Annluciap

Bom dia! Ao verificar o PC com o AVAST foram detectados 4 trojans, conforme imagem abaixo. Seguem logs da FRST: FRST https://www.cjoint.com/c/LHjcUPvaR3o Addition https://www.cjoint.com/c/LHjcVYEMlJo Podes me ajudar, por favor? Obrigada.

Boa tarde, DigRam! Agora está tudo ok com o computador. Muitíssimo obrigada pelo auxílio.

Boa noite, DigRam! Procedimentos executados, conforme log abaixo: # Run at 14/09/2022 23:25:07 # KpRm (Kernel-panik) version 2.9.3 # Website https://kernel-panik.me/tool/kprm/ # Run by usuario from C:\Users\Ana\Desktop # Computer Name: DESKTOP-HTI9PPS # OS: Windows 10 X64 (19044) # Number of passes: 1 - Checked options - ~ Delete Tools ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines - Delete Tools - ## FRST [OK] \FRST deleted - Clear Restore Points - ~ [OK] RP named Instalador de Módulos do Windows created at 08/27/2022 16:46:28 deleted [OK] All system restore points have been successfully deleted - Create Restore Point - [OK] System Restore Point created - Display System Restore Point - ~ RP named KpRm created at 09/15/2022 02:26:05 -- KPRM finished in 249.31s -- Muito obrigada novamente!

Boa noite, DigRam! Agradeço o pronto retorno. Segue o log: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 30-08-2022 Executado por usuario (12-09-2022 22:21:06) Run:2 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: usuario & Ivan & Ana & Administrador Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** Start:: C:\Program Files\Avast Software\Avast\aswAMSI.dll C:\Program Files\Avast Software\Avast C:\Program Files\Avast Software 2022-09-07 22:46 - 2022-06-07 10:57 - 000000000 ____D C:\Users\Ivan\AppData\Local\Avast Software 2022-09-07 22:46 - 2022-06-03 12:52 - 000000000 ____D C:\ProgramData\Avast Software ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe (Nenhum Arquivo) CMD: net start vss CMD: sfc /scannow EmptyTemp: End:: ***************** "C:\Program Files\Avast Software\Avast\aswAMSI.dll" => não encontrado (a) "C:\Program Files\Avast Software\Avast" => não encontrado (a) "C:\Program Files\Avast Software" => não encontrado (a) C:\Users\Ivan\AppData\Local\Avast Software => movido com sucesso C:\ProgramData\Avast Software => movido com sucesso "C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe" => não encontrado (a) ========= net start vss ========= O servi‡o de C¢pia de Sombra de Volume est sendo iniciado. O servi‡o de C¢pia de Sombra de Volume foi iniciado com ˆxito. ========= Fim de CMD: ========= ========= sfc /scannow ========= Iniciando verificação de arquivos. O processo levará alguns minutos para ser concluído. Iniciando fase de verificação de verificação do sistema. Verificação 0% concluída. Verificação 1% concluída. Verificação 1% concluída. Verificação 2% concluída. Verificação 3% concluída. Verificação 3% concluída. Verificação 4% concluída. Verificação 5% concluída. Verificação 5% concluída. Verificação 6% concluída. Verificação 7% concluída. Verificação 7% concluída. Verificação 8% concluída. Verificação 9% concluída. Verificação 9% concluída. Verificação 10% concluída. Verificação 11% concluída. Verificação 11% concluída. Verificação 12% concluída. Verificação 12% concluída. Verificação 13% concluída. Verificação 14% concluída. Verificação 14% concluída. Verificação 15% concluída. Verificação 16% concluída. Verificação 16% concluída. Verificação 17% concluída. Verificação 18% concluída. Verificação 18% concluída. Verificação 19% concluída. Verificação 20% concluída. Verificação 20% concluída. Verificação 21% concluída. Verificação 22% concluída. Verificação 22% concluída. Verificação 23% concluída. Verificação 23% concluída. Verificação 24% concluída. Verificação 25% concluída. Verificação 25% concluída. Verificação 26% concluída. Verificação 27% concluída. Verificação 27% concluída. Verificação 28% concluída. Verificação 29% concluída. Verificação 29% concluída. Verificação 30% concluída. Verificação 31% concluída. Verificação 31% concluída. Verificação 32% concluída. Verificação 33% concluída. Verificação 33% concluída. Verificação 34% concluída. Verificação 34% concluída. Verificação 35% concluída. Verificação 36% concluída. Verificação 36% concluída. Verificação 37% concluída. Verificação 38% concluída. Verificação 38% concluída. Verificação 39% concluída. Verificação 40% concluída. Verificação 40% concluída. Verificação 41% concluída. Verificação 42% concluída. Verificação 42% concluída. Verificação 43% concluída. Verificação 44% concluída. Verificação 44% concluída. Verificação 45% concluída. Verificação 45% concluída. Verificação 46% concluída. Verificação 47% concluída. Verificação 47% concluída. Verificação 48% concluída. Verificação 49% concluída. Verificação 49% concluída. Verificação 50% concluída. Verificação 51% concluída. Verificação 51% concluída. Verificação 52% concluída. Verificação 53% concluída. Verificação 53% concluída. Verificação 54% concluída. Verificação 55% concluída. Verificação 55% concluída. Verificação 56% concluída. Verificação 56% concluída. Verificação 57% concluída. Verificação 58% concluída. Verificação 58% concluída. Verificação 59% concluída. Verificação 60% concluída. Verificação 60% concluída. Verificação 61% concluída. Verificação 62% concluída. Verificação 62% concluída. Verificação 63% concluída. Verificação 64% concluída. Verificação 64% concluída. Verificação 65% concluída. Verificação 66% concluída. Verificação 66% concluída. Verificação 67% concluída. Verificação 67% concluída. Verificação 68% concluída. Verificação 69% concluída. Verificação 69% concluída. Verificação 70% concluída. Verificação 71% concluída. Verificação 71% concluída. Verificação 72% concluída. Verificação 73% concluída. Verificação 73% concluída. Verificação 74% concluída. Verificação 75% concluída. Verificação 75% concluída. Verificação 76% concluída. Verificação 77% concluída. Verificação 77% concluída. Verificação 78% concluída. Verificação 78% concluída. Verificação 79% concluída. Verificação 80% concluída. Verificação 80% concluída. Verificação 81% concluída. Verificação 82% concluída. Verificação 82% concluída. Verificação 83% concluída. Verificação 84% concluída. Verificação 84% concluída. Verificação 85% concluída. Verificação 86% concluída. Verificação 86% concluída. Verificação 87% concluída. Verificação 88% concluída. Verificação 88% concluída. Verificação 89% concluída. Verificação 89% concluída. Verificação 90% concluída. Verificação 91% concluída. Verificação 91% concluída. Verificação 92% concluída. Verificação 93% concluída. Verificação 93% concluída. Verificação 94% concluída. Verificação 95% concluída. Verificação 95% concluída. Verificação 96% concluída. Verificação 97% concluída. Verificação 97% concluída. Verificação 98% concluída. Verificação 99% concluída. Verificação 99% concluída. Verificação 100% concluída. A Proteção de Recursos do Windows encontrou arquivos corrompidos e os reparou com êxito. Para reparos online, os detalhes são incluídos no arquivo de log CBS localizado em windir\Logs\CBS\CBS.log. Por exemplo, C:\Windows\Logs\CBS\CBS.log. Para reparos offline, os detalhes são incluídos no arquivo de log fornecido pelo sinalizador /OFFLOGFILE. ========= Fim de CMD: ========= =========== EmptyTemp: ========== FlushDNS => completado BITS transfer queue => 1572864 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27350912 B Java, Discord, Steam htmlcache => 0 B Windows/system/drivers => 522662616 B Edge => 0 B Chrome => 8272285 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 30538 B NetworkService => 58480 B usuario => 235985736 B Ivan => 297342968 B Ana => 475909882 B Administrador => 518897128 B RecycleBin => 482949 B EmptyTemp: => 1.9 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 22:43:29 ==== Obrigada.

Boa noite, DigRam! Sim, desinstalei o AVAST. Seguem os logs da FRST. Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 30-08-2022 Executado por usuario (11-09-2022 21:33:22) Executando a partir de C:\Users\Ana\Desktop Microsoft Windows 10 Pro Versão 21H2 19044.1889 (X64) (2022-06-03 04:27:41) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-1607871373-324708402-1829963724-500 - Administrator - Disabled) => C:\Users\Administrador Ana (S-1-5-21-1607871373-324708402-1829963724-1004 - Limited - Enabled) => C:\Users\Ana Convidado (S-1-5-21-1607871373-324708402-1829963724-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1607871373-324708402-1829963724-503 - Limited - Disabled) Ivan (S-1-5-21-1607871373-324708402-1829963724-1002 - Limited - Enabled) => C:\Users\Ivan usuario (S-1-5-21-1607871373-324708402-1829963724-1001 - Administrator - Enabled) => C:\Users\usuario WDAGUtilityAccount (S-1-5-21-1607871373-324708402-1829963724-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 104.0.5112.102 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.13 - Google LLC) Hidden LibreOffice 7.3.4.2 (HKLM\...\{C9090ED0-F3EE-4FF2-A3E1-0F2598FC7107}) (Version: 7.3.4.2 - The Document Foundation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 105.0.1343.33 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 105.0.1343.33 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1607871373-324708402-1829963724-1001\...\OneDriveSetup.exe) (Version: 22.131.0619.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1607871373-324708402-1829963724-1002\...\OneDriveSetup.exe) (Version: 22.166.0807.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1607871373-324708402-1829963724-1004\...\OneDriveSetup.exe) (Version: 22.166.0807.0002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1607871373-324708402-1829963724-500\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 104.0.1 (x64 pt-BR)) (Version: 104.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 101.0 - Mozilla) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.) VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation) Packages: ========= Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.33.1.0_x64__6rarf9sa4v8jt [2022-07-21] (Disney) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0 [2022-07-21] (Spotify AB) [Startup Task] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2022-06-02 22:41 - 2022-06-02 22:33 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-1607871373-324708402-1829963724-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\usuario\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg HKU\S-1-5-21-1607871373-324708402-1829963724-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ivan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg HKU\S-1-5-21-1607871373-324708402-1829963724-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg HKU\S-1-5-21-1607871373-324708402-1829963724-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg DNS Servers: 181.213.132.4 - 181.213.132.5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{9ED7F1AD-A841-4C06-ADCE-7B53934E6508}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{A5966836-EA2B-4748-A278-0266A050293B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4E77945E-7AE6-4AC9-B3BE-050E855E4091}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C85D41C2-3040-4716-8F5E-243B803CAAF5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5F25F6BA-B5D3-429E-8E4D-75260FE09651}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{0FC8DA75-4468-4F9F-B974-BDE669BECE19}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{77220A3A-0A96-41AE-949C-4553FE73E6E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E6DC7F5D-38BA-404F-BE50-12423135001C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D3CDBCA9-376D-4705-A145-A845DCFF3A08}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{320CEC17-2B34-45EB-8F4E-DA08D820AAD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.190.859.