9-376D-4705-A145-A845DCFF3A08}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{320CEC17-2B34-45EB-8F4E-DA08D820AAD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{953C5E34-CEAA-4F7E-8297-1C2FA5C6F48D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{49B67BD3-763F-4F73-B634-CCA3F44EE158}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7592B8C9-AF6D-4C88-BAA6-7D2E78A6FD35}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9DE62BBE-B7D7-488B-8AFE-7DF0B361776C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{101BFF52-7E4F-46FF-A3B6-9ED1307A5C0E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{9782DCDA-AA49-4A87-B57B-DCCAE7339AC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7A400715-347E-4729-A865-509540A02A50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{61DCA21F-6C5E-419D-9773-0BA15B058F78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{180BBF31-D1D0-4EAB-B282-025139A5AB95}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{14C833D8-E804-41EE-BC68-101ACB777EEA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AB4159D7-F56D-458B-B1BF-830F15E7A0DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1F018551-B242-45BC-BC10-B553718CB2D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2B1B6495-B026-4AF8-AFDC-9C595A093A40}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{71313888-3EEE-486B-BE25-0DD13B38DEB7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.33\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Pontos de Restauração ========================= 27-08-2022 13:46:28 Instalador de Módulos do Windows ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (09/07/2022 10:45:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Error: (09/07/2022 10:45:00 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado. ] Error: (09/07/2022 10:45:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Error: (09/07/2022 10:45:00 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado. ] Error: (09/07/2022 10:44:31 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina QueryFullProcessImageNameW. hr = 0x80070006, Identificador inválido. . Operação: Executando Operação Assíncrona Contexto: Estado Atual: DoSnapshotSet Error: (09/07/2022 10:42:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Tools since QueryServiceConfig API failed System Error: O sistema não pode encontrar o arquivo especificado. . Error: (09/07/2022 10:42:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed System Error: O sistema não pode encontrar o arquivo especificado. . Error: (09/07/2022 10:42:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed System Error: O sistema não pode encontrar o arquivo especificado. . Erros de Sistema: ============= Error: (09/10/2022 07:18:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor Microsoft.Windows.Photos_2022.30070.26007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca não se registrou no DCOM dentro do tempo limite necessário. Error: (09/07/2022 10:42:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço. Error: (09/07/2022 10:23:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor Microsoft.Windows.CloudExperienceHost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy!App.wwa não se registrou no DCOM dentro do tempo limite necessário. Error: (09/07/2022 06:34:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço avast! Tools. Error: (09/03/2022 09:22:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (08/29/2022 09:15:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} não se registrou no DCOM dentro do tempo limite necessário. Error: (08/29/2022 09:15:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider não se registrou no DCOM dentro do tempo limite necessário. Error: (08/20/2022 08:55:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} não se registrou no DCOM dentro do tempo limite necessário. Windows Defender: ================ Date: 2022-09-10 20:31:52 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {372E6CF3-91A5-4372-86E0-6B06E5C5BBA5} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Personalizada Usuário: DESKTOP-HTI9PPS\Ana Event[0]: Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Anti-spyware Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Anti-spyware Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido CodeIntegrity: =============== Date: 2022-09-07 21:40:40 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: Intel Corp. MUCDT10N.86A.0072.2012.0808.1512 08/08/2012 Processador: Intel(R) Atom(TM) CPU D2550 @ 1.86GHz Percentagem de memória em uso: 61% RAM física total: 4078.65 MB RAM física disponível: 1557.29 MB Virtual Total: 5230.65 MB Virtual disponível: 2713.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.2 GB) (Free:412.05 GB) (Model: WDC WD5000LPSX-75A6WT0) NTFS \\?\Volume{119ee62c-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS \\?\Volume{119ee62c-0000-0000-0000-305074000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 119EE62C) Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=519 MB) - (Type=27) ==================== Fim de Addition.txt ======================= Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 30-08-2022 Executado por usuario (administrador) em DESKTOP-HTI9PPS (OKI Brasil NT 2030) (11-09-2022 21:11:19) Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: usuario & Ana Plataforma: Microsoft Windows 10 Pro Versão 21H2 19044.1889 (X64) Idioma: Português (Brasil) Navegador padrão: Edge Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (C:\Windows\Temp\105.0.5195.102_104.0.5112.102_chrome_updater.exe143ef41e ->) (Google LLC -> Google LLC) C:\Windows\Temp\setup.exe143ef46d <2> (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google LLC -> Google LLC) C:\Windows\Temp\105.0.5195.102_104.0.5112.102_chrome_updater.exe143ef41e (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe (svchost.exe ->) (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Ana\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKU\S-1-5-21-1607871373-324708402-1829963724-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1607871373-324708402-1829963724-1002\...\Run: [MicrosoftEdgeAutoLaunch_99DFD1DBCEBA60FBA29D574434545D6C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-08] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1607871373-324708402-1829963724-1002\...\MountPoints2: {d385b256-e2fd-11ec-88f2-0040a730d4b2} - "D:\Windows/AutoRun.exe" HKU\S-1-5-21-1607871373-324708402-1829963724-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1607871373-324708402-1829963724-1004\...\MountPoints2: {d385b256-e2fd-11ec-88f2-0040a730d4b2} - "D:\Windows/AutoRun.exe" HKU\S-1-5-21-1607871373-324708402-1829963724-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.102\Installer\chrmstp.exe [2022-08-22] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk [2022-02-13] ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe (Nenhum Arquivo) ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {1DFA9538-DA23-40EF-A055-2EE2B817EFB4} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {29D9B7E3-6464-4EA4-B7E7-671648C1FB7C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3137D7CC-5C23-4652-BBA6-00FEBA800FFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2022-06-03] (Google Inc -> Google LLC) Task: {36CAB00C-E24D-45CA-A28D-4845D3FAD85E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4CF81ED3-4AB0-4EFB-AD18-3A7BD657AC50} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {672FA625-773E-4CD5-9D9D-647676E50E9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2022-06-03] (Google Inc -> Google LLC) Task: {86F6577D-F715-4A06-88BF-3D2AED5DDDBB} - System32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1607871373-324708402-1829963724-1001_0 => {5ded83ef-1e99-48cf-bf83-676d2a6db408} C:\Windows\System32\oobe\UserOOBE.dll [417280 2022-07-16] (Microsoft Windows -> Microsoft Corporation) Task: {A2CB4B5C-A40A-45F0-88FF-FAC34B3F9469} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AB1B5401-1189-4220-8B96-7A3CD02BB5DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C7ABDEC0-5E67-44F8-B2A6-2C15E18B8BF9} - System32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1607871373-324708402-1829963724-1004_0 => {5ded83ef-1e99-48cf-bf83-676d2a6db408} C:\Windows\System32\oobe\UserOOBE.dll [417280 2022-07-16] (Microsoft Windows -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 181.213.132.4 181.213.132.5 Tcpip\..\Interfaces\{6F704B69-8B2D-4AB7-8143-D60EFC95CCC2}: [NameServer] 200.169.119.222 200.169.119.221 Tcpip\..\Interfaces\{b052f0e5-f5da-49a4-9775-a9709ced9f66}: [DhcpNameServer] 181.213.132.4 181.213.132.5 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\usuario\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-21] Edge Extension: (Video DownloadHelper) - C:\Users\usuario\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmkaglaafmhbcpleggkmaliipiilhldn [2022-06-06] Chrome: ======= CHR Profile: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default [2022-06-03] CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Extension: (Apresentações) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-06-03] CHR Extension: (Documentos) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-06-03] CHR Extension: (Google Drive) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-06-03] CHR Extension: (YouTube) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-06-03] CHR Extension: (Planilhas) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-06-03] CHR Extension: (Documentos Google off-line) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-03] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-03] CHR Extension: (Gmail) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-06-03] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-15] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [287744 2022-05-18] (Microsoft Corporation) [Arquivo não assinado] S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 pelmouse; C:\WINDOWS\System32\drivers\pelmouse.sys [26880 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.) S3 pelusblf; C:\WINDOWS\System32\drivers\pelusblf.sys [33048 2016-07-11] (WDKTestCert idd,131110062695071623 -> ) S3 pelvendr; C:\WINDOWS\System32\drivers\pelvendr.sys [15032 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.) S3 phidmice; C:\WINDOWS\System32\drivers\phidmice.sys [33048 2016-07-11] (WDKTestCert idd,131110062695071623 -> ) S3 pmouself; C:\WINDOWS\System32\drivers\pmouself.sys [26880 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.) S3 pvendrlf; C:\WINDOWS\System32\drivers\pvendrlf.sys [15032 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [65144 2021-10-08] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation) S3 massfilter; \SystemRoot\System32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-09-11 21:11 - 2022-09-11 21:16 - 000012476 _____ C:\Users\Ana\Desktop\FRST.txt 2022-09-07 22:49 - 2022-09-07 22:49 - 000002245 _____ C:\Users\Ana\Desktop\Google Chrome.lnk 2022-09-07 22:42 - 2022-09-07 22:42 - 000000000 ____D C:\Users\Ana\Desktop\FRST-OlderVersion 2022-09-07 22:31 - 2022-09-07 22:31 - 000004036 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1607871373-324708402-1829963724-1004_0 2022-09-07 22:27 - 2022-09-07 22:27 - 000004036 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1607871373-324708402-1829963724-1001_0 2022-09-07 22:14 - 2022-09-07 22:14 - 000000640 _____ C:\Users\Ivan\Desktop\fixlist.txt 2022-09-07 22:10 - 2022-09-07 22:10 - 000000000 ____D C:\Users\usuario\AppData\Local\PeerDistRepub 2022-09-03 13:11 - 2022-09-07 22:46 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-08-29 21:11 - 2022-08-29 21:11 - 000004094 _____ C:\Users\Ivan\Documents\Mainframe.pdf 2022-08-29 21:08 - 2022-08-29 21:08 - 