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{953C5E34-CEAA-4F7E-8297-1C2FA5C6F48D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{49B67BD3-763F-4F73-B634-CCA3F44EE158}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7592B8C9-AF6D-4C88-BAA6-7D2E78A6FD35}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9DE62BBE-B7D7-488B-8AFE-7DF0B361776C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{101BFF52-7E4F-46FF-A3B6-9ED1307A5C0E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{9782DCDA-AA49-4A87-B57B-DCCAE7339AC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7A400715-347E-4729-A865-509540A02A50}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{61DCA21F-6C5E-419D-9773-0BA15B058F78}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{180BBF31-D1D0-4EAB-B282-025139A5AB95}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{14C833D8-E804-41EE-BC68-101ACB777EEA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{AB4159D7-F56D-458B-B1BF-830F15E7A0DE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{1F018551-B242-45BC-BC10-B553718CB2D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2B1B6495-B026-4AF8-AFDC-9C595A093A40}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.192.647.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{71313888-3EEE-486B-BE25-0DD13B38DEB7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\105.0.1343.33\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Pontos de Restauração ========================= 27-08-2022 13:46:28 Instalador de Módulos do Windows ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (09/07/2022 10:45:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Error: (09/07/2022 10:45:00 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado. ] Error: (09/07/2022 10:45:00 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Error: (09/07/2022 10:45:00 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado. ] Error: (09/07/2022 10:44:31 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina QueryFullProcessImageNameW. hr = 0x80070006, Identificador inválido. . Operação: Executando Operação Assíncrona Contexto: Estado Atual: DoSnapshotSet Error: (09/07/2022 10:42:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Tools since QueryServiceConfig API failed System Error: O sistema não pode encontrar o arquivo especificado. . Error: (09/07/2022 10:42:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed System Error: O sistema não pode encontrar o arquivo especificado. . Error: (09/07/2022 10:42:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details: AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed System Error: O sistema não pode encontrar o arquivo especificado. . Erros de Sistema: ============= Error: (09/10/2022 07:18:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor Microsoft.Windows.Photos_2022.30070.26007.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca não se registrou no DCOM dentro do tempo limite necessário. Error: (09/07/2022 10:42:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço. Error: (09/07/2022 10:23:40 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor Microsoft.Windows.CloudExperienceHost_10.0.19041.1266_neutral_neutral_cw5n1h2txyewy!App.wwa não se registrou no DCOM dentro do tempo limite necessário. Error: (09/07/2022 06:34:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço avast! Tools. Error: (09/03/2022 09:22:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (08/29/2022 09:15:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} não se registrou no DCOM dentro do tempo limite necessário. Error: (08/29/2022 09:15:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider não se registrou no DCOM dentro do tempo limite necessário. Error: (08/20/2022 08:55:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HTI9PPS) Description: O servidor {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} não se registrou no DCOM dentro do tempo limite necessário. Windows Defender: ================ Date: 2022-09-10 20:31:52 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {372E6CF3-91A5-4372-86E0-6B06E5C5BBA5} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Personalizada Usuário: DESKTOP-HTI9PPS\Ana Event[0]: Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Anti-spyware Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido Date: 2022-06-03 07:48:31 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.367.787.0 Fonte da Atualização: Centro de Proteção contra Malware da Microsoft Tipo da Inteligência de Segurança: Anti-spyware Tipo da atualização: Completa Usuário: AUTORIDADE NT\SERVIÇO DE REDE Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.19200.6 Código de Erro: 0x80072ee7 Descrição do Erro: O nome ou o endereço do servidor não pôde ser resolvido CodeIntegrity: =============== Date: 2022-09-07 21:40:40 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: Intel Corp. MUCDT10N.86A.0072.2012.0808.1512 08/08/2012 Processador: Intel(R) Atom(TM) CPU D2550 @ 1.86GHz Percentagem de memória em uso: 61% RAM física total: 4078.65 MB RAM física disponível: 1557.29 MB Virtual Total: 5230.65 MB Virtual disponível: 2713.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.2 GB) (Free:412.05 GB) (Model: WDC WD5000LPSX-75A6WT0) NTFS \\?\Volume{119ee62c-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS \\?\Volume{119ee62c-0000-0000-0000-305074000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 119EE62C) Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=519 MB) - (Type=27) ==================== Fim de Addition.txt ======================= Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 30-08-2022 Executado por usuario (administrador) em DESKTOP-HTI9PPS (OKI Brasil NT 2030) (11-09-2022 21:11:19) Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: usuario & Ana Plataforma: Microsoft Windows 10 Pro Versão 21H2 19044.1889 (X64) Idioma: Português (Brasil) Navegador padrão: Edge Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (C:\Windows\Temp\105.0.5195.102_104.0.5112.102_chrome_updater.exe143ef41e ->) (Google LLC -> Google LLC) C:\Windows\Temp\setup.exe143ef46d <2> (explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google LLC -> Google LLC) C:\Windows\Temp\105.0.5195.102_104.0.5112.102_chrome_updater.exe143ef41e (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe (svchost.exe ->) (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Ana\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKU\S-1-5-21-1607871373-324708402-1829963724-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1607871373-324708402-1829963724-1002\...\Run: [MicrosoftEdgeAutoLaunch_99DFD1DBCEBA60FBA29D574434545D6C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3795360 2022-09-08] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-1607871373-324708402-1829963724-1002\...\MountPoints2: {d385b256-e2fd-11ec-88f2-0040a730d4b2} - "D:\Windows/AutoRun.exe" HKU\S-1-5-21-1607871373-324708402-1829963724-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1607871373-324708402-1829963724-1004\...\MountPoints2: {d385b256-e2fd-11ec-88f2-0040a730d4b2} - "D:\Windows/AutoRun.exe" HKU\S-1-5-21-1607871373-324708402-1829963724-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [809472 2019-12-07] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\104.0.5112.102\Installer\chrmstp.exe [2022-08-22] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk [2022-02-13] ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe (Nenhum Arquivo) ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {1DFA9538-DA23-40EF-A055-2EE2B817EFB4} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {29D9B7E3-6464-4EA4-B7E7-671648C1FB7C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3137D7CC-5C23-4652-BBA6-00FEBA800FFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2022-06-03] (Google Inc -> Google LLC) Task: {36CAB00C-E24D-45CA-A28D-4845D3FAD85E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4CF81ED3-4AB0-4EFB-AD18-3A7BD657AC50} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" Task: {672FA625-773E-4CD5-9D9D-647676E50E9C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2022-06-03] (Google Inc -> Google LLC) Task: {86F6577D-F715-4A06-88BF-3D2AED5DDDBB} - System32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1607871373-324708402-1829963724-1001_0 => {5ded83ef-1e99-48cf-bf83-676d2a6db408} C:\Windows\System32\oobe\UserOOBE.dll [417280 2022-07-16] (Microsoft Windows -> Microsoft Corporation) Task: {A2CB4B5C-A40A-45F0-88FF-FAC34B3F9469} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {AB1B5401-1189-4220-8B96-7A3CD02BB5DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe [1335960 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C7ABDEC0-5E67-44F8-B2A6-2C15E18B8BF9} - System32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1607871373-324708402-1829963724-1004_0 => {5ded83ef-1e99-48cf-bf83-676d2a6db408} C:\Windows\System32\oobe\UserOOBE.dll [417280 2022-07-16] (Microsoft Windows -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 181.213.132.4 181.213.132.5 Tcpip\..\Interfaces\{6F704B69-8B2D-4AB7-8143-D60EFC95CCC2}: [NameServer] 200.169.119.222 200.169.119.221 Tcpip\..\Interfaces\{b052f0e5-f5da-49a4-9775-a9709ced9f66}: [DhcpNameServer] 181.213.132.4 181.213.132.5 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\usuario\AppData\Local\Microsoft\Edge\User Data\Default [2022-07-21] Edge Extension: (Video DownloadHelper) - C:\Users\usuario\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmkaglaafmhbcpleggkmaliipiilhldn [2022-06-06] Chrome: ======= CHR Profile: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default [2022-06-03] CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Extension: (Apresentações) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2022-06-03] CHR Extension: (Documentos) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2022-06-03] CHR Extension: (Google Drive) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2022-06-03] CHR Extension: (YouTube) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2022-06-03] CHR Extension: (Planilhas) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2022-06-03] CHR Extension: (Documentos Google off-line) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-03] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-03] CHR Extension: (Gmail) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2022-06-03] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6255896 2022-08-15] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\NisSrv.exe [3125112 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe [133560 2022-09-07] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [287744 2022-05-18] (Microsoft Corporation) [Arquivo não assinado] S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 pelmouse; C:\WINDOWS\System32\drivers\pelmouse.sys [26880 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.) S3 pelusblf; C:\WINDOWS\System32\drivers\pelusblf.sys [33048 2016-07-11] (WDKTestCert idd,131110062695071623 -> ) S3 pelvendr; C:\WINDOWS\System32\drivers\pelvendr.sys [15032 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.) S3 phidmice; C:\WINDOWS\System32\drivers\phidmice.sys [33048 2016-07-11] (WDKTestCert idd,131110062695071623 -> ) S3 pmouself; C:\WINDOWS\System32\drivers\pmouself.sys [26880 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.) S3 pvendrlf; C:\WINDOWS\System32\drivers\pvendrlf.sys [15032 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [65144 2021-10-08] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49576 2022-09-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [453904 2022-09-07] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [94480 2022-09-07] (Microsoft Windows -> Microsoft Corporation) S3 massfilter; \SystemRoot\System32\drivers\massfilter.sys [X] S3 ZTEusbmdm6k; \SystemRoot\system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; \SystemRoot\system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; \SystemRoot\system32\DRIVERS\ZTEusbser6k.sys [X] ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-09-11 21:11 - 2022-09-11 21:16 - 000012476 _____ C:\Users\Ana\Desktop\FRST.txt 2022-09-07 22:49 - 2022-09-07 22:49 - 000002245 _____ C:\Users\Ana\Desktop\Google Chrome.lnk 2022-09-07 22:42 - 2022-09-07 22:42 - 000000000 ____D C:\Users\Ana\Desktop\FRST-OlderVersion 2022-09-07 22:31 - 2022-09-07 22:31 - 000004036 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1607871373-324708402-1829963724-1004_0 2022-09-07 22:27 - 2022-09-07 22:27 - 000004036 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-1607871373-324708402-1829963724-1001_0 2022-09-07 22:14 - 2022-09-07 22:14 - 000000640 _____ C:\Users\Ivan\Desktop\fixlist.txt 2022-09-07 22:10 - 2022-09-07 22:10 - 000000000 ____D C:\Users\usuario\AppData\Local\PeerDistRepub 2022-09-03 13:11 - 2022-09-07 22:46 - 000000000 ____D C:\Program Files\Mozilla Firefox 2022-08-29 21:11 - 2022-08-29 21:11 - 000004094 _____ C:\Users\Ivan\Documents\Mainframe.pdf 2022-08-29 21:08 - 2022-08-29 21:08 - 001025711 _____ C:\Users\Ivan\Downloads\ED_1_2022_BANRISUL_ABERTURA.PDF 2022-08-29 20:46 - 2022-08-29 20:59 - 000004094 _____ C:\Users\Ivan\Documents\Mainframe.txt 2022-08-29 20:44 - 2022-08-29 20:44 - 000002100 _____ C:\Users\Ivan\Documents\conhecimento geral.txt 2022-08-27 19:37 - 2022-08-27 19:37 - 000295152 _____ C:\Users\Ivan\Downloads\comprovante de inscrição_banrisul.pdf 2022-08-27 19:13 - 2022-08-27 19:13 - 000000000 ____D C:\Users\Ivan\Documents\BANRISUL_Suporte_Infraestrutura_Tecn_Informacao 2022-08-27 19:03 - 2022-08-26 18:23 - 052387394 _____ C:\Users\Ivan\Desktop\BANRISUL_Suporte_Infraestrutura_Tecn_Informacao.zip 2022-08-17 21:33 - 2022-08-17 21:33 - 000000000 ____D C:\Users\Ivan\AppData\Local\OneDrive 2022-08-15 19:01 - 2022-08-15 19:01 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2022-08-15 19:01 - 2022-08-15 19:01 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2022-08-15 19:00 - 2022-08-15 19:00 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-08-15 18:58 - 2022-08-15 18:58 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2022-08-15 18:56 - 2022-08-15 18:56 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll 2022-08-15 18:56 - 2022-08-15 18:56 - 000162304 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2022-08-15 18:56 - 2022-08-15 18:56 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2022-08-15 18:56 - 2022-08-15 18:56 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2022-08-15 17:49 - 2022-08-15 17:49 - 000000000 ___HD C:\$WinREAgent 2022-08-12 14:56 - 2022-08-12 14:56 - 000056308 _____ C:\Users\Ivan\Downloads\Concurso.pdf ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-09-11 21:32 - 2022-06-02 22:41 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-09-11 21:14 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-09-11 21:13 - 2022-08-08 23:16 - 000000000 ____D C:\FRST 2022-09-11 21:13 - 2022-06-02 22:41 - 000000000 ___HD C:\Program Files\WindowsApps 2022-09-11 21:08 - 2022-06-03 02:13 - 000000000 ____D C:\Program Files (x86)\Google 2022-09-10 20:28 - 2022-06-02 23:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-09-10 19:21 - 2022-06-02 23:49 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-09-10 19:21 - 2021-11-25 10:12 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-09-07 22:54 - 2022-06-03 00:36 - 001651882 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-09-07 22:54 - 2022-06-02 22:55 - 000715446 _____ C:\WINDOWS\system32\prfh0416.dat 2022-09-07 22:54 - 2022-06-02 22:55 - 000140602 _____ C:\WINDOWS\system32\prfc0416.dat 2022-09-07 22:54 - 2022-06-02 22:35 - 000000000 ____D C:\WINDOWS\INF 2022-09-07 22:48 - 2022-06-05 14:37 - 000000000 ____D C:\Users\Ana\Desktop\Ana 2022-09-07 22:46 - 2022-06-07 18:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-09-07 22:46 - 2022-06-07 10:57 - 000000000 ____D C:\Users\Ivan\AppData\Local\Avast Software 2022-09-07 22:46 - 2022-06-03 12:52 - 000000000 ____D C:\ProgramData\Avast Software 2022-09-07 22:46 - 2022-06-02 23:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-09-07 22:46 - 2021-11-25 10:09 - 000008192 ___SH C:\DumpStack.log.tmp 2022-09-07 22:45 - 2022-06-02 22:15 - 001310720 _____ C:\WINDOWS\system32\config\BBI 2022-09-07 22:42 - 2022-08-08 23:13 - 002371072 _____ (Farbar) C:\Users\Ana\Desktop\FRST64.exe 2022-09-07 22:39 - 2022-06-05 13:05 - 000000000 ____D C:\Users\Ana\AppData\Local\Packages 2022-09-07 22:37 - 2022-06-03 02:09 - 000000000 ____D C:\Program Files (x86)\InstallAffixationInfo 2022-09-07 22:37 - 2022-02-12 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro 3G 2022-09-07 22:35 - 2022-06-05 14:13 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1607871373-324708402-1829963724-1004 2022-09-07 22:35 - 2022-06-05 14:10 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1607871373-324708402-1829963724-1004 2022-09-07 22:35 - 2022-06-05 14:10 - 000002379 _____ C:\Users\Ana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-09-07 22:24 - 2022-06-02 23:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-09-07 22:13 - 2022-02-12 19:06 - 000000000 ____D C:\Users\Ivan\AppData\LocalLow\Mozilla 2022-09-07 21:43 - 2022-06-03 01:52 - 000000000 ____D C:\Users\Ivan\AppData\Local\Packages 2022-09-07 18:41 - 2022-06-21 19:36 - 000000000 ____D C:\Users\Ivan\AppData\Local\CrashDumps 2022-09-07 18:36 - 2022-02-13 10:36 - 000000000 ___RD C:\Users\Ivan\OneDrive 2022-09-03 20:12 - 2022-06-07 18:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-09-03 20:11 - 2022-06-07 18:09 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-09-03 10:26 - 2022-06-02 22:19 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-09-03 09:05 - 2022-06-07 10:33 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1607871373-324708402-1829963724-1002 2022-09-03 09:05 - 2022-06-03 02:01 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1607871373-324708402-1829963724-1002 2022-09-03 09:05 - 2022-06-03 00:10 - 000002382 _____ C:\Users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-08-29 21:14 - 2022-06-07 18:10 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2022-08-29 20:23 - 2022-06-03 13:40 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2022-08-29 20:23 - 2022-06-03 13:40 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2022-08-24 22:07 - 2022-06-04 09:37 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1607871373-324708402-1829963724-1001 2022-08-24 22:07 - 2022-06-03 03:19 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1607871373-324708402-1829963724-500 2022-08-24 22:07 - 2022-06-03 03:16 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1607871373-324708402-1829963724-500 2022-08-24 22:07 - 2022-06-03 02:15 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1607871373-324708402-1829963724-1001 2022-08-24 22:07 - 2022-06-02 23:49 - 000003602 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-08-24 22:07 - 2022-06-02 23:49 - 000003378 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-08-22 23:14 - 2021-11-25 10:46 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-08-15 20:12 - 2022-06-02 23:35 - 000456888 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\SystemResources 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\ShellExperiences 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2022-08-15 20:07 - 2022-06-02 22:41 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2022-08-15 18:55 - 2022-06-02 23:50 - 003011072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2022-08-15 16:34 - 2022-06-02 22:41 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2022-08-15 16:28 - 2022-06-03 12:56 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-08-12 21:18 - 2022-06-03 00:10 - 000000000 ____D C:\Users\Ivan 2022-08-12 21:17 - 2022-06-03 12:55 - 144534560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-08-12 21:11 - 2022-06-03 03:11 - 000000000 ____D C:\Users\Administrador ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Obrigada!

Boa noite, DigRam! Desculpa pela demora. Seguem abaixo os logs: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 30-08-2022 Executado por usuario (07-09-2022 22:42:28) Run:1 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: usuario & Ana & Administrador Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** Start:: Closeprocesses: SystemRestore: On CreateRestorePoint: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restrição <==== ATENÇÃO HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restrição <==== ATENÇÃO ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe (Nenhum Arquivo) HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO cmd: ECHO Y|CHKDSK C: /F Comment: Use Farbar routine to delete temp files C:\Windows\Temp\*.* C:\WINDOWS\system32\*.tmp C:\WINDOWS\syswow64\*.tmp Comment: The system will restart. Reboot: End:: ***************** Processos fechados com sucesso. SystemRestore: On => completado Ponto de Restauração criado com sucesso. HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiSpyware => Erro ao configurar valor. HKLM\SOFTWARE\Microsoft\Windows Defender\\DisableAntiVirus => Erro ao configurar valor. "C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe" => não encontrado (a) HKLM\SOFTWARE\Policies\Mozilla => removido (a) com sucesso. ========= ECHO Y|CHKDSK C: /F ========= O tipo do sistema de arquivos ‚ NTFS. NÆo ‚ poss¡vel bloquear a unidade atual. NÆo ‚ poss¡vel executar o CHKDSK porque o volume est sendo usado por outro processo. Deseja agendar a verifica‡Æo deste volume para a pr¢xima vez em que o sistema for reiniciado? (S/N) Y NÆo ‚ poss¡vel executar o CHKDSK porque o volume est sendo usado por outro processo. Deseja agendar a verifica‡Æo deste volume para a pr¢xima vez em que o sistema for reiniciado? (S/N) NÆo ‚ poss¡vel executar o CHKDSK porque o volume est sendo usado por outro processo. Deseja agendar a verifica‡Æo deste volume para a pr¢xima vez em que o sistema for reiniciado? (S/N) ========= Fim de CMD: ========= =========== "C:\Windows\Temp\*.*" ========== C:\Windows\Temp\3746361a-cb54-4b12-b8ed-220d2fcef4eb.tmp => movido com sucesso C:\Windows\Temp\78b3d94a-e79b-49b3-af55-2317059e7865.tmp => movido com sucesso C:\Windows\Temp\8ee9b7fd-cd01-4653-8584-93307e3489f0.tmp => movido com sucesso C:\Windows\Temp\9eaee8f1-d400-4686-8fda-b5bd69539c26.tmp => movido com sucesso C:\Windows\Temp\asw-476a497b-f24e-484a-b49c-4e480974e56e.tmp => movido com sucesso C:\Windows\Temp\asw-c1a42555-7e12-4160-bb68-e81be6ea9853.tmp => movido com sucesso C:\Windows\Temp\chrome_installer.log => movido com sucesso C:\Windows\Temp\FXSAPIDebugLogFile.txt => movido com sucesso C:\Windows\Temp\FXSTIFFDebugLogFile.txt => movido com sucesso C:\Windows\Temp\MpCmdRun.log => movido com sucesso C:\Windows\Temp\MpCopyAccelerator.log => movido com sucesso C:\Windows\Temp\MpSigStub.log => movido com sucesso C:\Windows\Temp\msedge_installer.log => movido com sucesso C:\Windows\Temp\TS_26EF.tmp => movido com sucesso C:\Windows\Temp\TS_2896.tmp => movido com sucesso C:\Windows\Temp\TS_A65E.tmp => movido com sucesso C:\Windows\Temp\TS_AB9F.tmp => movido com sucesso C:\Windows\Temp\USBInstallInfo.log => movido com sucesso C:\Windows\Temp\{AE77E5DB-3BC5-44E8-85A7-0FD0D79772B2}-MicrosoftEdge_X64_104.0.1293.63_104.0.1293.54.exe => movido com sucesso ========= Fim -> "C:\Windows\Temp\*.*" ======== =========== "C:\WINDOWS\system32\*.tmp" ========== não encontrado (a) ========= Fim -> "C:\WINDOWS\system32\*.tmp" ======== =========== "C:\WINDOWS\syswow64\*.tmp" ========== não encontrado (a) ========= Fim -> "C:\WINDOWS\syswow64\*.tmp" ======== O sistema precisou ser reiniciado. ==== Fim de Fixlog 22:44:33 ==== ==================== Informações da Memória =========================== BIOS: Intel Corp. MUCDT10N.86A.0072.2012.0808.1512 08/08/2012 Processador: Intel(R) Atom(TM) CPU D2550 @ 1.86GHz Percentagem de memória em uso: 84% RAM física total: 4078.65 MB RAM física disponível: 628.8 MB Virtual Total: 7280.34 MB Virtual disponível: 2713.21 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.2 GB) (Free:417.02 GB) (Model: WDC WD5000LPSX-75A6WT0) NTFS Drive d: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS \\?\Volume{119ee62c-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS \\?\Volume{119ee62c-0000-0000-0000-305074000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ==================== Fim de Addition.txt ======================= Obrigada!

Bom dia, DigRam! Podes arquivar este tópico, por favor? Desculpa pela demora. Obrigada.