001025711 _____ C:\Users\Ivan\Downloads\ED_1_2022_BANRISUL_ABERTURA.PDF 2022-08-29 20:46 - 2022-08-29 20:59 - 000004094 _____ C:\Users\Ivan\Documents\Mainframe.txt 2022-08-29 20:44 - 2022-08-29 20:44 - 000002100 _____ C:\Users\Ivan\Documents\conhecimento geral.txt 2022-08-27 19:37 - 2022-08-27 19:37 - 000295152 _____ C:\Users\Ivan\Downloads\comprovante de inscrição_banrisul.pdf 2022-08-27 19:13 - 2022-08-27 19:13 - 000000000 ____D C:\Users\Ivan\Documents\BANRISUL_Suporte_Infraestrutura_Tecn_Informacao 2022-08-27 19:03 - 2022-08-26 18:23 - 052387394 _____ C:\Users\Ivan\Desktop\BANRISUL_Suporte_Infraestrutura_Tecn_Informacao.zip 2022-08-17 21:33 - 2022-08-17 21:33 - 000000000 ____D C:\Users\Ivan\AppData\Local\OneDrive 2022-08-15 19:01 - 2022-08-15 19:01 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2022-08-15 19:01 - 2022-08-15 19:01 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2022-08-15 19:00 - 2022-08-15 19:00 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-08-15 18:58 - 2022-08-15 18:58 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2022-08-15 18:56 - 2022-08-15 18:56 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-08-15 18:56 - 2022-08-15 18:56 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2022-08-15 18:56 - 2022-08-15 18:56 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2022-08-15 18:56 - 2022-08-15 18:56 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2022-08-15 17:49 - 2022-08-15 17:49 - 000000000 ___HD C:\$WinREAgent 2022-08-12 14:56 - 2022-08-12 14:56 - 000056308 _____ C:\Users\Ivan\Downloads\Concurso.pdf ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-09-11 21:32 - 2022-06-02 22:41 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-09-11 21:14 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-09-11 21:13 - 2022-08-08 23:16 - 000000000 ____D C:\FRST 2022-09-11 21:13 - 2022-06-02 22:41 - 000000000 ___HD C:\Program Files\WindowsApps 2022-09-11 21:08 - 2022-06-03 02:13 - 000000000 ____D C:\Program Files (x86)\Google 2022-09-10 20:28 - 2022-06-02 23:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-09-10 19:21 - 2022-06-02 23:49 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-09-10 19:21 - 2021-11-25 10:12 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-09-07 22:54 - 2022-06-03 00:36 - 001651882 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-09-07 22:54 - 2022-06-02 22:55 - 000715446 _____ C:\WINDOWS\system32\prfh0416.dat 2022-09-07 22:54 - 2022-06-02 22:55 - 000140602 _____ C:\WINDOWS\system32\prfc0416.dat 2022-09-07 22:54 - 2022-06-02 22:35 - 000000000 ____D C:\WINDOWS\INF 2022-09-07 22:48 - 2022-06-05 14:37 - 000000000 ____D C:\Users\Ana\Desktop\Ana 2022-09-07 22:46 - 2022-06-07 18:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-09-07 22:46 - 2022-06-07 10:57 - 000000000 ____D C:\Users\Ivan\AppData\Local\Avast Software 2022-09-07 22:46 - 2022-06-03 12:52 - 000000000 ____D C:\ProgramData\Avast Software 2022-09-07 22:46 - 2022-06-02 23:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-09-07 22:46 - 2021-11-25 10:09 - 000008192 ___SH C:\DumpStack.log.tmp 2022-09-07 22:45 - 2022-06-02 22:15 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2022-09-07 22:42 - 2022-08-08 23:13 - 002371072 _____ (Farbar) C:\Users\Ana\Desktop\FRST64.exe 2022-09-07 22:39 - 2022-06-05 13:05 - 000000000 ____D C:\Users\Ana\AppData\Local\Packages 2022-09-07 22:37 - 2022-06-03 02:09 - 000000000 ____D C:\Program Files (x86)\InstallAffixationInfo 2022-09-07 22:37 - 2022-02-12 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro 3G 2022-09-07 22:35 - 2022-06-05 14:13 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1607871373-324708402-1829963724-1004 2022-09-07 22:35 - 2022-06-05 14:10 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1607871373-324708402-1829963724-1004 2022-09-07 22:35 - 2022-06-05 14:10 - 000002379 _____ C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-09-07 22:24 - 2022-06-02 23:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-09-07 22:13 - 2022-02-12 19:06 - 000000000 ____D C:\Users\Ivan\AppData\LocalLow\Mozilla 2022-09-07 21:43 - 2022-06-03 01:52 - 000000000 ____D C:\Users\Ivan\AppData\Local\Packages 2022-09-07 18:41 - 2022-06-21 19:36 - 000000000 ____D C:\Users\Ivan\AppData\Local\CrashDumps 2022-09-07 18:36 - 2022-02-13 10:36 - 000000000 ___RD C:\Users\Ivan\OneDrive 2022-09-03 20:12 - 2022-06-07 18:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-09-03 20:11 - 2022-06-07 18:09 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-09-03 10:26 - 2022-06-02 22:19 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-09-03 09:05 - 2022-06-07 10:33 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1607871373-324708402-1829963724-1002 2022-09-03 09:05 - 2022-06-03 02:01 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1607871373-324708402-1829963724-1002 2022-09-03 09:05 - 2022-06-03 00:10 - 000002382 _____ C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-08-29 21:14 - 2022-06-07 18:10 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2022-08-29 20:23 - 2022-06-03 13:40 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2022-08-29 20:23 - 2022-06-03 13:40 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2022-08-24 22:07 - 2022-06-04 09:37 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1607871373-324708402-1829963724-1001 2022-08-24 22:07 - 2022-06-03 03:19 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1607871373-324708402-1829963724-500 2022-08-24 22:07 - 2022-06-03 03:16 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1607871373-324708402-1829963724-500 2022-08-24 22:07 - 2022-06-03 02:15 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1607871373-324708402-1829963724-1001 2022-08-24 22:07 - 2022-06-02 23:49 - 000003602 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-08-24 22:07 - 2022-06-02 23:49 - 000003378 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-08-22 23:14 - 2021-11-25 10:46 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-08-15 20:12 - 2022-06-02 23:35 - 000456888 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\SystemResources 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\ShellExperiences 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2022-08-15 18:55 - 2022-06-02 23:50 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2022-08-15 16:34 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2022-08-15 16:28 - 2022-06-03 12:56 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-08-12 21:18 - 2022-06-03 00:10 - 000000000 ____D C:\Users\Ivan 2022-08-12 21:17 - 2022-06-03 12:55 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-08-12 21:11 - 2022-06-03 03:11 - 000000000 ____D C:\Users\Administrador ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Obrigada! -
[Resolvido] PC lento
Annluciap respondeu ao tópico de Annluciap em Tópicos Resolvidos (Seguranca & Malwares)
Boa noite, DigRam! Desculpa pela demora. Seguem abaixo os logs: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 30-08-2022 Executado por usuario (07-09-2022 22:42:28) Run:1 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: usuario & Ana & Administrador Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** Start:: Closeprocesses: SystemRestore: On CreateRestorePoint: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrição <==== ATENÇÃO HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrição <==== ATENÇÃO ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe (Nenhum Arquivo) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO cmd: ECHO Y|CHKDSK C: /F Comment: Use Farbar routine to delete temp files C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp Comment: The system will restart. Reboot: End:: ***************** Processos fechados com sucesso. SystemRestore: On => completado Ponto de Restauração criado com sucesso. HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiSpyware => Erro ao configurar valor. HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiVirus => Erro ao configurar valor. "C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe" => não encontrado (a) HKLM\SOFTWARE\Policies\Mozilla => removido (a) com sucesso. ========= ECHO Y|CHKDSK C: /F ========= O tipo do sistema de arquivos ‚ NTFS. NÆo ‚ poss¡vel bloquear a unidade atual. NÆo ‚ poss¡vel executar o CHKDSK porque o volume est sendo usado por outro processo. Deseja agendar a verifica‡Æo deste volume para a pr¢xima vez em que o sistema for reiniciado? (S/N) Y NÆo ‚ poss¡vel executar o CHKDSK porque o volume est sendo usado por outro processo. Deseja agendar a verifica‡Æo deste volume para a pr¢xima vez em que o sistema for reiniciado? (S/N) NÆo ‚ poss¡vel executar o CHKDSK porque o volume est sendo usado por outro processo. Deseja agendar a verifica‡Æo deste volume para a pr¢xima vez em que o sistema for reiniciado? (S/N) ========= Fim de CMD: ========= =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\3746361a-cb54-4b12-b8ed-220d2fcef4eb.tmp => movido com sucesso C:\Windows\Temp\78b3d94a-e79b-49b3-af55-2317059e7865.tmp => movido com sucesso C:\Windows\Temp\8ee9b7fd-cd01-4653-8584-93307e3489f0.tmp => movido com sucesso C:\Windows\Temp\9eaee8f1-d400-4686-8fda-b5bd69539c26.tmp => movido com sucesso C:\Windows\Temp\asw-476a497b-f24e-484a-b49c-4e480974e56e.tmp => movido com sucesso C:\Windows\Temp\asw-c1a42555-7e12-4160-bb68-e81be6ea9853.tmp => movido com sucesso C:\Windows\Temp\chrome_installer.log => movido com sucesso C:\Windows\Temp\FXSAPIDebugLogFile.txt => movido com sucesso C:\Windows\Temp\FXSTIFFDebugLogFile.txt => movido com sucesso C:\Windows\Temp\MpCmdRun.log => movido com sucesso C:\Windows\Temp\MpCopyAccelerator.log => movido com sucesso C:\Windows\Temp\MpSigStub.log => movido com sucesso C:\Windows\Temp\msedge_installer.log => movido com sucesso C:\Windows\Temp\TS_26EF.tmp => movido com sucesso C:\Windows\Temp\TS_2896.tmp => movido com sucesso C:\Windows\Temp\TS_A65E.tmp => movido com sucesso C:\Windows\Temp\TS_AB9F.tmp => movido com sucesso C:\Windows\Temp\USBInstallInfo.log => movido com sucesso C:\Windows\Temp\{AE77E5DB-3BC5-44E8-85A7-0FD0D79772B2}-MicrosoftEdge_X64_104.0.1293.63_104.0.1293.54.exe => movido com sucesso ========= Fim -> "C:\Windows\Temp\*.*" ======== =========== "C:\WINDOWS\system32\*.tmp" ========== não encontrado (a) ========= Fim -> "C:\WINDOWS\system32\*.tmp" ======== =========== "C:\WINDOWS\syswow64\*.tmp" ========== não encontrado (a) ========= Fim -> "C:\WINDOWS\syswow64\*.tmp" ======== O sistema precisou ser reiniciado. ==== Fim de Fixlog 22:44:33 ==== ==================== Informações da Memória =========================== BIOS: Intel Corp. MUCDT10N.86A.0072.2012.0808.1512 08/08/2012 Processador: Intel(R) Atom(TM) CPU D2550 @ 1.86GHz Percentagem de memória em uso: 84% RAM física total: 4078.65 MB RAM física disponível: 628.8 MB Virtual Total: 7280.34 MB Virtual disponível: 2713.21 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.2 GB) (Free:417.02 GB) (Model: WDC WD5000LPSX-75A6WT0) NTFS Drive d: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS \\?\Volume{119ee62c-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS \\?\Volume{119ee62c-0000-0000-0000-305074000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ==================== Fim de Addition.txt ======================= Obrigada! -
[Arquivado] Computador muito lento
Annluciap respondeu ao tópico de Annluciap em Tópicos Arquivados (Seguranca & Malwares)
Bom dia, DigRam! Podes arquivar este tópico, por favor? Desculpa pela demora. Obrigada. -
-
Bom dia! Ao verificar o PC com o AVAST foram detectados 4 trojans, conforme imagem abaixo. Seguem logs da FRST: FRST https://www.cjoint.com/c/LHjcUPvaR3o Addition https://www.cjoint.com/c/LHjcVYEMlJo Podes me ajudar, por favor? Obrigada.
-
[Arquivado] Computador muito lento
Annluciap postou um tópico no fórum Tópicos Arquivados (Seguranca & Malwares)
Bom dia! Meu computador começou a ficar lento. Se puderem me ajudar, agradeço. Seguem abaixo os logs da FRST: Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 30-01-2022 Executado por Famaqui (administrador) em DESKTOP-5J8O8HF (Itautec S.A. Infoway) (03-02-2022 09:55:07) Executando a partir de C:\Users\Logoterapia\Desktop Perfis Carregados: Famaqui & Logoterapia Plataforma: Microsoft Windows 10 Pro Versão 21H1 19043.1466 (X64) Idioma: Português (Brasil) Navegador padrão: Edge Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.76\identity_helper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7> (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\NisSrv.exe (philandro Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ZTE CORPORATION -> ) C:\Program Files (x86)\Claro 3G\CMUpdater.exe (ZTE CORPORATION -> ) C:\Program Files (x86)\Claro 3G\UIMain.exe 0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe 0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21121.250.0_x64__8wekyb3d8bbwe\YourPhone.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2021-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\Run: [MicrosoftEdgeAutoLaunch_FFB80A29E2B6CA7A87F4867A906A7ED9] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\Run: [MicrosoftEdgeAutoLaunch_01CA57FCFBADE73389A1D832F77925FA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "I:\Windows/AutoRun.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-21] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2021-12-21] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) Startup: C:\Users\Logoterapia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2022-01-17] ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0C4CF758-1923-412A-AF60-6EDEF9C3B905} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.) Task: {4576A4F2-BD76-4FE7-835E-26DEE5013429} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MpCmdRun.exe [926912 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {498808B2-2219-45A8-BE4D-7454E3CCD4F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MpCmdRun.exe [926912 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8082054D-305B-441D-94BC-9E3BCCB1ADA2} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-400714347-516547821-1503872166-1002 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation) Task: {8FD8CA2C-4F4C-4EFB-A3C4-F9B07F0A0559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-06] (Google LLC -> Google LLC) Task: {95DAD68F-AECC-45B3-A159-DCCC3674A9FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MpCmdRun.exe [926912 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A21520D0-E698-4917-8789-5DDE509DDF4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MpCmdRun.exe [926912 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D697F7E7-3B89-41B4-BB11-C80FB69D03CB} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {D6AB6416-2CE9-4B1E-9B95-6C4C65D2FB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-06] (Google LLC -> Google LLC) Task: {E2421F5F-5A9F-4E80-81C5-3AC1328820A0} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B" (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\..\Interfaces\{0F533CE7-7A6A-4ACC-93CA-5BA708D1008D}: [NameServer] 200.169.119.222 200.169.119.221 Tcpip\..\Interfaces\{3269e617-d4aa-4453-b41d-83b4746dcfd9}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{636cd3da-d87d-4e07-ab6d-73ddd859b6db}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{7dd83a10-47fc-42d3-9512-f5eade7560af}: [DhcpNameServer] 181.213.132.2 181.213.132.3 Edge: ======= Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)] Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)] Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)] Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)] Edge DefaultProfile: Default Edge Profile: C:\Users\Famaqui\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-01] FireFox: ======== FF DefaultProfile: 6al8hfm0.default FF ProfilePath: C:\Users\Famaqui\AppData\Roaming\Mozilla\Firefox\Profiles\6al8hfm0.default [2021-08-05] FF ProfilePath: C:\Users\Famaqui\AppData\Roaming\Mozilla\Firefox\Profiles\guqst3oi.default-release [2022-02-02] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default [2021-08-05] CHR Extension: (Apresentações) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-31] CHR Extension: (Documentos) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-31] CHR Extension: (Google Drive) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-31] CHR Extension: (YouTube) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-31] CHR Extension: (Planilhas) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-31] CHR Extension: (Documentos Google off-line) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-06] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-31] CHR Extension: (Gmail) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-31] CHR Extension: (Chrome Media Router) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-31] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3803376 2021-12-21] (philandro Software GmbH -> AnyDesk Software GmbH) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-12] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\NisSrv.exe [2910272 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MsMpEng.exe [129440 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [11776 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> MBB Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49592 2022-01-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [437480 2022-01-29] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-01-29] (Microsoft Windows -> Microsoft Corporation) R3 ZTEusbmdm6k; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) R3 ZTEusbnmea; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) R3 ZTEusbser6k; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-02-03 09:49 - 2022-02-03 09:49 - 083361792 _____ C:\WINDOWS\system32\config\SOFTWARE 2022-02-03 09:42 - 2022-02-03 09:49 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2022-02-01 16:23 - 2022-02-01 16:24 - 005345466 _____ C:\Users\Logoterapia\Downloads\Prática na escola 2021_1.pdf 2022-02-01 16:22 - 2022-02-01 16:22 - 000164833 _____ C:\Users\Logoterapia\Downloads\Formulario.pdf 2022-01-27 11:40 - 2022-01-27 11:40 - 000035944 _____ C:\Users\Logoterapia\Downloads\N-1639.PDF 2022-01-27 10:54 - 2022-01-27 10:54 - 000010372 _____ C:\Users\Logoterapia\Downloads\N-567.PDF 2022-01-27 10:40 - 2022-01-27 10:40 - 000056601 _____ C:\Users\Logoterapia\Downloads\N-825.PDF 2022-01-26 21:53 - 2022-01-26 21:53 - 000518625 _____ C:\Users\Logoterapia\Downloads\Carolina Martins no Instagram_ “R$1.000 ou um notebook_ (Foto Oficial) Amanhã, 27_01, às 08h da manhã, vamos abrir as inscrições do Programa Trocando de Emprego…”.html 2022-01-26 21:53 - 2022-01-26 21:53 - 000000000 ____D C:\Users\Logoterapia\Downloads\Carolina Martins no Instagram_ “R$1.000 ou um notebook_ (Foto Oficial) Amanhã, 27_01, às 08h da manhã, vamos abrir as inscrições do Programa Trocando de Emprego…”_files 2022-01-26 19:56 - 2022-01-26 19:56 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2022-01-24 20:24 - 2022-01-24 20:24 - 000000000 ____D C:\Users\Logoterapia\Desktop\ivan 2022-01-24 12:43 - 2022-01-24 12:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-01-19 21:19 - 2022-01-19 21:19 - 000288376 _____ C:\Users\Logoterapia\Downloads\CErtificado Gestor Class - Secretaria ES.pdf 2022-01-17 21:05 - 2022-01-17 21:05 - 000010105 _____ C:\Users\Logoterapia\Downloads\N-731 (1).PDF 2022-01-17 20:51 - 2022-01-17 20:51 - 000010105 _____ C:\Users\Logoterapia\Downloads\N-731.PDF 2022-01-17 20:48 - 2022-01-17 20:48 - 000030824 _____ C:\Users\Logoterapia\Downloads\N-942.PDF 2022-01-17 20:46 - 2022-01-17 20:46 - 000018642 _____ C:\Users\Logoterapia\Downloads\N-943.PDF 2022-01-16 09:57 - 2022-01-16 09:57 - 000058003 _____ C:\Users\Logoterapia\Downloads\11162059.pdf 2022-01-12 21:44 - 2022-01-24 20:25 - 000000000 ____D C:\Users\Logoterapia\dwhelper 2022-01-12 21:36 - 2022-01-12 21:36 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp 2022-01-12 21:26 - 2022-01-12 21:27 - 044612640 _____ (DownloadHelper ) C:\Users\Logoterapia\Downloads\VdhCoAppSetup-1.6.3.exe 2022-01-12 15:24 - 2022-01-12 15:24 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe 2022-01-12 15:24 - 2022-01-12 15:24 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe 2022-01-12 15:24 - 2022-01-12 15:24 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-01-12 15:03 - 2022-01-12 15:03 - 000000000 ___HD C:\$WinREAgent ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-02-03 09:57 - 2021-06-16 18:40 - 001651882 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-02-03 09:57 - 2019-12-07 11:53 - 000715446 _____ C:\WINDOWS\system32\prfh0416.dat 2022-02-03 09:57 - 2019-12-07 11:53 - 000140602 _____ C:\WINDOWS\system32\prfc0416.dat 2022-02-03 09:57 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF 2022-02-03 09:55 - 2021-08-04 11:04 - 000000000 ____D C:\FRST 2022-02-03 09:53 - 2021-12-21 20:52 - 000000000 ____D C:\ProgramData\AnyDesk 2022-02-03 09:52 - 2021-07-06 11:11 - 000000000 ____D C:\Program Files (x86)\Claro 3G 2022-02-03 09:52 - 2021-05-31 12:17 - 000000000 ____D C:\Program Files (x86)\Google 2022-02-03 09:51 - 2021-12-21 20:51 - 000000000 ____D C:\Users\Logoterapia\AppData\Roaming\AnyDesk 2022-02-03 09:51 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-02-03 09:50 - 2021-06-16 18:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-02-03 09:50 - 2021-06-16 18:28 - 000008192 ___SH C:\DumpStack.log.tmp 2022-02-03 09:41 - 2019-12-07 06:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-02-03 09:40 - 2021-07-06 19:24 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Mozilla 2022-02-02 21:57 - 2020-02-07 17:59 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\ConnectedDevicesPlatform 2022-02-02 21:56 - 2021-12-21 20:52 - 000000000 ____D C:\Program Files (x86)\AnyDesk 2022-02-02 21:55 - 2021-08-13 09:03 - 000000000 ____D C:\Users\Logoterapia\Desktop\FRST-OlderVersion 2022-02-02 21:55 - 2021-08-04 11:03 - 002311680 _____ (Farbar) C:\Users\Logoterapia\Desktop\FRST64.exe 2022-02-02 21:55 - 2021-07-08 09:36 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Temp 2022-02-02 21:21 - 2021-06-16 18:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-02-02 20:42 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-02-02 20:42 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-02-02 12:50 - 2020-02-07 18:02 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Comms 2022-02-02 10:00 - 2020-02-06 15:36 - 000000000 __RHD C:\Users\Public\AccountPictures 2022-01-31 12:13 - 2021-07-06 19:29 - 000000000 ____D C:\Users\Logoterapia\Desktop\SEAD_2021 2022-01-31 00:44 - 2021-06-16 18:31 - 000000000 ____D C:\Users\Logoterapia 2022-01-30 19:02 - 2021-05-31 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-01-30 19:02 - 2021-05-31 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2022-01-29 17:13 - 2020-02-06 15:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-01-28 19:03 - 2021-06-16 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-01-28 19:03 - 2021-06-16 18:30 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-01-28 12:54 - 2021-08-08 11:37 - 000000000 ____D C:\Users\Public\Documents\BizagiModelerLogs 2022-01-27 18:56 - 2021-06-24 17:46 - 000003618 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-01-27 18:56 - 2021-06-24 17:46 - 000003524 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d762f7bbca0061 2022-01-27 18:08 - 2021-07-07 10:24 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\D3DSCache 2022-01-27 01:08 - 2021-12-13 12:00 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-400714347-516547821-1503872166-1002 2022-01-27 01:08 - 2021-08-28 19:31 - 000000000 ___RD C:\Users\Logoterapia\FAMAQUI - Faculdade Mário Quintana 2022-01-27 01:08 - 2021-07-06 19:40 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-400714347-516547821-1503872166-1002 2022-01-27 01:08 - 2021-06-16 18:31 - 000002403 _____ C:\Users\Logoterapia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-01-24 12:44 - 2021-05-31 16:20 - 000000000 ____D C:\ProgramData\Mozilla 2022-01-24 12:42 - 2021-05-31 16:20 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-01-21 12:54 - 2021-07-06 19:14 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-01-21 12:54 - 2021-07-06 19:14 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-01-19 20:03 - 2021-07-06 19:10 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2022-01-19 20:03 - 2021-07-06 19:10 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2022-01-12 19:01 - 2021-07-07 10:09 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Adobe 2022-01-12 18:48 - 2021-06-16 18:28 - 000438800 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-01-12 18:47 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-01-12 15:32 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-01-12 15:01 - 2020-02-14 09:44 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-01-12 14:57 - 2020-02-14 09:44 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-01-12 10:46 - 2021-06-16 18:45 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2022-01-12 10:45 - 2021-12-17 17:25 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2022-01-12 10:45 - 2021-12-17 17:25 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk ==================== Arquivos na raiz de alguns diretórios ======== 2021-07-26 21:05 - 2021-07-26 21:05 - 000007597 _____ () C:\Users\Famaqui\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 30-01-2022 Executado por Famaqui (03-02-2022 09:59:02) Executando a partir de C:\Users\Logoterapia\Desktop Microsoft Windows 10 Pro Versão 21H1 19043.1466 (X64) (2021-06-16 21:45:35) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-400714347-516547821-1503872166-500 - Administrator - Disabled) Convidado (S-1-5-21-400714347-516547821-1503872166-501 - Limited - Disabled) DefaultAccount (S-1-5-21-400714347-516547821-1503872166-503 - Limited - Disabled) Famaqui (S-1-5-21-400714347-516547821-1503872166-1001 - Administrator - Enabled) => C:\Users\Famaqui Logoterapia (S-1-5-21-400714347-516547821-1503872166-1002 - Limited - Enabled) => C:\Users\Logoterapia WDAGUtilityAccount (S-1-5-21-400714347-516547821-1503872166-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 21.011.20039 - Adobe) AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.0.4 - AnyDesk Software GmbH) Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft) Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft) Bizagi Modeler (HKLM\...