Bom dia! Meu computador começou a ficar lento. Se puderem me ajudar, agradeço. Seguem abaixo os logs da FRST: Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 30-01-2022 Executado por Famaqui (administrador) em DESKTOP-5J8O8HF (Itautec S.A. Infoway) (03-02-2022 09:55:07) Executando a partir de C:\Users\Logoterapia\Desktop Perfis Carregados: Famaqui & Logoterapia Plataforma: Microsoft Windows 10 Pro Versão 21H1 19043.1466 (X64) Idioma: Português (Brasil) Navegador padrão: Edge Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\97.0.1072.76\identity_helper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7> (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\NisSrv.exe (philandro Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ZTE CORPORATION -> ) C:\Program Files (x86)\Claro 3G\CMUpdater.exe (ZTE CORPORATION -> ) C:\Program Files (x86)\Claro 3G\UIMain.exe 0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Cortana.exe 0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2111.12605.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21121.250.0_x64__8wekyb3d8bbwe\YourPhone.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2021-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\RunOnce: [*EmptyTemp] => cmd /c rd /q/s C:\FRST\Temp HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\Run: [MicrosoftEdgeAutoLaunch_FFB80A29E2B6CA7A87F4867A906A7ED9] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\Run: [MicrosoftEdgeAutoLaunch_01CA57FCFBADE73389A1D832F77925FA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "I:\Windows/AutoRun.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-21] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2021-12-21] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) Startup: C:\Users\Logoterapia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk [2022-01-17] ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0C4CF758-1923-412A-AF60-6EDEF9C3B905} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.) Task: {4576A4F2-BD76-4FE7-835E-26DEE5013429} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MpCmdRun.exe [926912 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {498808B2-2219-45A8-BE4D-7454E3CCD4F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MpCmdRun.exe [926912 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8082054D-305B-441D-94BC-9E3BCCB1ADA2} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-400714347-516547821-1503872166-1002 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation) Task: {8FD8CA2C-4F4C-4EFB-A3C4-F9B07F0A0559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-06] (Google LLC -> Google LLC) Task: {95DAD68F-AECC-45B3-A159-DCCC3674A9FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MpCmdRun.exe [926912 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {A21520D0-E698-4917-8789-5DDE509DDF4A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MpCmdRun.exe [926912 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D697F7E7-3B89-41B4-BB11-C80FB69D03CB} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {D6AB6416-2CE9-4B1E-9B95-6C4C65D2FB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-06] (Google LLC -> Google LLC) Task: {E2421F5F-5A9F-4E80-81C5-3AC1328820A0} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B" (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\..\Interfaces\{0F533CE7-7A6A-4ACC-93CA-5BA708D1008D}: [NameServer] 200.169.119.222 200.169.119.221 Tcpip\..\Interfaces\{3269e617-d4aa-4453-b41d-83b4746dcfd9}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{636cd3da-d87d-4e07-ab6d-73ddd859b6db}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{7dd83a10-47fc-42d3-9512-f5eade7560af}: [DhcpNameServer] 181.213.132.2 181.213.132.3 Edge: ======= Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)] Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)] Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)] Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)] Edge DefaultProfile: Default Edge Profile: C:\Users\Famaqui\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-01] FireFox: ======== FF DefaultProfile: 6al8hfm0.default FF ProfilePath: C:\Users\Famaqui\AppData\Roaming\Mozilla\Firefox\Profiles\6al8hfm0.default [2021-08-05] FF ProfilePath: C:\Users\Famaqui\AppData\Roaming\Mozilla\Firefox\Profiles\guqst3oi.default-release [2022-02-02] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default [2021-08-05] CHR Extension: (Apresentações) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-31] CHR Extension: (Documentos) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-31] CHR Extension: (Google Drive) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-31] CHR Extension: (YouTube) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-31] CHR Extension: (Planilhas) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-31] CHR Extension: (Documentos Google off-line) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-06] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-31] CHR Extension: (Gmail) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-31] CHR Extension: (Chrome Media Router) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-31] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3803376 2021-12-21] (philandro Software GmbH -> AnyDesk Software GmbH) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-12] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\NisSrv.exe [2910272 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.6-0\MsMpEng.exe [129440 2022-01-29] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [11776 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> MBB Incorporated) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49592 2022-01-29] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [437480 2022-01-29] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-01-29] (Microsoft Windows -> Microsoft Corporation) R3 ZTEusbmdm6k; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) R3 ZTEusbnmea; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) R3 ZTEusbser6k; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-02-03 09:49 - 2022-02-03 09:49 - 083361792 _____ C:\WINDOWS\system32\config\SOFTWARE 2022-02-03 09:42 - 2022-02-03 09:49 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2022-02-01 16:23 - 2022-02-01 16:24 - 005345466 _____ C:\Users\Logoterapia\Downloads\Prática na escola 2021_1.pdf 2022-02-01 16:22 - 2022-02-01 16:22 - 000164833 _____ C:\Users\Logoterapia\Downloads\Formulario.pdf 2022-01-27 11:40 - 2022-01-27 11:40 - 000035944 _____ C:\Users\Logoterapia\Downloads\N-1639.PDF 2022-01-27 10:54 - 2022-01-27 10:54 - 000010372 _____ C:\Users\Logoterapia\Downloads\N-567.PDF 2022-01-27 10:40 - 2022-01-27 10:40 - 000056601 _____ C:\Users\Logoterapia\Downloads\N-825.PDF 2022-01-26 21:53 - 2022-01-26 21:53 - 000518625 _____ C:\Users\Logoterapia\Downloads\Carolina Martins no Instagram_ “R$1.000 ou um notebook_ (Foto Oficial) Amanhã, 27_01, às 08h da manhã, vamos abrir as inscrições do Programa Trocando de Emprego…”.html 2022-01-26 21:53 - 2022-01-26 21:53 - 000000000 ____D C:\Users\Logoterapia\Downloads\Carolina Martins no Instagram_ “R$1.000 ou um notebook_ (Foto Oficial) Amanhã, 27_01, às 08h da manhã, vamos abrir as inscrições do Programa Trocando de Emprego…”_files 2022-01-26 19:56 - 2022-01-26 19:56 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2022-01-24 20:24 - 2022-01-24 20:24 - 000000000 ____D C:\Users\Logoterapia\Desktop\ivan 2022-01-24 12:43 - 2022-01-24 12:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2022-01-19 21:19 - 2022-01-19 21:19 - 000288376 _____ C:\Users\Logoterapia\Downloads\CErtificado Gestor Class - Secretaria ES.pdf 2022-01-17 21:05 - 2022-01-17 21:05 - 000010105 _____ C:\Users\Logoterapia\Downloads\N-731 (1).PDF 2022-01-17 20:51 - 2022-01-17 20:51 - 000010105 _____ C:\Users\Logoterapia\Downloads\N-731.PDF 2022-01-17 20:48 - 2022-01-17 20:48 - 000030824 _____ C:\Users\Logoterapia\Downloads\N-942.PDF 2022-01-17 20:46 - 2022-01-17 20:46 - 000018642 _____ C:\Users\Logoterapia\Downloads\N-943.PDF 2022-01-16 09:57 - 2022-01-16 09:57 - 000058003 _____ C:\Users\Logoterapia\Downloads\11162059.pdf 2022-01-12 21:44 - 2022-01-24 20:25 - 000000000 ____D C:\Users\Logoterapia\dwhelper 2022-01-12 21:36 - 2022-01-12 21:36 - 000000000 ____D C:\Program Files\net.downloadhelper.coapp 2022-01-12 21:26 - 2022-01-12 21:27 - 044612640 _____ (DownloadHelper ) C:\Users\Logoterapia\Downloads\VdhCoAppSetup-1.6.3.exe 2022-01-12 15:24 - 2022-01-12 15:24 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe 2022-01-12 15:24 - 2022-01-12 15:24 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe 2022-01-12 15:24 - 2022-01-12 15:24 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-01-12 15:03 - 2022-01-12 15:03 - 000000000 ___HD C:\$WinREAgent ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-02-03 09:57 - 2021-06-16 18:40 - 001651882 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-02-03 09:57 - 2019-12-07 11:53 - 000715446 _____ C:\WINDOWS\system32\prfh0416.dat 2022-02-03 09:57 - 2019-12-07 11:53 - 000140602 _____ C:\WINDOWS\system32\prfc0416.dat 2022-02-03 09:57 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF 2022-02-03 09:55 - 2021-08-04 11:04 - 000000000 ____D C:\FRST 2022-02-03 09:53 - 2021-12-21 20:52 - 000000000 ____D C:\ProgramData\AnyDesk 2022-02-03 09:52 - 2021-07-06 11:11 - 000000000 ____D C:\Program Files (x86)\Claro 3G 2022-02-03 09:52 - 2021-05-31 12:17 - 000000000 ____D C:\Program Files (x86)\Google 2022-02-03 09:51 - 2021-12-21 20:51 - 000000000 ____D C:\Users\Logoterapia\AppData\Roaming\AnyDesk 2022-02-03 09:51 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-02-03 09:50 - 2021-06-16 18:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-02-03 09:50 - 2021-06-16 18:28 - 000008192 ___SH C:\DumpStack.log.tmp 2022-02-03 09:41 - 2019-12-07 06:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-02-03 09:40 - 2021-07-06 19:24 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Mozilla 2022-02-02 21:57 - 2020-02-07 17:59 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\ConnectedDevicesPlatform 2022-02-02 21:56 - 2021-12-21 20:52 - 000000000 ____D C:\Program Files (x86)\AnyDesk 2022-02-02 21:55 - 2021-08-13 09:03 - 000000000 ____D C:\Users\Logoterapia\Desktop\FRST-OlderVersion 2022-02-02 21:55 - 2021-08-04 11:03 - 002311680 _____ (Farbar) C:\Users\Logoterapia\Desktop\FRST64.exe 2022-02-02 21:55 - 2021-07-08 09:36 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Temp 2022-02-02 21:21 - 2021-06-16 18:28 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-02-02 20:42 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-02-02 20:42 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-02-02 12:50 - 2020-02-07 18:02 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Comms 2022-02-02 10:00 - 2020-02-06 15:36 - 000000000 __RHD C:\Users\Public\AccountPictures 2022-01-31 12:13 - 2021-07-06 19:29 - 000000000 ____D C:\Users\Logoterapia\Desktop\SEAD_2021 2022-01-31 00:44 - 2021-06-16 18:31 - 000000000 ____D C:\Users\Logoterapia 2022-01-30 19:02 - 2021-05-31 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2022-01-30 19:02 - 2021-05-31 16:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2022-01-29 17:13 - 2020-02-06 15:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-01-28 19:03 - 2021-06-16 18:30 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-01-28 19:03 - 2021-06-16 18:30 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-01-28 12:54 - 2021-08-08 11:37 - 000000000 ____D C:\Users\Public\Documents\BizagiModelerLogs 2022-01-27 18:56 - 2021-06-24 17:46 - 000003618 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-01-27 18:56 - 2021-06-24 17:46 - 000003524 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d762f7bbca0061 2022-01-27 18:08 - 2021-07-07 10:24 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\D3DSCache 2022-01-27 01:08 - 2021-12-13 12:00 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-400714347-516547821-1503872166-1002 2022-01-27 01:08 - 2021-08-28 19:31 - 000000000 ___RD C:\Users\Logoterapia\FAMAQUI - Faculdade Mário Quintana 2022-01-27 01:08 - 2021-07-06 19:40 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-400714347-516547821-1503872166-1002 2022-01-27 01:08 - 2021-06-16 18:31 - 000002403 _____ C:\Users\Logoterapia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-01-24 12:44 - 2021-05-31 16:20 - 000000000 ____D C:\ProgramData\Mozilla 2022-01-24 12:42 - 2021-05-31 16:20 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2022-01-21 12:54 - 2021-07-06 19:14 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-01-21 12:54 - 2021-07-06 19:14 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2022-01-19 20:03 - 2021-07-06 19:10 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2022-01-19 20:03 - 2021-07-06 19:10 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2022-01-12 19:01 - 2021-07-07 10:09 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Adobe 2022-01-12 18:48 - 2021-06-16 18:28 - 000438800 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-01-12 18:47 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-01-12 18:47 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-01-12 15:32 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-01-12 15:01 - 2020-02-14 09:44 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-01-12 14:57 - 2020-02-14 09:44 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-01-12 10:46 - 2021-06-16 18:45 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2022-01-12 10:45 - 2021-12-17 17:25 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2022-01-12 10:45 - 2021-12-17 17:25 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk ==================== Arquivos na raiz de alguns diretórios ======== 2021-07-26 21:05 - 2021-07-26 21:05 - 000007597 _____ () C:\Users\Famaqui\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 30-01-2022 Executado por Famaqui (03-02-2022 09:59:02) Executando a partir de C:\Users\Logoterapia\Desktop Microsoft Windows 10 Pro Versão 21H1 19043.1466 (X64) (2021-06-16 21:45:35) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-400714347-516547821-1503872166-500 - Administrator - Disabled) Convidado (S-1-5-21-400714347-516547821-1503872166-501 - Limited - Disabled) DefaultAccount (S-1-5-21-400714347-516547821-1503872166-503 - Limited - Disabled) Famaqui (S-1-5-21-400714347-516547821-1503872166-1001 - Administrator - Enabled) => C:\Users\Famaqui Logoterapia (S-1-5-21-400714347-516547821-1503872166-1002 - Limited - Enabled) => C:\Users\Logoterapia WDAGUtilityAccount (S-1-5-21-400714347-516547821-1503872166-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 21.011.20039 - Adobe) AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.0.4 - AnyDesk Software GmbH) Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft) Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft) Bizagi Modeler (HKLM\...\{fc979aba-3131-4cd7-82c9-e8023d8d54d7}) (Version: 3.8.0206 - Bizagi Limited) Hidden Bizagi Modeler (HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\InstallShield_{fc979aba-3131-4cd7-82c9-e8023d8d54d7}) (Version: 3.8.0206 - Bizagi Limited) Claro 3G (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) D-Link DWA-131 - V5.02b04 (HKLM-x32\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version: 5.00.0000 - D-Link) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 97.0.4692.99 - Google LLC) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 97.0.1072.76 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\OneDriveSetup.exe) (Version: 21.150.0725.