\{fc979aba-3131-4cd7-82c9-e8023d8d54d7}) (Version: 3.8.0206 - Bizagi Limited) Hidden Bizagi Modeler (HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\InstallShield_{fc979aba-3131-4cd7-82c9-e8023d8d54d7}) (Version: 3.8.0206 - Bizagi Limited) Claro 3G (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) D-Link DWA-131 - V5.02b04 (HKLM-x32\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version: 5.00.0000 - D-Link) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.76 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 91.0 (x86 pt-BR)) (Version: 91.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 - Realtek Semiconductor Corp.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) Packages: ========= Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-02-02] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation) [MS Ad] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-400714347-516547821-1503872166-1002_Classes\CLSID\{04271989-C4D2-A49B-7D71-BFD1586DE06B} -> [FAMAQUI - Faculdade Mário Quintana] => C:\Users\Logoterapia\FAMAQUI - Faculdade Mário Quintana [2021-08-28 19:31] ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\perseus.com.br -> hxxps://famaqui.perseus.com.br ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-03-19 01:49 - 2019-03-19 01:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-400714347-516547821-1503872166-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-400714347-516547821-1503872166-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg DNS Servers: 200.169.119.222 - 200.169.119.221 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MozillaMaintenance => 3 HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\StartupApproved\Run: => "OneDrive" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{62565AD9-1E82-47F4-A9B6-30DBAA379E27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{9E838B19-07DC-44C3-9EC7-62F04FD895EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{969321D7-151A-4D33-8786-E24CA9C8C308}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{0692F06E-E0E5-4174-AB53-EC255C47F4DA}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\PortableWiFi.exe (D-LINK CORPORATION -> D-Link Corp.) FirewallRules: [UDP Query User{59684D04-B950-46FA-91FC-7353F85BFDAE}C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe => Nenhum Arquivo FirewallRules: [TCP Query User{596A7BFE-9CD2-466B-A7C4-B1E56BFEF841}C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe => Nenhum Arquivo FirewallRules: [{541F50C9-5E7E-486E-8F54-4A2293BBB117}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9BFFE419-78A0-4E65-B794-09B500202AB6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B9779E18-91D8-4A82-AEE8-E47EEE8AAB41}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{AC32B6ED-B069-46A7-BF79-E5BCFE16A783}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B26421A5-71D7-4316-A791-ACECE5A28093}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{D6555121-CC41-4CC1-91F7-973609F1816F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C5125A61-E41A-4AAB-B73E-5546ECAF0BF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{230D2FC2-92ED-4A8A-9D15-884E1516308C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{97923D6C-DB2E-46F8-8771-8DDB35B53EC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A6AB516D-4E7A-4A1C-9B39-B7992DE65058}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{30AE2BF5-7B0A-4BEA-BDE3-EC4A42B5D1AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D4701CF1-98F8-4517-9BB5-A57056AB3464}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2DF854C9-80F1-41A6-A8D7-281ACB93724C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C258054A-B639-473E-9520-8FC9E56DCB9F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{EFBE9A44-1FF6-4782-AA42-B581B08B0AB7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{F505D6B5-6B2B-45B1-9DB7-2E86C981AB46}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{C279935E-B83D-454F-9E40-630E2F6E1C32}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{EBA007B8-F542-4828-A3E6-56DB087E4CA6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{7BF0FEB7-3FE2-465E-8FD1-AC6690A479AA}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) ==================== Pontos de Restauração ========================= 12-01-2022 15:02:01 Instalador de Módulos do Windows 19-01-2022 18:55:40 Ponto de Verificação Agendado 28-01-2022 18:51:09 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (02/02/2022 10:18:00 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: O Windows não pode acessar o arquivo por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento instalados neste computador, ou o disco está ausente. O Windows fechou o programa MODEM Mobile Connection por causa desse erro. Programa: MODEM Mobile Connection Arquivo: O valor do erro está listado na seção Dados Adicionais. Ação do Usuário 1. Abra o arquivo novamente. Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente. 2. Se o arquivo ainda não puder ser acessado e - não estiver na rede, o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado. - Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador. 3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER. 4. Se o problema persistir, restaure o arquivo de uma cópia de backup. 5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para obter assistência adicional. Dados Adicionais Valor do erro: 00000000 Tipo de disco: 0 Error: (02/02/2022 10:18:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de data/hora: 0x00000000 Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0xc000001d Deslocamento da falha: 0x0d064c20 ID do processo com falha: 0x18a0 Hora de início do aplicativo com falha: 0x01d81899204ba010 Caminho do aplicativo com falha: C:\Program Files (x86)\Claro 3G\UIMain.exe Caminho do módulo com falha: unknown ID do Relatório: 6e110f63-47d2-46c9-956e-c2796997c626 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/02/2022 10:17:55 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: O Windows não pode acessar o arquivo por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento instalados neste computador, ou o disco está ausente. O Windows fechou o programa MODEM Mobile Connection por causa desse erro. Programa: MODEM Mobile Connection Arquivo: O valor do erro está listado na seção Dados Adicionais. Ação do Usuário 1. Abra o arquivo novamente. Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente. 2. Se o arquivo ainda não puder ser acessado e - não estiver na rede, o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado. - Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador. 3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER. 4. Se o problema persistir, restaure o arquivo de uma cópia de backup. 5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para obter assistência adicional. Dados Adicionais Valor do erro: 00000000 Tipo de disco: 0 Error: (02/02/2022 10:17:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de data/hora: 0x00000000 Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0xc000001d Deslocamento da falha: 0x0d064c20 ID do processo com falha: 0x18a0 Hora de início do aplicativo com falha: 0x01d81899204ba010 Caminho do aplicativo com falha: C:\Program Files (x86)\Claro 3G\UIMain.exe Caminho do módulo com falha: unknown ID do Relatório: 27fd2db8-577f-4af0-a168-c725e7e970b6 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/02/2022 07:28:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Video.UI.exe versão 10.21111.1051.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 700 Hora de Início: 01d8185ab5fc3a02 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21111.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe ID do Relatório: 0a83429f-87ef-49e5-b0a0-fc2243b27f44 Nome completo do pacote com falha: Microsoft.ZuneVideo_10.21111.10511.0_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: Microsoft.ZuneVideo Tipo com falha: Quiesce Error: (02/02/2022 10:01:47 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5J8O8HF) Description: Microsoft.VCLibs.140.00_8wekyb3d8bbwe-2147024893 Error: (02/02/2022 10:01:47 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5J8O8HF) Description: Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe-2147024893 Error: (02/02/2022 10:01:47 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5J8O8HF) Description: Microsoft.UI.Xaml.2.7_8wekyb3d8bbwe-2147024893 Erros de Sistema: ============= Error: (02/03/2022 09:37:26 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT) Description: Verificação de volume criptografado: as informações de volume em E: não podem ser lidas. Error: (02/02/2022 09:56:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5J8O8HF) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Error: (02/02/2022 09:55:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço. Error: (02/02/2022 09:55:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço CredentialEnrollmentManagerUserSvc_2c0bc8b foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (02/02/2022 09:55:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço AnyDesk Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (02/02/2022 09:55:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Adobe Acrobat Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (02/02/2022 12:45:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80240017: 2021-10 Atualização do Windows 10 Version 21H1 para sistemas baseados em x64 (KB5005463). Error: (02/01/2022 06:58:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80240017: 2021-10 Atualização do Windows 10 Version 21H1 para sistemas baseados em x64 (KB5005463). Windows Defender: ================ Date: 2022-02-03 09:52:32 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {0B811521-58C3-4AFD-A16F-696F1D1DF6C1} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: DESKTOP-5J8O8HF\Logoterapia Date: 2022-02-03 09:51:30 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {E4D0D75D-B649-4E31-A2E0-8EAC0C20437D} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Personalizada Usuário: DESKTOP-5J8O8HF\Logoterapia Date: 2022-02-03 09:40:20 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {20E4798C-EB52-4B7E-A3E4-EDB42F7A0D91} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Personalizada Usuário: DESKTOP-5J8O8HF\Logoterapia Date: 2022-02-02 18:05:20 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {C54B57EB-2454-47F7-999F-EEAD30C90E8B} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-02-01 17:29:18 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {34F7886C-384B-49AE-8FCC-EB5E792A5486} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Event[0]: Date: 2022-01-15 21:31:53 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.355.1916.0 Fonte da Atualização: Servidor do Microsoft Update Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.18800.4 Código de Erro: 0x80240009 Descrição do Erro: Erro inesperado ao verificar atualizações. Para obter informações sobre como instalar ou solucionar problemas de atualizações, consulte Ajuda e Suporte. ==================== Informações da Memória =========================== BIOS: Itautec ST 4253, 0006- SL2 01/20/2009 placa-mãe: Itautec S.A. ST 4253 Processador: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz Percentagem de memória em uso: 62% RAM física total: 2038.24 MB RAM física disponível: 763.79 MB Virtual Total: 4854.24 MB Virtual disponível: 2480.45 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:110.93 GB) (Free:54.92 GB) NTFS Drive i: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS \\?\Volume{2bd2c32a-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.35 GB) (Free:0.32 GB) NTFS \\?\Volume{2bd2c32a-0000-0000-0000-20d21b000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=524 MB) - (Type=27) ==================== Fim de Addition.txt ======================= -
[Resolvido] Computador lento e tela preta
Annluciap respondeu ao tópico de Annluciap em Tópicos Resolvidos (Seguranca & Malwares)
Bom dia, DigRam! Realizei a primeira opção! Segue o relatório da correção. Obrigada! Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 11-08-2021 Executado por Famaqui (13-08-2021 09:03:20) Run:2 Executando a partir de C:\Users\Logoterapia\Desktop Perfis Carregados: Famaqui & Logoterapia Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: StartRegedit: Windows Registry Editor Version 5.00 HKEY_CURRENT_USER\S-1-5-21-400714347-516547821-1503872166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8a76c62-d52c-11eb-ad1c-0023549f654e} HKEY_CURRENT_USER\S-1-5-21-400714347-516547821-1503872166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8a76c62-d52c-11eb-ad1c-0023549f654e} EndRegedit: Emptytemp: Reboot: ***************** Processos fechados com sucesso. Registro ====> A opera��o foi conclu�da com �xito. =========== EmptyTemp: ========== BITS transfer queue => 8151040 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4232942 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 23613382 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 21240 B Famaqui => 38017399 B Logoterapia => 387709951 B RecycleBin => 0 B EmptyTemp: => 440.4 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 09:03:50 ==== -
[Resolvido] Computador lento e tela preta
Annluciap respondeu ao tópico de Annluciap em Tópicos Resolvidos (Seguranca & Malwares)
Boa tarde, DigRam! Sim! Agora não há mais tela preta e lentidão. Está tudo ok! Uma pergunta: Por que é a terceira vez que aparece um autorun.exe no dispositivo USB de acesso à rede? Será que estou fazendo algo "indevido"? Quais são as tuas dicas/sugestões, por favor? Muito obrigada! -