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\OneDriveSetup.exe) (Version: 22.002.0103.0004 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 91.0 (x86 pt-BR)) (Version: 91.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 - Realtek Semiconductor Corp.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper) Packages: ========= Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-02-02] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation) [MS Ad] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-400714347-516547821-1503872166-1002_Classes\CLSID\{04271989-C4D2-A49B-7D71-BFD1586DE06B} -> [FAMAQUI - Faculdade Mário Quintana] => C:\Users\Logoterapia\FAMAQUI - Faculdade Mário Quintana [2021-08-28 19:31] ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\perseus.com.br -> hxxps://famaqui.perseus.com.br ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-03-19 01:49 - 2019-03-19 01:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-400714347-516547821-1503872166-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-400714347-516547821-1503872166-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg DNS Servers: 200.169.119.222 - 200.169.119.221 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MozillaMaintenance => 3 HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\StartupApproved\Run: => "OneDrive" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{62565AD9-1E82-47F4-A9B6-30DBAA379E27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{9E838B19-07DC-44C3-9EC7-62F04FD895EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{969321D7-151A-4D33-8786-E24CA9C8C308}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{0692F06E-E0E5-4174-AB53-EC255C47F4DA}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\PortableWiFi.exe (D-LINK CORPORATION -> D-Link Corp.) FirewallRules: [UDP Query User{59684D04-B950-46FA-91FC-7353F85BFDAE}C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe => Nenhum Arquivo FirewallRules: [TCP Query User{596A7BFE-9CD2-466B-A7C4-B1E56BFEF841}C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe => Nenhum Arquivo FirewallRules: [{541F50C9-5E7E-486E-8F54-4A2293BBB117}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9BFFE419-78A0-4E65-B794-09B500202AB6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B9779E18-91D8-4A82-AEE8-E47EEE8AAB41}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{AC32B6ED-B069-46A7-BF79-E5BCFE16A783}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{B26421A5-71D7-4316-A791-ACECE5A28093}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{D6555121-CC41-4CC1-91F7-973609F1816F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C5125A61-E41A-4AAB-B73E-5546ECAF0BF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{230D2FC2-92ED-4A8A-9D15-884E1516308C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{97923D6C-DB2E-46F8-8771-8DDB35B53EC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A6AB516D-4E7A-4A1C-9B39-B7992DE65058}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{30AE2BF5-7B0A-4BEA-BDE3-EC4A42B5D1AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D4701CF1-98F8-4517-9BB5-A57056AB3464}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2DF854C9-80F1-41A6-A8D7-281ACB93724C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.177.645.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{C258054A-B639-473E-9520-8FC9E56DCB9F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{EFBE9A44-1FF6-4782-AA42-B581B08B0AB7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{F505D6B5-6B2B-45B1-9DB7-2E86C981AB46}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{C279935E-B83D-454F-9E40-630E2F6E1C32}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{EBA007B8-F542-4828-A3E6-56DB087E4CA6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{7BF0FEB7-3FE2-465E-8FD1-AC6690A479AA}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) ==================== Pontos de Restauração ========================= 12-01-2022 15:02:01 Instalador de Módulos do Windows 19-01-2022 18:55:40 Ponto de Verificação Agendado 28-01-2022 18:51:09 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (02/02/2022 10:18:00 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: O Windows não pode acessar o arquivo por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento instalados neste computador, ou o disco está ausente. O Windows fechou o programa MODEM Mobile Connection por causa desse erro. Programa: MODEM Mobile Connection Arquivo: O valor do erro está listado na seção Dados Adicionais. Ação do Usuário 1. Abra o arquivo novamente. Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente. 2. Se o arquivo ainda não puder ser acessado e - não estiver na rede, o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado. - Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador. 3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER. 4. Se o problema persistir, restaure o arquivo de uma cópia de backup. 5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para obter assistência adicional. Dados Adicionais Valor do erro: 00000000 Tipo de disco: 0 Error: (02/02/2022 10:18:00 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de data/hora: 0x00000000 Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0xc000001d Deslocamento da falha: 0x0d064c20 ID do processo com falha: 0x18a0 Hora de início do aplicativo com falha: 0x01d81899204ba010 Caminho do aplicativo com falha: C:\Program Files (x86)\Claro 3G\UIMain.exe Caminho do módulo com falha: unknown ID do Relatório: 6e110f63-47d2-46c9-956e-c2796997c626 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/02/2022 10:17:55 PM) (Source: Application Error) (EventID: 1005) (User: ) Description: O Windows não pode acessar o arquivo por um destes motivos: há um problema de conexão com a rede, o disco no qual o arquivo está armazenado ou nos drivers de armazenamento instalados neste computador, ou o disco está ausente. O Windows fechou o programa MODEM Mobile Connection por causa desse erro. Programa: MODEM Mobile Connection Arquivo: O valor do erro está listado na seção Dados Adicionais. Ação do Usuário 1. Abra o arquivo novamente. Esta situação pode ser um problema temporário corrigida quando o programa é executado novamente. 2. Se o arquivo ainda não puder ser acessado e - não estiver na rede, o administrador da rede deverá verificar se não há um problema com a rede e se o servidor puder ser contatado. - Está em um disco removível, por exemplo, um disquete ou CD-ROM, verifique se o disco está completamente inserido no computador. 3. Verifique e repare o sistema de arquivos ao executar CHKDSK. Para executar CHKDSK, clique em Iniciar, clique em Executar, digite CMD e clique em OK. No prompt de comando, digite CHKDSK /F e pressione ENTER. 4. Se o problema persistir, restaure o arquivo de uma cópia de backup. 5. Determine se outros arquivos no mesmo disco podem ser abertos. Em caso negativo, o disco pode estar danificado. Se for um disco rígido, contate o administrador ou o fornecedor de hardware do computador para obter assistência adicional. Dados Adicionais Valor do erro: 00000000 Tipo de disco: 0 Error: (02/02/2022 10:17:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: UIMain.exe, versão: 1.0.0.0, carimbo de data/hora: 0x00000000 Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0xc000001d Deslocamento da falha: 0x0d064c20 ID do processo com falha: 0x18a0 Hora de início do aplicativo com falha: 0x01d81899204ba010 Caminho do aplicativo com falha: C:\Program Files (x86)\Claro 3G\UIMain.exe Caminho do módulo com falha: unknown ID do Relatório: 27fd2db8-577f-4af0-a168-c725e7e970b6 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (02/02/2022 07:28:44 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Video.UI.exe versão 10.21111.1051.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 700 Hora de Início: 01d8185ab5fc3a02 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21111.10511.0_x64__8wekyb3d8bbwe\Video.UI.exe ID do Relatório: 0a83429f-87ef-49e5-b0a0-fc2243b27f44 Nome completo do pacote com falha: Microsoft.ZuneVideo_10.21111.10511.0_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: Microsoft.ZuneVideo Tipo com falha: Quiesce Error: (02/02/2022 10:01:47 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5J8O8HF) Description: Microsoft.VCLibs.140.00_8wekyb3d8bbwe-2147024893 Error: (02/02/2022 10:01:47 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5J8O8HF) Description: Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe-2147024893 Error: (02/02/2022 10:01:47 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5J8O8HF) Description: Microsoft.UI.Xaml.2.7_8wekyb3d8bbwe-2147024893 Erros de Sistema: ============= Error: (02/03/2022 09:37:26 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT) Description: Verificação de volume criptografado: as informações de volume em E: não podem ser lidas. Error: (02/02/2022 09:56:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5J8O8HF) Description: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não se registrou no DCOM dentro do tempo limite necessário. Error: (02/02/2022 09:55:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço. Error: (02/02/2022 09:55:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço CredentialEnrollmentManagerUserSvc_2c0bc8b foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço. Error: (02/02/2022 09:55:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço AnyDesk Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (02/02/2022 09:55:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Adobe Acrobat Update Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (02/02/2022 12:45:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80240017: 2021-10 Atualização do Windows 10 Version 21H1 para sistemas baseados em x64 (KB5005463). Error: (02/01/2022 06:58:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80240017: 2021-10 Atualização do Windows 10 Version 21H1 para sistemas baseados em x64 (KB5005463). Windows Defender: ================ Date: 2022-02-03 09:52:32 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {0B811521-58C3-4AFD-A16F-696F1D1DF6C1} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: DESKTOP-5J8O8HF\Logoterapia Date: 2022-02-03 09:51:30 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {E4D0D75D-B649-4E31-A2E0-8EAC0C20437D} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Personalizada Usuário: DESKTOP-5J8O8HF\Logoterapia Date: 2022-02-03 09:40:20 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {20E4798C-EB52-4B7E-A3E4-EDB42F7A0D91} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Personalizada Usuário: DESKTOP-5J8O8HF\Logoterapia Date: 2022-02-02 18:05:20 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {C54B57EB-2454-47F7-999F-EEAD30C90E8B} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-02-01 17:29:18 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {34F7886C-384B-49AE-8FCC-EB5E792A5486} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Event[0]: Date: 2022-01-15 21:31:53 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: Versão da Inteligência de Segurança anterior: 1.355.1916.0 Fonte da Atualização: Servidor do Microsoft Update Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Completa Usuário: AUTORIDADE NT\SISTEMA Versão Atual do Mecanismo: Versão Anterior do Mecanismo: 1.1.18800.4 Código de Erro: 0x80240009 Descrição do Erro: Erro inesperado ao verificar atualizações. Para obter informações sobre como instalar ou solucionar problemas de atualizações, consulte Ajuda e Suporte. ==================== Informações da Memória =========================== BIOS: Itautec ST 4253, 0006- SL2 01/20/2009 placa-mãe: Itautec S.A. ST 4253 Processador: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz Percentagem de memória em uso: 62% RAM física total: 2038.24 MB RAM física disponível: 763.79 MB Virtual Total: 4854.24 MB Virtual disponível: 2480.45 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:110.93 GB) (Free:54.92 GB) NTFS Drive i: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS \\?\Volume{2bd2c32a-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.35 GB) (Free:0.32 GB) NTFS \\?\Volume{2bd2c32a-0000-0000-0000-20d21b000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=524 MB) - (Type=27) ==================== Fim de Addition.txt =======================

Prezados, bom dia! Desde ontem a máquina está tendo um comportamento estranho. Quando vou abrir ou fazer download de um arquivo, do nada a tela fica preta durante alguns segundos. Além disso a máquina está mais lenta. Seguem abaixo os logs. Muito obrigada! Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 03-08-2021 Executado por Famaqui (administrador) em DESKTOP-5J8O8HF (Itautec S.A. Infoway) (04-08-2021 11:05:57) Executando a partir de C:\Users\Logoterapia\Desktop Perfis Carregados: Famaqui & Logoterapia Platform: Windows 10 Pro Versão 21H1 19043.1110 (X64) Idioma: Português (Brasil) Navegador padrão: Edge Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.92\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ZTE CORPORATION -> ) C:\Program Files (x86)\Claro 3G\CMUpdater.exe (ZTE CORPORATION -> ) C:\Program Files (x86)\Claro 3G\UIMain.exe 0 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe 0 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12105.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe 0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21062.150.0_x64__8wekyb3d8bbwe\YourPhone.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2021-05-31] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Famaqui\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Famaqui\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\RunOnce: [Uninstall 21.083.0425.0003\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Famaqui\AppData\Local\Microsoft\OneDrive\21.083.0425.0003\amd64" HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\RunOnce: [Uninstall 21.083.0425.0003] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Famaqui\AppData\Local\Microsoft\OneDrive\21.083.0425.0003" HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "G:\Windows/AutoRun.exe" HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "G:\Windows/AutoRun.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\92.0.4515.131\Installer\chrmstp.exe [2021-08-02] (Google LLC -> Google LLC) ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {03BC4C77-54F8-4972-8872-1B979C9BD76B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {3D5AEBDA-DF35-41D9-B853-BDB3267E4AFA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3F7257C1-B5D0-4310-B382-A3B5E9628174} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {58EFA3E4-2454-484C-A331-D4B6E68BA346} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {8FD8CA2C-4F4C-4EFB-A3C4-F9B07F0A0559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-06] (Google LLC -> Google LLC) Task: {D6AB6416-2CE9-4B1E-9B95-6C4C65D2FB5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-07-06] (Google LLC -> Google LLC) Task: {DCF0DFC5-3B03-4300-AFD5-5541B012F1E8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MpCmdRun.exe [673816 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E5DFEFD4-A329-4D2F-9F38-209EF042D148} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [637368 2021-07-06] (Mozilla Corporation -> Mozilla Foundation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\..\Interfaces\{0F533CE7-7A6A-4ACC-93CA-5BA708D1008D}: [NameServer] 200.169.119.222 200.169.119.221 Tcpip\..\Interfaces\{3269e617-d4aa-4453-b41d-83b4746dcfd9}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{636cd3da-d87d-4e07-ab6d-73ddd859b6db}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{7dd83a10-47fc-42d3-9512-f5eade7560af}: [DhcpNameServer] 181.213.132.2 181.213.132.3 Edge: ======= Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)] Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)] Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)] Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)] Edge DefaultProfile: Default Edge Profile: C:\Users\Famaqui\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-10] FireFox: ======== FF DefaultProfile: 6al8hfm0.default FF ProfilePath: C:\Users\Famaqui\AppData\Roaming\Mozilla\Firefox\Profiles\6al8hfm0.default [2021-05-31] FF ProfilePath: C:\Users\Famaqui\AppData\Roaming\Mozilla\Firefox\Profiles\guqst3oi.default-release [2021-07-10] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-07-24] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default [2021-07-06] CHR Extension: (Apresentações) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-31] CHR Extension: (Documentos) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-31] CHR Extension: (Google Drive) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-31] CHR Extension: (YouTube) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-31] CHR Extension: (Planilhas) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-31] CHR Extension: (Documentos Google off-line) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-06] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-31] CHR Extension: (Gmail) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-31] CHR Extension: (Chrome Media Router) - C:\Users\Famaqui\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-31] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5395384 2021-07-14] (Microsoft Windows Publisher -> Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\NisSrv.exe [2727416 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2107.4-0\MsMpEng.exe [136656 2021-07-26] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Arquivo não assinado] S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [11776 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> MBB Incorporated) U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50688 2019-12-07] (Microsoft Windows -> Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-07-26] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [434424 2021-07-26] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [78072 2021-07-26] (Microsoft Windows -> Microsoft Corporation) R3 ZTEusbmdm6k; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) R3 ZTEusbnmea; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) R3 ZTEusbser6k; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [123264 2011-08-29] (Microsoft Windows Hardware Compatibility Publisher -> ZTE Incorporated) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três meses (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-08-04 11:04 - 2021-08-04 11:06 - 000000000 ____D C:\FRST 2021-08-04 11:03 - 2021-08-04 11:02 - 002300416 _____ (Farbar) C:\Users\Logoterapia\Desktop\FRST64.exe 2021-08-04 11:02 - 2021-08-04 11:02 - 002300416 _____ (Farbar) C:\Users\Logoterapia\Downloads\FRST64.exe 2021-08-04 10:56 - 2021-08-04 10:56 - 000030120 _____ C:\Users\Logoterapia\Downloads\(Aula 1) Solicitacao de Férias (1).bpm 2021-07-26 21:05 - 2021-07-26 21:05 - 000007597 _____ C:\Users\Famaqui\AppData\Local\Resmon.ResmonCfg 2021-07-23 17:41 - 2021-07-23 17:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime 2021-07-14 21:04 - 2021-07-14 21:04 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-07-14 21:04 - 2021-07-14 21:04 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsraLegacy.tlb 2021-07-14 21:04 - 2021-07-14 21:04 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsraLegacy.tlb 2021-07-14 21:04 - 2021-07-14 21:04 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rendezvousSession.tlb 2021-07-14 21:04 - 2021-07-14 21:04 - 000006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\rendezvousSession.tlb 2021-07-14 21:03 - 2021-07-14 21:03 - 001823280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-07-14 20:26 - 2021-07-14 20:26 - 000000000 ____D C:\WINDOWS\PCHEALTH 2021-07-14 19:56 - 2021-07-14 19:56 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2021-07-10 11:36 - 2021-07-10 11:36 - 000101633 _____ C:\Users\Famaqui\Downloads\Boleto_07-2021.pdf 2021-07-10 11:05 - 2021-07-10 11:40 - 000000000 ____D C:\Users\Famaqui\AppData\LocalLow\Adobe 2021-07-10 11:00 - 2021-07-10 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2021-07-10 11:00 - 2021-07-10 11:00 - 000000000 ____D C:\Program Files\Microsoft Silverlight 2021-07-10 11:00 - 2021-07-10 11:00 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2021-07-08 15:27 - 2021-07-15 12:17 - 000092920 _____ C:\Users\Logoterapia\AppData\Local\GDIPFONTCACHEV1.DAT 2021-07-08 09:36 - 2021-07-08 09:36 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Temp 2021-07-07 16:57 - 2021-07-07 16:57 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Microsoft Help 2021-07-07 10:49 - 2021-07-07 10:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-07-07 10:49 - 2021-07-07 10:49 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-07-07 10:49 - 2021-07-07 10:49 - 002371072 _____ C:\WINDOWS\system32\rdpnano.dll 2021-07-07 10:49 - 2021-07-07 10:49 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-07-07 10:49 - 2021-07-07 10:49 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-07-07 10:49 - 2021-07-07 10:49 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2021-07-07 10:49 - 2021-07-07 10:49 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl 2021-07-07 10:48 - 2021-07-07 10:48 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-07-07 10:48 - 2021-07-07 10:48 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-07-07 10:48 - 2021-07-07 10:48 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-07-07 10:48 - 2021-07-07 10:48 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-07-07 10:48 - 2021-07-07 10:48 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-07-07 10:47 - 2021-07-07 10:47 - 001393504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-07-07 10:47 - 2021-07-07 10:47 - 000097792 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-07-07 10:47 - 2021-07-07 10:47 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2021-07-07 10:46 - 2021-07-07 10:46 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2021-07-07 10:46 - 2021-07-07 10:46 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-07-07 10:46 - 2021-07-07 10:46 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-07-07 10:45 - 2021-07-07 10:45 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-07-07 10:45 - 2021-07-07 10:45 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-07-07 10:45 - 2021-07-07 10:45 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-07-07 10:24 - 2021-07-07 10:24 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\D3DSCache 2021-07-07 10:23 - 2021-07-07 10:23 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Adobe 2021-07-07 10:09 - 2021-07-07 10:23 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Adobe 2021-07-07 10:06 - 2021-07-26 12:16 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\PlaceholderTileLogoFolder 2021-07-06 19:40 - 2021-07-26 08:52 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-400714347-516547821-1503872166-1002 2021-07-06 19:40 - 2021-07-26 08:52 - 000000000 ___RD C:\Users\Logoterapia\OneDrive 2021-07-06 19:29 - 2021-07-28 17:08 - 000000000 ____D C:\Users\Logoterapia\Desktop\SEAD_2021 2021-07-06 19:24 - 2021-08-02 20:22 - 000000000 ____D C:\Users\Logoterapia\AppData\LocalLow\Mozilla 2021-07-06 19:24 - 2021-07-06 19:24 - 000000000 ____D C:\Users\Logoterapia\AppData\Roaming\Mozilla 2021-07-06 19:24 - 2021-07-06 19:24 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Mozilla 2021-07-06 19:21 - 2021-07-07 11:49 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Google 2021-07-06 19:14 - 2021-08-02 19:38 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-07-06 19:14 - 2021-08-02 19:38 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-07-06 19:13 - 2021-07-06 19:13 - 000000000 ____D C:\Program Files\Google 2021-07-06 19:10 - 2021-07-16 13:32 - 000003588 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2021-07-06 19:10 - 2021-07-16 13:32 - 000003464 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2021-07-06 19:09 - 2021-07-06 19:10 - 001310832 _____ (Google LLC) C:\Users\Famaqui\Downloads\ChromeSetup.exe 2021-07-06 12:27 - 2021-07-06 12:27 - 000000020 ___SH C:\Users\Logoterapia\ntuser.ini 2021-07-06 12:13 - 2021-07-06 12:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-07-06 11:46 - 2021-07-06 11:49 - 000003374 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-400714347-516547821-1503872166-1003 2021-07-06 11:11 - 2021-08-04 10:21 - 000000000 ____D C:\Program Files (x86)\Claro 3G 2021-07-06 11:11 - 2021-07-06 11:11 - 000001692 _____ C:\Users\Public\Desktop\Claro 3G.lnk 2021-07-06 11:11 - 2021-07-06 11:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro 3G 2021-07-06 11:11 - 2021-07-06 11:11 - 000000000 ____D C:\Program Files (x86)\InstallAffixationInfo 2021-07-06 11:11 - 2011-08-29 11:42 - 000123264 _____ (ZTE Incorporated) C:\WINDOWS\system32\Drivers\ZTEusbser6k.sys 2021-07-06 11:11 - 2011-08-29 11:42 - 000123264 _____ (ZTE Incorporated) C:\WINDOWS\system32\Drivers\ZTEusbnmea.sys 2021-07-06 11:11 - 2011-08-29 11:42 - 000123264 _____ (ZTE Incorporated) C:\WINDOWS\system32\Drivers\ZTEusbmdm6k.sys 2021-07-06 11:11 - 2011-08-29 11:42 - 000011776 _____ (MBB Incorporated) C:\WINDOWS\system32\Drivers\massfilter.sys 2021-06-24 19:28 - 2021-06-24 19:28 - 000092920 _____ C:\Users\Famaqui\AppData\Local\GDIPFONTCACHEV1.DAT 2021-06-24 17:46 - 2021-08-02 08:59 - 000003618 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-06-24 17:46 - 2021-08-02 08:59 - 000003524 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d762f7bbca0061 2021-06-17 12:23 - 2021-06-17 12:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2021-06-17 12:18 - 2021-06-17 12:18 - 000000020 ___SH C:\Users\Famaqui\ntuser.ini 2021-06-16 18:45 - 2021-07-22 09:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-16 18:45 - 2021-07-10 12:46 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-400714347-516547821-1503872166-1001 2021-06-16 18:45 - 2021-07-07 10:47 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2021-06-16 18:44 - 2021-06-16 18:45 - 000015243 _____ C:\WINDOWS\diagwrn.xml 2021-06-16 18:44 - 2021-06-16 18:45 - 000015243 _____ C:\WINDOWS\diagerr.xml 2021-06-16 18:40 - 2021-07-22 10:57 - 001651882 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-16 18:31 - 2021-07-26 08:52 - 000002403 _____ C:\Users\Logoterapia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-06-16 18:31 - 2021-07-10 12:46 - 000002391 _____ C:\Users\Famaqui\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-06-16 18:31 - 2021-07-06 19:40 - 000000000 ____D C:\Users\Logoterapia 2021-06-16 18:31 - 2021-06-24 20:45 - 000000000 ____D C:\Users\Famaqui 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Modelos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Meus Documentos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Menu Iniciar 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Documents\Minhas Músicas 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Documents\Minhas Imagens 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Documents\Meus Vídeos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Dados de Aplicativos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Configurações Locais 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\AppData\Local\Histórico 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\AppData\Local\Dados de Aplicativos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Ambiente de Rede 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Logoterapia\Ambiente de Impressão 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Modelos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Meus Documentos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Menu Iniciar 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Documents\Minhas Músicas 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Documents\Minhas Imagens 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Documents\Meus Vídeos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Dados de Aplicativos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Configurações Locais 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\AppData\Roaming\Microsoft\Windows\Start Menu\Programas 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\AppData\Local\Histórico 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\AppData\Local\Dados de Aplicativos 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Ambiente de Rede 2021-06-16 18:31 - 2021-06-16 18:31 - 000000000 _SHDL C:\Users\Famaqui\Ambiente de Impressão 2021-06-16 18:30 - 2021-08-02 09:05 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-06-16 18:30 - 2021-08-02 09:05 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-06-16 18:28 - 2021-08-04 10:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-16 18:28 - 2021-07-22 09:48 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-16 18:28 - 2021-07-14 23:17 - 000439632 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-06-16 18:23 - 2021-06-16 18:28 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2021-06-16 18:19 - 2021-06-16 18:22 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2021-06-16 18:19 - 2021-06-16 18:19 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2021-06-16 18:14 - 2021-06-16 18:14 - 000000000 ____D C:\ProgramData\ssh 2021-06-16 18:05 - 2021-06-16 18:05 - 001687040 _____ C:\WINDOWS\system32\libcrypto.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr 2021-06-16 18:05 - 2021-06-16 18:05 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr 2021-06-16 18:05 - 2021-06-16 18:05 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000153600 _____ C:\WINDOWS\system32\uwfcfgmgmt.