[Resolvido] Computador lento e tela preta
Annluciap respondeu ao tópico de Annluciap em Tópicos Resolvidos (Seguranca & Malwares)
Boa noite, DigRam! Segue abaixo o relatório. Obrigada! Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 03-08-2021 Executado por Famaqui (05-08-2021 22:01:41) Run:1 Executando a partir de C:\Users\Logoterapia\Desktop Perfis Carregados: Famaqui & Logoterapia Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** closeprocesses: HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "G:\Windows/AutoRun.exe" HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "G:\Windows/AutoRun.exe" startpowershell: sfc /scannow DISM /Online /Cleanup-image /Restorehealth endpowershell: SystemRestore: On emptytemp: reboot: ***************** Processos fechados com sucesso. HKU\S-1-5-21-400714347-516547821-1503872166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8a76c62-d52c-11eb-ad1c-0023549f654e} => removido (a) com sucesso. HKU\S-1-5-21-400714347-516547821-1503872166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8a76c62-d52c-11eb-ad1c-0023549f654e} => removido (a) com sucesso. ========= Powershell: ========= I n i c i a n d o v e r i f i c a þ Ò o d e a r q u i v o s . O p r o c e s s o l e v a r ß a l g u n s m i n u t o s p a r a s e r c o n c l u Ý d o . I n i c i a n d o f a s e d e v e r i f i c a þ Ò o d e v e r i f i c a þ Ò o d o s i s t e m a . V e r i f i c a þ Ò o 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 0 0 % c o n c l u Ý d a . A P r o t e þ Ò o d e R e c u r s o s d o W i n d o w s e n c o n t r o u a r q u i v o s c o r r o m p i d o s e o s r e p a r o u c o m Û x i t o . P a r a r e p a r o s o n l i n e , o s d e t a l h e s s Ò o i n c l u Ý d o s n o a r q u i v o d e l o g C B S l o c a l i z a d o e m w i n d i r \ L o g s \ C B S \ C B S . l o g . P o r e x e m p l o , C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g . P a r a r e p a r o s o f f l i n e , o s d e t a l h e s s Ò o i n c l u Ý d o s n o a r q u i v o d e l o g f o r n e c i d o p e l o s i n a l i z a d o r / O F F L O G F I L E . Ferramenta de Gerenciamento e Manutenção de Imagens de Implantação Versão: 10.0.19041.844 Versão da Imagem: 10.0.19043.1110 [== 3.8% ] [== 4.2% ] [== 4.2% ] [== 4.5% ] [== 4.9% ] [=== 5.4% ] [=== 5.7% ] [=== 6.2% ] [=== 6.7% ] [==== 7.2% ] [==== 7.8% ] [==== 8.5% ] [===== 9.2% ] [===== 10.1% ] [====== 10.4% ] [====== 11.4% ] [======= 12.4% ] [======= 13.4% ] [======== 14.3% ] [======== 15.3% ] [========= 16.2% ] [========= 17.1% ] [========== 17.7% ] [========== 18.6% ] [=========== 19.6% ] [=========== 20.5% ] [============ 21.0% ] [============ 21.9% ] [============ 22.0% ] [============ 22.3% ] [============= 22.6% ] [============= 22.9% ] [============= 23.3% ] [============= 23.4% ] [============= 23.8% ] [============= 23.8% ] [============= 24.0% ] [============= 24.1% ] [============= 24.1% ] [============== 24.4% ] [============== 25.3% ] [=============== 26.1% ] [=============== 27.1% ] [================ 28.1% ] [================ 29.1% ] [================= 30.0% ] [================= 30.7% ] [================== 31.4% ] [================== 32.2% ] [=================== 32.8% ] [=================== 33.4% ] [=================== 34.1% ] [=================== 34.4% ] [==================== 35.1% ] [==================== 35.6% ] [==================== 35.7% ] [==================== 35.8% ] [==================== 36.0% ] [==================== 36.0% ] [===================== 36.2% ] [===================== 36.4% ] [===================== 36.5% ] [===================== 36.7% ] [===================== 36.7% ] [===================== 37.0% ] [===================== 37.1% ] [===================== 37.4% ] [===================== 37.7% ] [===================== 37.7% ] [===================== 37.9% ] [====================== 38.1% ] [====================== 38.5% ] [====================== 38.6% ] [====================== 39.0% ] [======================= 39.7% ] [======================= 40.5% ] [======================= 40.9% ] [======================= 41.4% ] [======================== 41.7% ] [======================== 41.7% ] [======================== 42.0% ] [======================== 42.4% ] [======================== 42.6% ] [======================== 43.0% ] [========================= 43.2% ] [========================= 43.5% ] [========================= 43.7% ] [========================= 43.8% ] [========================= 44.2% ] [========================= 44.4% ] [========================= 44.7% ] [========================== 45.0% ] [========================== 45.3% ] [========================== 45.7% ] [===========================46.6% ] [===========================46.7% ] [===========================47.7% ] [===========================48.5% ] [===========================48.8% ] [===========================49.8% ] [===========================50.8% ] [===========================51.8% ] [===========================52.5% ] [===========================52.6% ] [===========================52.6% ] [===========================52.6% ] [===========================52.7% ] [===========================52.8% ] [===========================52.9% ] [===========================53.0% ] [===========================53.0% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.2% ] [===========================53.2% ] [===========================53.3% ] [===========================53.4% ] [===========================53.4% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================53.9% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.2% ] [===========================54.3% ] [===========================54.3% ] [===========================54.3% ] [===========================54.4% ] [===========================54.4% ] [===========================54.5% ] [===========================54.6% ] [===========================54.6% ] [===========================54.6% ] [===========================54.6% ] [===========================54.7% ] [===========================54.8% ] [===========================54.8% ] [===========================54.8% ] [===========================54.9% ] [===========================54.9% ] [===========================55.0% ] [===========================55.1% ] [===========================55.2% ] [===========================55.3% ] [===========================55.3% ] [===========================55.4% ] [===========================55.5% ] [===========================55.5% ] [===========================55.6% ] [===========================55.7% ] [===========================55.8% ] [===========================55.8% ] [===========================56.4% ] [===========================56.6% ] [===========================56.8% ] [===========================57.1%= ] [===========================57.7%= ] [===========================58.7%== ] [===========================59.5%== ] [===========================62.3%==== ] [===========================84.9%================= ] [==========================100.0%==========================] Operação de restauração concluída com êxito. A operação foi concluída com êxito. ========= Fim de Powershell: ========= SystemRestore: On => completado =========== EmptyTemp: ========== BITS transfer queue => 8151040 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25090926 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 127083642 B Edge => 1268944 B Chrome => 18428513 B Firefox => 63029903 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 125174 B Famaqui => 235002863 B Logoterapia => 243656113 B RecycleBin => 0 B EmptyTemp: => 688.4 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 22:17:22 ==== -
[Resolvido] Computador lento e tela preta
Annluciap postou um tópico no fórum Tópicos Resolvidos (Seguranca & Malwares)
Prezados, bom dia! Desde ontem a máquina está tendo um comportamento estranho. Quando vou abrir ou fazer download de um arquivo, do nada a tela fica preta durante alguns segundos. Além disso a máquina está mais lenta. Seguem abaixo os logs. Muito obrigada! Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 03-08-2021 Executado por Famaqui (administrador) em DESKTOP-5J8O8HF (Itautec S.A. Infoway) (04-08-2021 11:05:57) Executando a partir de C:\Users\Logoterapia\Desktop Perfis Carregados: Famaqui & Logoterapia Platform: Windows 10 Pro Versão 21H1 19043.1110 (X64) Idioma: Português (Brasil) Navegador padrão: Edge Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ZTE CORPORATION -> ) C:\Program Files (x86)\Claro 3G\CMUpdater.exe (ZTE CORPORATION -> ) C:\Program Files (x86)\Claro 3G\UIMain.exe 0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe 0 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21062.150.0_x64__8wekyb3d8bbwe\YourPhone.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2021-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Famaqui\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Famaqui\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\RunOnce: [Uninstall 21.083.0425.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Famaqui\AppData\Local\Microsoft\OneDrive\21.083.0425.0003\amd64" HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\RunOnce: [Uninstall 21.083.0425.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Famaqui\AppData\Local\Microsoft\OneDrive\21.083.0425.0003" HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "G:\Windows/AutoRun.exe" HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "G:\Windows/AutoRun.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-02] (Google LLC -> Google LLC) ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {03BC4C77-54F8-4972-8872-1B979C9BD76B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {3D5AEBDA-DF35-41D9-B853-BDB3267E4AFA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3F7257C1-B5D0-4310-B382-A3B5E9628174} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {58EFA3E4-2454-484C-A331-D4B6E68BA346} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8FD8CA2C-4F4C-4EFB-A3C4-F9B07F0A0559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-06] (Google LLC -> Google LLC) Task: {D6AB6416-2CE9-4B1E-9B95-6C4C65D2FB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-06] (Google LLC -> Google LLC) Task: {DCF0DFC5-3B03-4300-AFD5-5541B012F1E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E5DFEFD4-A329-4D2F-9F38-209EF042D148} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [637368 2021-07-06] (Mozilla Corporation -> Mozilla Foundation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\..\Interfaces\{0F533CE7-7A6A-4ACC-93CA-5BA708D1008D}: [NameServer] 200.169.119.222 200.169.119.221 Tcpip\..\Interfaces\{3269e617-d4aa-4453-b41d-83b4746dcfd9}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{636cd3da-d87d-4e07-ab6d-73ddd859b6db}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{7dd83a10-47fc-42d3-9512-f5eade7560af}: [DhcpNameServer] 181.213.132.2 181.213.132.3 Edge: ======= Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)] Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)] Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)] Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)] Edge DefaultProfile: Default Edge Profile: C:\Users\Famaqui\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-10] FireFox: ======== FF DefaultProfile: 6al8hfm0.default FF ProfilePath: C:\Users\Famaqui\AppData\Roaming\Mozilla\Firefox\Profiles\6al8hfm0.default [2021-05-31] FF ProfilePath: C:\Users\Famaqui\AppData\Roaming\Mozilla\Firefox\Profiles\guqst3oi.default-release [2021-07-10] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default [2021-07-06] CHR Extension: (Apresentações) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-31] CHR Extension: (Documentos) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-31] CHR Extension: (Google Drive) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-31] CHR Extension: (YouTube) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-31] CHR Extension: (Planilhas) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-31] CHR Extension: (Documentos Google off-line) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-06] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-31] CHR Extension: (Gmail) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-31] CHR Extension: (Chrome Media Router) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-31] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Arquivo não assinado] S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [11776 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> MBB Incorporated) U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-07-26] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-07-26] (Microsoft Windows -> Microsoft Corporation) R3 ZTEusbmdm6k; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) R3 ZTEusbnmea; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) R3 ZTEusbser6k; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três meses (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-08-04 11:04 - 2021-08-04 11:06 - 000000000 ____D C:\FRST 2021-08-04 11:03 - 2021-08-04 11:02 - 002300416 _____ (Farbar) C:\Users\Logoterapia\Desktop\FRST64.exe 2021-08-04 11:02 - 2021-08-04 11:02 - 002300416 _____ (Farbar) C:\Users\Logoterapia\Downloads\FRST64.exe 2021-08-04 10:56 - 2021-08-04 10:56 - 000030120 _____ C:\Users\Logoterapia\Downloads\(Aula 1) Solicitacao de Férias (1).bpm 2021-07-26 21:05 - 2021-07-26 21:05 - 000007597 _____ C:\Users\Famaqui\AppData\Local\Resmon.ResmonCfg 2021-07-23 17:41 - 2021-07-23 17:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2021-07-14 21:04 - 2021-07-14 21:04 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-07-14 21:04 - 2021-07-14 21:04 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb 2021-07-14 21:04 - 2021-07-14 21:04 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb 2021-07-14 21:04 - 2021-07-14 21:04 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb 2021-07-14 21:04 - 2021-07-14 21:04 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb 2021-07-14 21:03 - 2021-07-14 21:03 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-07-14 20:26 - 2021-07-14 20:26 - 000000000 ____D C:\WINDOWS\PCHEALTH 2021-07-14 19:56 - 2021-07-14 19:56 