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll 2021-06-16 18:05 - 2021-06-16 18:05 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll 2021-06-16 18:04 - 2021-06-16 18:04 - 000700928 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll 2021-06-16 18:04 - 2021-06-16 18:04 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx 2021-06-16 18:04 - 2021-06-16 18:04 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl 2021-06-16 18:04 - 2021-06-16 18:04 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax 2021-06-16 18:04 - 2021-06-16 18:04 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2021-06-16 18:04 - 2021-06-16 18:04 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2021-06-16 18:04 - 2021-06-16 18:04 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll 2021-06-16 18:04 - 2021-06-16 18:04 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx 2021-06-16 18:03 - 2021-06-16 18:03 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb 2021-06-16 18:03 - 2021-06-16 18:03 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl 2021-06-16 18:03 - 2021-06-16 18:03 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll 2021-06-16 18:03 - 2021-06-16 18:03 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2021-06-16 18:02 - 2021-06-16 18:02 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2021-06-16 18:02 - 2021-06-16 18:02 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl 2021-06-16 18:02 - 2021-06-16 18:02 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl 2021-06-16 18:02 - 2021-06-16 18:02 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll 2021-06-16 18:02 - 2021-06-16 18:02 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv 2021-06-16 18:02 - 2021-06-16 18:02 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe 2021-06-16 18:01 - 2021-06-16 18:01 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2021-06-16 18:01 - 2021-06-16 18:01 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl 2021-06-16 18:01 - 2021-06-16 18:01 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe 2021-06-16 18:01 - 2021-06-16 18:01 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb 2021-06-16 18:01 - 2021-06-16 18:01 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll 2021-06-16 18:01 - 2021-06-16 18:01 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt 2021-06-16 18:00 - 2021-06-16 18:00 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin 2021-06-16 18:00 - 2021-06-16 18:00 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl 2021-06-16 18:00 - 2021-06-16 18:00 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2021-06-16 18:00 - 2021-06-16 18:00 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll 2021-06-16 18:00 - 2021-06-16 18:00 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv 2021-06-16 18:00 - 2021-06-16 18:00 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe 2021-06-16 17:59 - 2021-06-16 17:59 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll 2021-05-31 17:05 - 2021-06-16 13:56 - 000000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER 2021-05-31 16:21 - 2021-07-06 12:34 - 000000000 ____D C:\Users\Famaqui\AppData\Local\D3DSCache 2021-05-31 16:20 - 2021-08-02 20:22 - 000000000 ____D C:\ProgramData\Mozilla 2021-05-31 16:20 - 2021-07-10 11:26 - 000000000 ____D C:\Users\Famaqui\AppData\LocalLow\Mozilla 2021-05-31 16:20 - 2021-07-06 13:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-05-31 16:20 - 2021-07-06 13:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-05-31 16:20 - 2021-07-06 12:13 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-05-31 16:20 - 2021-05-31 16:20 - 000001216 _____ C:\Users\Public\Desktop\Firefox.lnk 2021-05-31 16:20 - 2021-05-31 16:20 - 000000000 ____D C:\Users\Famaqui\AppData\Roaming\Mozilla 2021-05-31 16:20 - 2021-05-31 16:20 - 000000000 ____D C:\Users\Famaqui\AppData\Local\Mozilla 2021-05-31 16:19 - 2021-05-31 16:19 - 000333176 _____ (Mozilla) C:\Users\Famaqui\Downloads\Firefox Installer.exe 2021-05-31 16:13 - 2021-07-29 12:31 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-05-31 16:13 - 2021-05-31 16:13 - 000002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2021-05-31 16:13 - 2021-05-31 16:13 - 000000000 ____D C:\Program Files (x86)\Adobe 2021-05-31 16:12 - 2021-05-31 16:36 - 000000000 ____D C:\ProgramData\Adobe 2021-05-31 16:09 - 2021-07-10 11:05 - 000000000 ____D C:\Users\Famaqui\AppData\Local\Adobe 2021-05-31 15:31 - 2021-07-06 13:36 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-05-31 12:38 - 2021-06-27 22:47 - 000000000 ___DC C:\WINDOWS\Panther 2021-05-31 12:28 - 2021-05-31 12:28 - 000000000 ___HD C:\$WinREAgent 2021-05-31 12:17 - 2021-08-04 11:10 - 000000000 ____D C:\Program Files (x86)\Google 2021-05-31 12:14 - 2021-05-31 12:19 - 000000000 ____D C:\Users\Famaqui\AppData\Local\Google 2021-05-31 12:01 - 2021-05-31 12:01 - 001149432 ____N (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys 2021-05-31 11:59 - 2021-06-16 18:30 - 000000000 _____ C:\WINDOWS\system32\fpfftResultsFile.txt 2021-05-31 11:58 - 2021-06-16 18:30 - 000000000 ____D C:\WINDOWS\system32\DAX3 2021-05-31 11:54 - 2021-05-31 11:54 - 072520816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat 2021-05-31 11:54 - 2021-05-31 11:54 - 038636585 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT 2021-05-31 11:54 - 2021-05-31 11:54 - 007281960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys 2021-05-31 11:54 - 2021-05-31 11:54 - 007178576 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 007101848 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 006270296 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 005804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat 2021-05-31 11:54 - 2021-05-31 11:54 - 005347096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003769296 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003677176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl 2021-05-31 11:54 - 2021-05-31 11:54 - 003445640 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003353720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003306712 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003277000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003168280 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 003159880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 002930256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 002444816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 002197872 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001971472 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001965264 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001788064 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001611064 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOv251gm.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001598504 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001596296 _____ (Harman International Industries, Incorporated.) C:\WINDOWS\system32\HarmanAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001544360 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001516376 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001435032 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001396840 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001386680 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001382128 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001372496 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001353216 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001337536 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001294192 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001287728 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyAPOvlldpgm.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001259832 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001180792 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001159312 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001110072 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001078576 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 001061464 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000964920 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000873352 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000852032 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000751408 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000734880 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000715752 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000692056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000604688 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000541008 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000511776 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000487576 _____ (Harman International Industries, Incorporated.) C:\WINDOWS\system32\HarmanAPOUI64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000467048 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000453168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000452840 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000448712 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000447072 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000416608 _____ (Harman) C:\WINDOWS\system32\HMUI.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000406560 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000392768 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000381304 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000378488 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000367712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000366224 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000360448 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000343600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000341040 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000341040 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000333112 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000327168 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000327168 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000316080 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000278376 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000266656 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000261344 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000261304 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000260320 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000231808 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000230600 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000220280 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000218168 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000203944 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000192872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000191064 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000191032 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000179704 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000174832 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000158592 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000157240 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000154464 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000139648 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000122424 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000118696 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000116432 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000105408 _____ C:\WINDOWS\system32\audioLibVc.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000093800 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000090808 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000090064 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000088216 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000083520 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000075432 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll 2021-05-31 11:54 - 2021-05-31 11:54 - 000023800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll 2021-05-31 11:46 - 2021-05-31 12:09 - 000000000 ____D C:\ProgramData\ProductData 2021-05-31 11:46 - 2021-05-31 11:47 - 000000000 ____D C:\Users\Famaqui\AppData\LocalLow\IObit 2021-05-31 11:44 - 2021-05-31 12:09 - 000000000 ____D C:\Users\Famaqui\AppData\Roaming\IObit 2021-05-31 11:44 - 2021-05-31 11:47 - 000000000 ____D C:\ProgramData\IObit 2021-05-19 17:34 - 2021-06-16 18:28 - 000000000 ____D C:\Program Files\UNP ==================== Três meses (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-08-04 11:08 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-08-04 11:04 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF 2021-08-03 14:24 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-08-02 09:05 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-07-26 08:53 - 2020-02-06 15:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-07-22 10:57 - 2019-12-07 11:53 - 000715446 _____ C:\WINDOWS\system32\prfh0416.dat 2021-07-22 10:57 - 2019-12-07 11:53 - 000140602 _____ C:\WINDOWS\system32\prfc0416.dat 2021-07-22 08:56 - 2019-12-07 06:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-07-22 08:37 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-07-21 20:44 - 2020-02-15 12:02 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-07-17 12:17 - 2019-03-19 01:49 - 000000167 _____ C:\WINDOWS\win.ini 2021-07-15 11:19 - 2020-02-07 17:59 - 000000000 ____D C:\Users\Logoterapia\AppData\Local\Packages 2021-07-14 23:16 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-07-14 23:16 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-07-14 23:16 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2021-07-14 23:16 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-07-14 23:16 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\System 2021-07-14 20:26 - 2020-02-15 12:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Works 2021-07-14 20:14 - 2020-02-14 09:44 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-07-14 20:09 - 2020-02-14 09:44 - 133422552 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-07-14 19:55 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2021-07-10 12:46 - 2020-02-06 15:41 - 000000000 ___RD C:\Users\Famaqui\OneDrive 2021-07-10 11:05 - 2020-02-06 15:36 - 000000000 ____D C:\Users\Famaqui\AppData\Roaming\Adobe 2021-07-10 11:05 - 2020-02-06 15:36 - 000000000 ____D C:\Users\Famaqui\AppData\Local\Packages 2021-07-10 10:54 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\Provisioning 2021-07-07 11:31 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-07-07 10:57 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\servicing 2021-07-07 10:38 - 2020-02-06 15:53 - 000000000 ____D C:\ProgramData\Packages 2021-07-07 10:23 - 2020-02-07 17:59 - 000000000 ____D C:\Users\Logoterapia\AppData\Roaming\Adobe 2021-07-07 10:00 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\appcompat 2021-07-06 12:27 - 2020-02-07 17:59 - 000000000 ___RD C:\Users\Logoterapia\3D Objects 2021-07-06 12:27 - 2020-02-06 15:36 - 000000000 __RHD C:\Users\Public\AccountPictures 2021-07-06 11:32 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ModemLogs 2021-07-06 11:11 - 2021-04-16 18:06 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information ==================== Arquivos na raiz de alguns diretórios ======== 2021-07-26 21:05 - 2021-07-26 21:05 - 000007597 _____ () C:\Users\Famaqui\AppData\Local\Resmon.ResmonCfg ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 03-08-2021 Executado por Famaqui (04-08-2021 11:13:34) Executando a partir de C:\Users\Logoterapia\Desktop Windows 10 Pro Versão 21H1 19043.1110 (X64) (2021-06-16 21:45:35) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-400714347-516547821-1503872166-500 - Administrator - Disabled) Convidado (S-1-5-21-400714347-516547821-1503872166-501 - Limited - Disabled) DefaultAccount (S-1-5-21-400714347-516547821-1503872166-503 - Limited - Disabled) Famaqui (S-1-5-21-400714347-516547821-1503872166-1001 - Administrator - Enabled) => C:\Users\Famaqui Logoterapia (S-1-5-21-400714347-516547821-1503872166-1002 - Limited - Enabled) => C:\Users\Logoterapia WDAGUtilityAccount (S-1-5-21-400714347-516547821-1503872166-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 21.005.20060 - Adobe Systems Incorporated) Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft) Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft) Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft) Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft) Claro 3G (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) D-Link DWA-131 - V5.02b04 (HKLM-x32\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version: 5.00.0000 - D-Link) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 92.0.4515.131 - Google LLC) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 92.0.902.62 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\OneDriveSetup.exe) (Version: 21.109.0530.0001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\OneDriveSetup.exe) (Version: 21.129.0627.0002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 89.0.2 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 89.0.2 (x86 pt-BR)) (Version: 89.