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2021-07-10 11:36 - 2021-07-10 11:36 - 000101633 _____ C:\Users\Famaqui\Downloads\Boleto_07-2021.pdf 2021-07-10 11:05 - 2021-07-10 11:40 - 000000000 ____D C:\Users\Famaqui\AppData\LocalLow\Adobe 2021-07-10 11:00 - 2021-07-10 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2021-07-10 11:00 - 2021-07-10 11:00 - 000000000 ____D C:\Program Files\Microsoft Silverlight 2021-07-10 11:00 - 2021-07-10 11:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2021-07-08 15:27 - 2021-07-15 12:17 - 000092920 _____ C:\Users\Logoterapia\AppData\Local\GDIPFONTCACHEV1.DAT 2021-07-08 09:36 - 2021-07-08 09:36 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Temp 2021-07-07 16:57 - 2021-07-07 16:57 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Microsoft Help 2021-07-07 10:49 - 2021-07-07 10:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-07-07 10:49 - 2021-07-07 10:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-07-07 10:49 - 2021-07-07 10:49 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll 2021-07-07 10:49 - 2021-07-07 10:49 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-07-07 10:49 - 2021-07-07 10:49 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-07-07 10:49 - 2021-07-07 10:49 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-07-07 10:49 - 2021-07-07 10:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-07-07 10:48 - 2021-07-07 10:48 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-07-07 10:48 - 2021-07-07 10:48 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-07-07 10:48 - 2021-07-07 10:48 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-07-07 10:48 - 2021-07-07 10:48 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-07-07 10:48 - 2021-07-07 10:48 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-07-07 10:47 - 2021-07-07 10:47 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-07-07 10:47 - 2021-07-07 10:47 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-07-07 10:47 - 2021-07-07 10:47 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-07-07 10:46 - 2021-07-07 10:46 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-07-07 10:46 - 2021-07-07 10:46 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-07-07 10:46 - 2021-07-07 10:46 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-07-07 10:45 - 2021-07-07 10:45 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-07-07 10:45 - 2021-07-07 10:45 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-07-07 10:45 - 2021-07-07 10:45 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-07-07 10:24 - 2021-07-07 10:24 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\D3DSCache 2021-07-07 10:23 - 2021-07-07 10:23 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Adobe 2021-07-07 10:09 - 2021-07-07 10:23 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Adobe 2021-07-07 10:06 - 2021-07-26 12:16 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\PlaceholderTileLogoFolder 2021-07-06 19:40 - 2021-07-26 08:52 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-400714347-516547821-1503872166-1002 2021-07-06 19:40 - 2021-07-26 08:52 - 000000000 ___RD C:\Users\Logoterapia\OneDrive 2021-07-06 19:29 - 2021-07-28 17:08 - 000000000 ____D C:\Users\Logoterapia\Desktop\SEAD_2021 2021-07-06 19:24 - 2021-08-02 20:22 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Mozilla 2021-07-06 19:24 - 2021-07-06 19:24 - 000000000 ____D C:\Users\Logoterapia\AppData\Roaming\Mozilla 2021-07-06 19:24 - 2021-07-06 19:24 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Mozilla 2021-07-06 19:21 - 2021-07-07 11:49 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Google 2021-07-06 19:14 - 2021-08-02 19:38 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-07-06 19:14 - 2021-08-02 19:38 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-07-06 19:13 - 2021-07-06 19:13 - 000000000 ____D C:\Program Files\Google 2021-07-06 19:10 - 2021-07-16 13:32 - 000003588 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-07-06 19:10 - 2021-07-16 13:32 - 000003464 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-07-06 19:09 - 2021-07-06 19:10 - 001310832 _____ (Google LLC) C:\Users\Famaqui\Downloads\ChromeSetup.exe 2021-07-06 12:27 - 2021-07-06 12:27 - 000000020 ___SH C:\Users\Logoterapia\ntuser.ini 2021-07-06 12:13 - 2021-07-06 12:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-07-06 11:46 - 2021-07-06 11:49 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-400714347-516547821-1503872166-1003 2021-07-06 11:11 - 2021-08-04 10:21 - 000000000 ____D C:\Program Files (x86)\Claro 3G 2021-07-06 11:11 - 2021-07-06 11:11 - 000001692 _____ C:\Users\Public\Desktop\Claro 3G.lnk 2021-07-06 11:11 - 2021-07-06 11:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro 3G 2021-07-06 11:11 - 2021-07-06 11:11 - 000000000 ____D C:\Program Files (x86)\InstallAffixationInfo 2021-07-06 11:11 - 2011-08-29 11:42 - 000123264 _____ (ZTE Incorporated) C:\WINDOWS\system32\Drivers\ZTEusbser6k.sys 2021-07-06 11:11 - 2011-08-29 11:42 - 000123264 _____ (ZTE Incorporated) C:\WINDOWS\system32\Drivers\ZTEusbnmea.sys 2021-07-06 11:11 - 2011-08-29 11:42 - 000123264 _____ (ZTE Incorporated) C:\WINDOWS\system32\Drivers\ZTEusbmdm6k.sys 2021-07-06 11:11 - 2011-08-29 11:42 - 000011776 _____ (MBB Incorporated) C:\WINDOWS\system32\Drivers\massfilter.sys 2021-06-24 19:28 - 2021-06-24 19:28 - 000092920 _____ C:\Users\Famaqui\AppData\Local\GDIPFONTCACHEV1.DAT 2021-06-24 17:46 - 2021-08-02 08:59 - 000003618 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-06-24 17:46 - 2021-08-02 08:59 - 000003524 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d762f7bbca0061 2021-06-17 12:23 - 2021-06-17 12:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-06-17 12:18 - 2021-06-17 12:18 - 000000020 ___SH C:\Users\Famaqui\ntuser.ini 2021-06-16 18:45 - 2021-07-22 09:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-16 18:45 - 2021-07-10 12:46 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-400714347-516547821-1503872166-1001 2021-06-16 18:45 - 2021-07-07 10:47 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-06-16 18:44 - 2021-06-16 18:45 - 000015243 _____ C:\WINDOWS\diagwrn.xml 2021-06-16 18:44 - 2021-06-16 18:45 - 000015243 _____ C:\WINDOWS\diagerr.xml 2021-06-16 18:40 - 2021-07-22 10:57 - 001651882 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-16 18:31 - 2021-07-26 08:52 - 000002403 _____ C:\Users\Logoterapia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-06-16 18:31 - 2021-07-10 12:46 - 000002391 _____ C:\Users\Famaqui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-06-16 18:31 - 2021-07-06 19:40 - 000000000 ____D C:\Users\Logoterapia 2021-06-16 18:31 - 2021-06-24 20:45 - 000000000 ____D C:\Users\Famaqui 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Modelos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Meus Documentos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Menu Iniciar 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Documents\Minhas Músicas 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Documents\Minhas Imagens 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Documents\Meus Vídeos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Dados de Aplicativos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Configurações Locais 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\AppData\Local\Histórico 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\AppData\Local\Dados de Aplicativos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Ambiente de Rede 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Ambiente de Impressão 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Modelos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Meus Documentos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Menu Iniciar 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Documents\Minhas Músicas 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Documents\Minhas Imagens 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Documents\Meus Vídeos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Dados de Aplicativos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Configurações Locais 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\AppData\Local\Histórico 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\AppData\Local\Dados de Aplicativos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Ambiente de Rede 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Ambiente de Impressão 2021-06-16 18:30 - 2021-08-02 09:05 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-06-16 18:30 - 2021-08-02 09:05 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-06-16 18:28 - 2021-08-04 10:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-16 18:28 - 2021-07-22 09:48 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-16 18:28 - 2021-07-14 23:17 - 000439632 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-06-16 18:23 - 2021-06-16 18:28 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-06-16 18:19 - 2021-06-16 18:22 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-06-16 18:19 - 2021-06-16 18:19 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-06-16 18:14 - 2021-06-16 18:14 - 000000000 ____D C:\ProgramData\ssh 2021-06-16 18:05 - 2021-06-16 18:05 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-06-16 18:05 - 2021-06-16 18:05 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-06-16 18:05 - 2021-06-16 18:05 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-06-16 18:04 - 2021-06-16 18:04 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-06-16 18:04 - 2021-06-16 18:04 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-06-16 18:04 - 2021-06-16 18:04 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-06-16 18:04 - 2021-06-16 18:04 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-06-16 18:04 - 2021-06-16 18:04 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-06-16 18:04 - 2021-06-16 18:04 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-06-16 18:04 - 2021-06-16 18:04 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-06-16 18:03 - 2021-06-16 18:03 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb 2021-06-16 18:03 - 2021-06-16 18:03 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-06-16 18:02 - 2021-06-16 18:02 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-06-16 18:02 - 2021-06-16 18:02 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-06-16 18:02 - 2021-06-16 18:02 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2021-06-16 18:02 - 2021-06-16 18:02 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv 2021-06-16 18:02 - 2021-06-16 18:02 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2021-06-16 18:01 - 2021-06-16 18:01 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-06-16 18:01 - 2021-06-16 18:01 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl 2021-06-16 18:01 - 2021-06-16 18:01 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-06-16 18:01 - 2021-06-16 18:01 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb 2021-06-16 18:01 - 2021-06-16 18:01 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2021-06-16 18:00 - 2021-06-16 18:00 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin 2021-06-16 18:00 - 2021-06-16 18:00 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-06-16 18:00 - 2021-06-16 18:00 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-06-16 18:00 - 2021-06-16 18:00 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv 2021-06-16 18:00 - 2021-06-16 18:00 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-06-16 17:59 - 2021-06-16 17:59 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll 2021-05-31 17:05 - 2021-06-16 13:56 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2021-05-31 16:21 - 2021-07-06 12:34 - 000000000 ____D C:\Users\Famaqui\AppData\Local\D3DSCache 2021-05-31 16:20 - 2021-08-02 20:22 - 000000000 ____D C:\ProgramData\Mozilla 2021-05-31 16:20 - 2021-07-10 11:26 - 000000000 ____D C:\Users\Famaqui\AppData\LocalLow\Mozilla 2021-05-31 16:20 - 2021-07-06 13:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-05-31 16:20 - 2021-07-06 13:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-05-31 16:20 - 2021-07-06 12:13 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-05-31 16:20 - 2021-05-31 16:20 - 000001216 _____ C:\Users\Public\Desktop\Firefox.lnk 2021-05-31 16:20 - 2021-05-31 16:20 - 000000000 ____D C:\Users\Famaqui\AppData\Roaming\Mozilla 2021-05-31 16:20 - 2021-05-31 16:20 - 000000000 ____D C:\Users\Famaqui\AppData\Local\Mozilla 2021-05-31 16:19 - 2021-05-31 16:19 - 000333176 _____ (Mozilla) C:\Users\Famaqui\Downloads\Firefox Installer.exe 2021-05-31 16:13 - 2021-07-29 12:31 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-05-31 16:13 - 2021-05-31 16:13 - 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2021-05-31 16:13 - 2021-05-31 16:13 - 000000000 ____D C:\Program Files (x86)\Adobe 2021-05-31 16:12 - 2021-05-31 16:36 - 000000000 ____D C:\ProgramData\Adobe 2021-05-31 16:09 - 2021-07-10 11:05 - 000000000 ____D C:\Users\Famaqui\AppData\Local\Adobe 2021-05-31 15:31 - 2021-07-06 13:36 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-05-31 12:38 - 2021-06-27 22:47 - 000000000 ___DC C:\WINDOWS\Panther 2021-05-31 12:28 - 2021-05-31 12:28 - 000000000 ___HD C:\$WinREAgent 2021-05-31 12:17 - 2021-08-04 11:10 - 000000000 ____D C:\Program Files (x86)\Google 2021-05-31 12:14 - 2021-05-31 12:19 - 000000000 ____D C:\Users\Famaqui\AppData\Local\Google 2021-05-31 12:01 - 2021-05-31 12:01 - 001149432 ____N (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys 2021-05-31 11:59 - 2021-06-16 18:30 - 000000000 _____ C:\WINDOWS\system32\fpfftResultsFile.txt 2021-05-31 11:58 - 2021-06-16 18:30 - 000000000 ____D C:\WINDOWS\system32\DAX3 2021-05-31 11:54 - 2021-05-31 11:54 - 072520816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat 2021-05-31 11:54 - 2021-05-31 11:54 - 038636585 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2021-05-31 11:54 - 2021-05-31 11:54 - 007281960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2021-05-31 11:54 - 2021-05-31 11:54 - 007178576 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 007101848 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 006270296 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 005804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat 2021-05-31 11:54 - 2021-05-31 11:54 - 005347096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003769296 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003677176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2021-05-31 11:54 - 2021-05-31 11:54 - 003445640 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003353720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003306712 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003277000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003168280 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003159880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 002930256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 002444816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 002197872 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001971472 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001965264 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001788064 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001611064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOv251gm.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001598504 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001596296 _____ (Harman International Industries, Incorporated.) C:\WINDOWS\system32\HarmanAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001544360 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001516376 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001435032 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001396840 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001386680 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001382128 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001372496 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001353216 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001337536 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001294192 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001287728 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOvlldpgm.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001259832 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001180792 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001159312 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001110072 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001078576 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001061464 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000964920 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000873352 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000852032 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000751408 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000734880 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000715752 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000692056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000604688 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000541008 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000511776 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000487576 _____ (Harman International Industries, Incorporated.) C:\WINDOWS\system32\HarmanAPOUI64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000467048 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000453168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000452840 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000448712 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000447072 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000416608 _____ (Harman) C:\WINDOWS\system32\HMUI.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000406560 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000392768 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000381304 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000378488 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000367712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000366224 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000360448 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000343600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000341040 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000341040 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000333112 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000327168 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000327168 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000316080 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000278376 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000266656 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000261344 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000261304 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000260320 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000231808 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000230600 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000220280 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000218168 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000203944 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000192872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000191064 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000191032 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000179704 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000174832 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000158592 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000157240 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000154464 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000139648 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000122424 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000118696 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000116432 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000105408 _____ C:\WINDOWS\system32\audioLibVc.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000093800 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000090808 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000090064 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000088216 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000083520 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000075432 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000023800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll 2021-05-31 11:46 - 2021-05-31 12:09 - 000000000 ____D C:\ProgramData\ProductData 2021-05-31 11:46 - 2021-05-31 11:47 - 000000000 ____D C:\Users\Famaqui\AppData\LocalLow\IObit 2021-05-31 11:44 - 2021-05-31 12:09 - 000000000 ____D C:\Users\Famaqui\AppData\Roaming\IObit 2021-05-31 11:44 - 2021-05-31 11:47 - 000000000 ____D C:\ProgramData\IObit 2021-05-19 17:34 - 2021-06-16 18:28 - 000000000 ____D C:\Program Files\UNP ==================== Três meses (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-08-04 11:08 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-04 11:04 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF 2021-08-03 14:24 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-08-02 09:05 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-07-26 08:53 - 2020-02-06 15:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-07-22 10:57 - 2019-12-07 11:53 - 000715446 _____ C:\WINDOWS\system32\prfh0416.dat 2021-07-22 10:57 - 2019-12-07 11:53 - 000140602 _____ C:\WINDOWS\system32\prfc0416.dat 2021-07-22 08:56 - 2019-12-07 06:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-07-22 08:37 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-07-21 20:44 - 2020-02-15 12:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-07-17 12:17 - 2019-03-19 01:49 - 000000167 _____ C:\WINDOWS\win.ini 2021-07-15 11:19 - 2020-02-07 17:59 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Packages 2021-07-14 23:16 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-07-14 23:16 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-07-14 23:16 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-07-14 23:16 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-07-14 23:16 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-07-14 20:26 - 2020-02-15 12:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Works 2021-07-14 20:14 - 2020-02-14 09:44 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-07-14 20:09 - 2020-02-14 09:44 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-07-14 19:55 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-07-10 12:46 - 2020-02-06 15:41 - 000000000 ___RD C:\Users\Famaqui\OneDrive 2021-07-10 11:05 - 2020-02-06 15:36 - 000000000 ____D C:\Users\Famaqui\AppData\Roaming\Adobe 2021-07-10 11:05 - 2020-02-06 15:36 - 000000000 ____D C:\Users\Famaqui\AppData\Local\Packages 2021-07-10 10:54 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-07-07 10:57 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\servicing 2021-07-07 10:38 - 2020-02-06 15:53 - 000000000 ____D C:\ProgramData\Packages 2021-07-07 10:23 - 2020-02-07 17:59 - 000000000 ____D C:\Users\Logoterapia\AppData\Roaming\Adobe 2021-07-07 10:00 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\appcompat 2021-07-06 12:27 - 2020-02-07 17:59 - 000000000 ___RD C:\Users\Logoterapia\3D Objects 2021-07-06 12:27 - 2020-02-06 15:36 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-07-06 11:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ModemLogs 2021-07-06 11:11 - 2021-04-16 18:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information ==================== Arquivos na raiz de alguns diretórios ======== 2021-07-26 21:05 - 2021-07-26 21:05 - 000007597 _____ () C:\Users\Famaqui\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 03-08-2021 Executado por Famaqui (04-08-2021 11:13:34) Executando a partir de C:\Users\Logoterapia\Desktop Windows 10 Pro Versão 21H1 19043.1110 (X64) (2021-06-16 21:45:35) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-400714347-516547821-1503872166-500 - Administrator - Disabled) Convidado (S-1-5-21-400714347-516547821-1503872166-501 - Limited - Disabled) DefaultAccount (S-1-5-21-400714347-516547821-1503872166-503 - Limited - Disabled) Famaqui (S-1-5-21-400714347-516547821-1503872166-1001 - Administrator - Enabled) => C:\Users\Famaqui Logoterapia (S-1-5-21-400714347-516547821-1503872166-1002 - Limited - Enabled) => C:\Users\Logoterapia WDAGUtilityAccount (S-1-5-21-400714347-516547821-1503872166-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated) Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft) Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft) Claro 3G (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) D-Link DWA-131 - V5.02b04 (HKLM-x32\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version: 5.00.0000 - D-Link) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\OneDriveSetup.exe) (Version: 21.109.0530.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 89.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 89.0.2 (x86 pt-BR)) (Version: 89.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 - Realtek Semiconductor Corp.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Packages: ========= Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-03] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation) [MS Ad] MSN Clima -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2021-07-06] (Microsoft Corporation) [MS Ad] ==================== Exame Personalizado CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-03-19 01:49 - 2019-03-19 01:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-400714347-516547821-1503872166-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-400714347-516547821-1503872166-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg DNS Servers: 200.169.119.222 - 200.169.119.221 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MozillaMaintenance => 3 HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\StartupApproved\Run: => "OneDrive" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{62565AD9-1E82-47F4-A9B6-30DBAA379E27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{9E838B19-07DC-44C3-9EC7-62F04FD895EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{969321D7-151A-4D33-8786-E24CA9C8C308}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{0692F06E-E0E5-4174-AB53-EC255C47F4DA}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\PortableWiFi.exe (D-LINK CORPORATION -> D-Link Corp.) FirewallRules: [UDP Query User{59684D04-B950-46FA-91FC-7353F85BFDAE}C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe => Nenhum Arquivo FirewallRules: [TCP Query User{596A7BFE-9CD2-466B-A7C4-B1E56BFEF841}C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe => Nenhum Arquivo FirewallRules: [{154DFF74-53C7-4D72-9D01-C895BA2293C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{618F3D23-BC4C-4225-8D62-FCBA7A5535D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F9A42304-F829-404B-B6AC-B69B24632EBD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D4158276-6CE5-448B-8DCD-079049EE71D8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9AB31CFF-8DB3-400E-BE7D-1345422DA005}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F51070C0-0430-4116-B16E-D2A157D080AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5C494392-E07A-429D-A7D0-738D5616238B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{35872A06-0EBD-491F-9C28-EC977D9C92DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{187CF299-F8AF-4C1A-9C84-21F915FFD58D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{39BF65BC-E226-4385-B2FB-234C6328DF7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{45EC96E8-65C2-4E32-8AD1-D8C2187DCA2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{014BC51B-4FAE-473E-84F7-A6E4517FC15E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3AF037D3-710E-477C-BFFC-193177E4FC58}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Pontos de Restauração ========================= ATENÇÃO: A Restauração do Sistema está desabilitada (Total:110.93 GB) (Free:74.24 GB) (67%) ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (08/04/2021 11:03:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa SystemSettings.exe versão 10.0.19041.1081 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 5f4 Hora de Início: 01d78931fb671e8e Hora de Término: 4294967295 Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe ID do Relatório: cf711d2d-0800-4653-8df9-3f01dbf67a2e Nome completo do pacote com falha: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel Tipo com falha: Quiesce Error: (07/30/2021 02:44:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ShellExperienceHost.exe, versão: 10.0.19041.610, carimbo de data/hora: 0x5d4af3f4 Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.19041.1110, carimbo de data/hora: 0x4809adf2 Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000010bd3e ID do processo com falha: 0x1bcc Hora de início do aplicativo com falha: 0x01d7853c4141e794 Caminho do aplicativo com falha: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Caminho do módulo com falha: C:\WINDOWS\System32\KERNELBASE.dll ID do Relatório: 3044a2c2-d45c-4a24-b304-43ad661b2c9c Nome completo do pacote com falha: Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: App Error: (07/19/2021 08:30:19 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa SystemSettings.exe versão 10.0.19041.1081 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 1264 Hora de Início: 01d77c90f8506838 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe ID do Relatório: 50093640-a8d4-4fbe-8fd1-524e1200f644 Nome completo do pacote com falha: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel Tipo com falha: Quiesce Error: (07/15/2021 09:05:07 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa SystemSettings.exe versão 10.0.19041.1081 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 4dc Hora de Início: 01d7797024afaed0 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe ID do Relatório: de651d3a-0c45-478e-8954-8b7028da131a Nome completo do pacote com falha: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel Tipo com falha: Quiesce Error: (07/10/2021 10:55:04 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={A4AE9779-CB40-46D7-9AFB-CCED617F0A56}: o usuário DESKTOP-5J8O8HF\Famaqui discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 797. Error: (07/06/2021 02:29:27 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa UIMain.exe versão 1.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 914 Hora de Início: 01d7728c6cd0c106 Hora de Término: 214 Caminho do Aplicativo: C:\Program Files (x86)\Claro 3G\UIMain.exe ID do Relatório: 858f0029-0b13-41bf-bc57-1e36d8b9b291 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Tipo com falha: Unknown Error: (07/06/2021 02:28:40 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={DB9D500B-5843-49B2-BAF2-DA8A5DBE8E11}: o usuário DESKTOP-5J8O8HF\Famaqui discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 720. Error: (07/06/2021 02:26:24 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={50E7B95B-2AE3-44EC-BCCA-93084B58F816}: o usuário DESKTOP-5J8O8HF\Famaqui discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 618. Erros de Sistema: ============= Error: (08/03/2021 08:27:57 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT) Description: Verificação de volume criptografado: as informações de volume em H: não podem ser lidas. Error: (07/30/2021 03:56:03 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 03:52:02 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 03:48:00 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 03:43:58 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 12:58:07 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 12:24:35 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/29/2021 09:35:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5J8O8HF) Description: O servidor Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca não se registrou no DCOM dentro do tempo limite necessário. Windows Defender: ================ Date: 2021-08-04 10:19:13 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {9AA06346-1B97-4062-8034-A9D05C7C9D4D} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-08-02 09:07:34 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {BE328646-056C-4EF3-8FD5-C8E98E41AFC4} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-30 09:23:00 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {D70AEAA1-A2FF-4A52-9A47-8B2536172CDE} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-29 09:08:52 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {D9CD6D42-D3D6-4703-98F5-2CFEBFB87C32} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-28 09:24:17 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {EFA45D3B-95F3-4470-BF18-48FA10EE65B3} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-22 08:56:15 Description: Microsoft Defender Antivírus encontrou um erro ao tentar carregar a inteligência de segurança e tentará reverter para uma versão válida. Tentativa de Inteligência de Segurança: Backup Código de Erro: 0x80004004 Descrição do Erro: Operação anulada Versão da Inteligência de Segurança: 1.343.1390.0;1.343.1390.0 Versão do Mecanismo: 1.1.18300.4 Date: 2021-07-22 08:56:14 Description: Microsoft Defender Antivírus encontrou um erro ao tentar carregar a inteligência de segurança e tentará reverter para uma versão válida. Tentativa de Inteligência de Segurança: Atual Código de Erro: 0x80004004 Descrição do Erro: Operação anulada Versão da Inteligência de Segurança: 1.343.1461.0;1.343.1461.0 Versão do Mecanismo: 1.1.18300.4 ==================== Informações da Memória =========================== BIOS: Itautec ST 4253, 0006- SL2 01/20/2009 placa-mãe: Itautec S.A. ST 4253 Processador: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz Percentagem de memória em uso: 81% RAM física total: 2038.24 MB RAM física disponível: 370.3 MB Virtual Total: 5778.59 MB Virtual disponível: 1025.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:110.93 GB) (Free:74.24 GB) NTFS Drive f: (DWA-131) (CDROM) (Total:0.11 GB) (Free:0 GB) UDF Drive g: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS \\?\Volume{2bd2c32a-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.35 GB) (Free:0.32 GB) NTFS \\?\Volume{2bd2c32a-0000-0000-0000-20d21b000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=524 MB) - (Type=27) ==================== Fim de Addition.txt ======================= -
[Arquivado] Arquivos com datas de criação/último acesso de 2030, 2040,...
Annluciap respondeu ao tópico de Annluciap em Tópicos Arquivados (Seguranca & Malwares)
Boa noite, DigRam! Desculpa pela demora. Minha máquina parou de funcionar. Problema com a placa mãe e não teve como consertar. Restou apenas o HD interno que com um case agora é um HD externo. Por isso peço, por favor, para arquivar esse tópico, ok? Obrigada! -
[Arquivado] Arquivos com datas de criação/último acesso de 2030, 2040,...
Annluciap respondeu ao tópico de Annluciap em Tópicos Arquivados (Seguranca & Malwares)
Boa noite, DigRam! O computador está menos lento pós limpeza! O que aconteceu hoje foi de novo um malware em outro pendrive. Não usava esse pendrive há muito tempo. Utilizando o UsbFix foi detectado um malware em um arquivo. Esse arquivo foi para a quarentena. Eu acabei não gerando o relatório. Posteriormente, eu utilizei de novo a ferramenta UsbFix e seguem abaixo os relatórios. Obrigada novamente! # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : Windows # User : Ivan (Administrator) # Device : IVAN-PC # Started : 21/04/2021 19:06:06 # ---------------------------------------------------- ------------ | Analyzed disks | C:\ NTFS (208GB/465GB) [Fixed] ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe, 04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe 04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade 04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe 04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe ------------ | Tasks | Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync ------------ | C:\ %SystemDrive% - Fixed drive (NTFS) | [13/09/2016 - 21:50:20 | A | 1 Ko] - DelFix.txt [21/04/2021 - 17:37:07 | ASH | 8 Ko] - DumpStack.log.tmp [21/04/2021 - 17:37:06 | ASH | 3138180 Ko] - hiberfil.sys [21/04/2021 - 17:37:07 | ASH | 2359296 Ko] - pagefile.sys [21/04/2021 - 17:37:07 | ASH | 262144 Ko] - swapfile.sys [06/10/2015 - 20:26:43 | A | 1 Ko] - .rnd [10/06/2020 - 20:06:24 | SHD] - Config.Msi [06/03/2017 - 22:23:55 | A | 2 Ko] - console.log [13/04/2021 - 11:10:37 | ASH | 8 Ko] - DumpStack.log [25/09/2018 - 12:02:57 | SH | 0 Ko] - bootTel.dat [30/11/2020 - 22:43:52 | SHD] - $Recycle.Bin [14/07/2009 - 02:08:56 | SHD] - Documents and Settings [12/11/2013 - 09:06:26 | SHD] - Arquivos de Programas [12/11/2013 - 10:20:06 | RHD] - MSOCache [06/02/2014 - 12:56:19 | D] - Php2 [06/02/2014 - 13:13:19 | D] - PHP [06/07/2014 - 15:26:11 | D] - ODF_MAINFRAME [15/12/2014 - 09:21:55 | D] - temp [06/02/2015 - 16:28:10 | D] - Level up [01/09/2015 - 10:08:30 | D] - MySQL_1 [23/09/2015 - 01:08:37 | D] - 3aeb140115f410706a411c [30/10/2015 - 04:18:34 | ASH | 0 Ko] - BOOTNXT [07/09/2017 - 21:37:32 | D] - dosprog [02/03/2018 - 14:47:49 | HD] - $SysReset [03/03/2018 - 12:13:01 | RSHD] - Office Activation Technologies [24/03/2018 - 15:36:46 | D] - Sierra [25/01/2019 - 12:02:04 | D] - instaldor [28/01/2019 - 22:05:43 | D] - Jogos [26/05/2019 - 18:37:51 | HD] - VTRoot [22/09/2019 - 20:11:51 | D] - Boruto [07/12/2019 - 06:14:52 | D] - PerfLogs [11/07/2020 - 22:42:25 | D] - Python [26/09/2020 - 18:38:31 | HD] - $WinREAgent [29/09/2020 - 01:55:27 | SHD] - Recovery [14/11/2020 - 21:30:44 | D] - SecurityCheck [30/11/2020 - 16:58:48 | HD] - ProgramData [22/03/2021 - 12:07:29 | RD] - Users [22/03/2021 - 12:09:00 | RD] - Program Files [26/03/2021 - 16:11:16 | RD] - Program Files (x86) [28/03/2021 - 16:25:14 | D] - FRST [10/04/2021 - 20:19:32 | D] - Arquivos de Programas RFB [20/04/2021 - 18:30:01 | D] - Windows Infected elements : 0 Analyzed elements : 86318 in 00h 00m 23s # UsbFix-Report-47.txt [6740B] ------------ | E.O.F | # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : Shell Menu # User : Ivan (Administrator) # Device : IVAN-PC # Started : 21/04/2021 19:29:24 # ---------------------------------------------------- ------------ | Analyzed disks | H:\ FAT32 (2GB/4GB) [Removable] ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe, 04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe 04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade 04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe 04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe ------------ | Tasks | Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync ------------ | H:\ - Removable drive (FAT32) | [15/06/2013 - 09:35:56 | N | 0 Ko] - ~$Fromages_2013.pptx [10/04/2021 - 20:32:02 | D] - autorun.inf [12/04/2012 - 21:33:58 | D] - Backup pen drive [12/04/2012 - 21:34:48 | D] - Backup pendrive [12/04/2012 - 21:34:50 | D] - Arquivos 15 [12/04/2012 - 21:34:52 | D] - Arquivos 14 [12/04/2012 - 21:34:56 | D] - Arquivos 13 [17/11/2012 - 14:47:46 | D] - Arquivos 12 [17/11/2012 - 14:48:48 | D] - Arquivos 11 [17/11/2012 - 14:49:08 | D] - Arquivos 10 [19/11/2013 - 15:29:16 | D] - Arquivos 9 [25/02/2014 - 15:46:00 | D] - Arquivos 8 [24/11/2014 - 19:41:56 | D] - Arquivos 6 [27/02/2015 - 13:15:48 | D] - Arquivos 5 [23/09/2015 - 18:11:04 | D] - Arquivos 4 [06/06/2017 - 13:59:10 | D] - Arquivos 3 [10/08/2017 - 17:06:52 | D] - Arquivos 2 [19/09/2019 - 10:43:26 | D] - Arquivos 1 [21/04/2021 - 19:28:30 | RD] - Desktop Infected elements : 0 Analyzed elements : 9227 in 00h 00m 01s # UsbFix-Report-52.txt [5648B] ------------ | E.O.F | -
[Arquivado] Arquivos com datas de criação/último acesso de 2030, 2040,...
Annluciap respondeu ao tópico de Annluciap em Tópicos Arquivados (Seguranca & Malwares)
Boa tarde, DigRam! Segue abaixo o relatório. Obrigada. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 28-03-2021 Executado por Ivan (28-03-2021 16:01:53) Run:4 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: Ivan & Ana & postgres Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: Createrestorepoints: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe" HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe" Task: {166C390A-1AC0-4A57-9FB9-89C3C873F4D9} - \Adobe Flash Player Updater -> Nenhum Arquivo <==== ATENÇÃO Task: {D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6" SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000 -> URL hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_25050030005_76.0.3809.132_u_ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1004 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=82_25050004005_65.0.2.15_u_ds&p={searchTerms} FirewallRules: [UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo FirewallRules: [UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo FirewallRules: [{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo FirewallRules: [{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo EmptyTemp: Reboot: ***************** Processos fechados com sucesso. Createrestorepoints: => Erro: Nenhuma correção automática foi encontrada para esta entrada. HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso. HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk => Atalho argumento removido (a) com sucesso. "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL" => removido (a) com sucesso. HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}" => removido (a) com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 12607488 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 195212909 B Java, Flash, Steam htmlcache => 1095 B Windows/system/drivers => 141098158 B Edge => 0 B Chrome => 2284501 B Firefox => 1138797994 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 9019374 B Ivan => 1183767532 B Ana => 1441549614 B postgres => 1441549614 B RecycleBin => 775424631 B EmptyTemp: => 5.9 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 16:08:56 ====