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 88.0.1 - Mozilla) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 - Realtek Semiconductor Corp.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Packages: ========= Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-08-03] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation) [MS Ad] MSN Clima -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2021-07-06] (Microsoft Corporation) [MS Ad] ==================== Exame Personalizado CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-03-19 01:49 - 2019-03-19 01:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-400714347-516547821-1503872166-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-400714347-516547821-1503872166-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg DNS Servers: 200.169.119.222 - 200.169.119.221 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MozillaMaintenance => 3 HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\StartupApproved\Run: => "OneDrive" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{62565AD9-1E82-47F4-A9B6-30DBAA379E27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{9E838B19-07DC-44C3-9EC7-62F04FD895EC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{969321D7-151A-4D33-8786-E24CA9C8C308}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{0692F06E-E0E5-4174-AB53-EC255C47F4DA}] => (Allow) C:\Program Files (x86)\D-Link\DWA-131 revE\IHV\PortableWiFi.exe (D-LINK CORPORATION -> D-Link Corp.) FirewallRules: [UDP Query User{59684D04-B950-46FA-91FC-7353F85BFDAE}C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe => Nenhum Arquivo FirewallRules: [TCP Query User{596A7BFE-9CD2-466B-A7C4-B1E56BFEF841}C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe] => (Allow) C:\users\famaqui\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\tempstate\downloads\anydesk (1).exe => Nenhum Arquivo FirewallRules: [{154DFF74-53C7-4D72-9D01-C895BA2293C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{618F3D23-BC4C-4225-8D62-FCBA7A5535D7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{F9A42304-F829-404B-B6AC-B69B24632EBD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D4158276-6CE5-448B-8DCD-079049EE71D8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{9AB31CFF-8DB3-400E-BE7D-1345422DA005}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F51070C0-0430-4116-B16E-D2A157D080AC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5C494392-E07A-429D-A7D0-738D5616238B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{35872A06-0EBD-491F-9C28-EC977D9C92DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{187CF299-F8AF-4C1A-9C84-21F915FFD58D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{39BF65BC-E226-4385-B2FB-234C6328DF7F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{45EC96E8-65C2-4E32-8AD1-D8C2187DCA2E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{014BC51B-4FAE-473E-84F7-A6E4517FC15E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.164.561.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3AF037D3-710E-477C-BFFC-193177E4FC58}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Pontos de Restauração ========================= ATENÇÃO: A Restauração do Sistema está desabilitada (Total:110.93 GB) (Free:74.24 GB) (67%) ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (08/04/2021 11:03:13 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa SystemSettings.exe versão 10.0.19041.1081 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 5f4 Hora de Início: 01d78931fb671e8e Hora de Término: 4294967295 Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe ID do Relatório: cf711d2d-0800-4653-8df9-3f01dbf67a2e Nome completo do pacote com falha: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel Tipo com falha: Quiesce Error: (07/30/2021 02:44:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: ShellExperienceHost.exe, versão: 10.0.19041.610, carimbo de data/hora: 0x5d4af3f4 Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.19041.1110, carimbo de data/hora: 0x4809adf2 Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000010bd3e ID do processo com falha: 0x1bcc Hora de início do aplicativo com falha: 0x01d7853c4141e794 Caminho do aplicativo com falha: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Caminho do módulo com falha: C:\WINDOWS\System32\KERNELBASE.dll ID do Relatório: 3044a2c2-d45c-4a24-b304-43ad661b2c9c Nome completo do pacote com falha: Microsoft.Windows.ShellExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: App Error: (07/19/2021 08:30:19 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa SystemSettings.exe versão 10.0.19041.1081 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 1264 Hora de Início: 01d77c90f8506838 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe ID do Relatório: 50093640-a8d4-4fbe-8fd1-524e1200f644 Nome completo do pacote com falha: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel Tipo com falha: Quiesce Error: (07/15/2021 09:05:07 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa SystemSettings.exe versão 10.0.19041.1081 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 4dc Hora de Início: 01d7797024afaed0 Hora de Término: 4294967295 Caminho do Aplicativo: C:\Windows\ImmersiveControlPanel\SystemSettings.exe ID do Relatório: de651d3a-0c45-478e-8954-8b7028da131a Nome completo do pacote com falha: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: microsoft.windows.immersivecontrolpanel Tipo com falha: Quiesce Error: (07/10/2021 10:55:04 AM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={A4AE9779-CB40-46D7-9AFB-CCED617F0A56}: o usuário DESKTOP-5J8O8HF\Famaqui discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 797. Error: (07/06/2021 02:29:27 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa UIMain.exe versão 1.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 914 Hora de Início: 01d7728c6cd0c106 Hora de Término: 214 Caminho do Aplicativo: C:\Program Files (x86)\Claro 3G\UIMain.exe ID do Relatório: 858f0029-0b13-41bf-bc57-1e36d8b9b291 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Tipo com falha: Unknown Error: (07/06/2021 02:28:40 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={DB9D500B-5843-49B2-BAF2-DA8A5DBE8E11}: o usuário DESKTOP-5J8O8HF\Famaqui discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 720. Error: (07/06/2021 02:26:24 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={50E7B95B-2AE3-44EC-BCCA-93084B58F816}: o usuário DESKTOP-5J8O8HF\Famaqui discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 618. Erros de Sistema: ============= Error: (08/03/2021 08:27:57 AM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: AUTORIDADE NT) Description: Verificação de volume criptografado: as informações de volume em H: não podem ser lidas. Error: (07/30/2021 03:56:03 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 03:52:02 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 03:48:00 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 03:43:58 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 12:58:07 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/30/2021 12:24:35 PM) (Source: DCOM) (EventID: 10029) (User: DESKTOP-5J8O8HF) Description: A ativação do CLSID {A1F4E726-8CF1-11D1-BF92-0060081ED811} atingiu o tempo limite durante a espera pela parada do serviço stisvc. Error: (07/29/2021 09:35:35 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5J8O8HF) Description: O servidor Microsoft.Windows.ContentDeliveryManager_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy!App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca não se registrou no DCOM dentro do tempo limite necessário. Windows Defender: ================ Date: 2021-08-04 10:19:13 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {9AA06346-1B97-4062-8034-A9D05C7C9D4D} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-08-02 09:07:34 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {BE328646-056C-4EF3-8FD5-C8E98E41AFC4} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-30 09:23:00 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {D70AEAA1-A2FF-4A52-9A47-8B2536172CDE} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-29 09:08:52 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {D9CD6D42-D3D6-4703-98F5-2CFEBFB87C32} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-28 09:24:17 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {EFA45D3B-95F3-4470-BF18-48FA10EE65B3} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-07-22 08:56:15 Description: Microsoft Defender Antivírus encontrou um erro ao tentar carregar a inteligência de segurança e tentará reverter para uma versão válida. Tentativa de Inteligência de Segurança: Backup Código de Erro: 0x80004004 Descrição do Erro: Operação anulada Versão da Inteligência de Segurança: 1.343.1390.0;1.343.1390.0 Versão do Mecanismo: 1.1.18300.4 Date: 2021-07-22 08:56:14 Description: Microsoft Defender Antivírus encontrou um erro ao tentar carregar a inteligência de segurança e tentará reverter para uma versão válida. Tentativa de Inteligência de Segurança: Atual Código de Erro: 0x80004004 Descrição do Erro: Operação anulada Versão da Inteligência de Segurança: 1.343.1461.0;1.343.1461.0 Versão do Mecanismo: 1.1.18300.4 ==================== Informações da Memória =========================== BIOS: Itautec ST 4253, 0006- SL2 01/20/2009 placa-mãe: Itautec S.A. ST 4253 Processador: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz Percentagem de memória em uso: 81% RAM física total: 2038.24 MB RAM física disponível: 370.3 MB Virtual Total: 5778.59 MB Virtual disponível: 1025.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:110.93 GB) (Free:74.24 GB) NTFS Drive f: (DWA-131) (CDROM) (Total:0.11 GB) (Free:0 GB) UDF Drive g: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS \\?\Volume{2bd2c32a-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.35 GB) (Free:0.32 GB) NTFS \\?\Volume{2bd2c32a-0000-0000-0000-20d21b000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 111.8 GB) (Disk ID: 2BD2C32A) Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=110.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=524 MB) - (Type=27) ==================== Fim de Addition.txt =======================

Bom dia, DigRam! Realizei a primeira opção! Segue o relatório da correção. Obrigada! Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 11-08-2021 Executado por Famaqui (13-08-2021 09:03:20) Run:2 Executando a partir de C:\Users\Logoterapia\Desktop Perfis Carregados: Famaqui & Logoterapia Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: StartRegedit: Windows Registry Editor Version 5.00 HKEY_CURRENT_USER\S-1-5-21-400714347-516547821-1503872166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8a76c62-d52c-11eb-ad1c-0023549f654e} HKEY_CURRENT_USER\S-1-5-21-400714347-516547821-1503872166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8a76c62-d52c-11eb-ad1c-0023549f654e} EndRegedit: Emptytemp: Reboot: ***************** Processos fechados com sucesso. Registro ====> A opera��o foi conclu�da com �xito. =========== EmptyTemp: ========== BITS transfer queue => 8151040 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4232942 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 23613382 B Edge => 0 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 21240 B Famaqui => 38017399 B Logoterapia => 387709951 B RecycleBin => 0 B EmptyTemp: => 440.4 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 09:03:50 ====

Boa tarde, DigRam! Sim! Agora não há mais tela preta e lentidão. Está tudo ok! Uma pergunta: Por que é a terceira vez que aparece um autorun.exe no dispositivo USB de acesso à rede? Será que estou fazendo algo "indevido"? Quais são as tuas dicas/sugestões, por favor? Muito obrigada!

Boa noite, DigRam! Segue abaixo o relatório. Obrigada! Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 03-08-2021 Executado por Famaqui (05-08-2021 22:01:41) Run:1 Executando a partir de C:\Users\Logoterapia\Desktop Perfis Carregados: Famaqui & Logoterapia Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** closeprocesses: HKU\S-1-5-21-400714347-516547821-1503872166-1001\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "G:\Windows/AutoRun.exe" HKU\S-1-5-21-400714347-516547821-1503872166-1002\...\MountPoints2: {e8a76c62-d52c-11eb-ad1c-0023549f654e} - "G:\Windows/AutoRun.exe" startpowershell: sfc /scannow DISM /Online /Cleanup-image /Restorehealth endpowershell: SystemRestore: On emptytemp: reboot: ***************** Processos fechados com sucesso. HKU\S-1-5-21-400714347-516547821-1503872166-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8a76c62-d52c-11eb-ad1c-0023549f654e} => removido (a) com sucesso. HKU\S-1-5-21-400714347-516547821-1503872166-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8a76c62-d52c-11eb-ad1c-0023549f654e} => removido (a) com sucesso. ========= Powershell: ========= I n i c i a n d o v e r i f i c a þ Ò o d e a r q u i v o s . O p r o c e s s o l e v a r ß a l g u n s m i n u t o s p a r a s e r c o n c l u Ý d o . I n i c i a n d o f a s e d e v e r i f i c a þ Ò o d e v e r i f i c a þ Ò o d o s i s t e m a . V e r i f i c a þ Ò o 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 2 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 3 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 4 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 5 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 6 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 7 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 8 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 0 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 1 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 2 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 3 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 4 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 5 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 6 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 7 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 8 % c o n c l u Ý d a . V e r i f i c a þ Ò o 9 9 % c o n c l u Ý d a . V e r i f i c a þ Ò o 1 0 0 % c o n c l u Ý d a . A P r o t e þ Ò o d e R e c u r s o s d o W i n d o w s e n c o n t r o u a r q u i v o s c o r r o m p i d o s e o s r e p a r o u c o m Û x i t o . P a r a r e p a r o s o n l i n e , o s d e t a l h e s s Ò o i n c l u Ý d o s n o a r q u i v o d e l o g C B S l o c a l i z a d o e m w i n d i r \ L o g s \ C B S \ C B S . l o g . P o r e x e m p l o , C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g . P a r a r e p a r o s o f f l i n e , o s d e t a l h e s s Ò o i n c l u Ý d o s n o a r q u i v o d e l o g f o r n e c i d o p e l o s i n a l i z a d o r / O F F L O G F I L E . Ferramenta de Gerenciamento e Manutenção de Imagens de Implantação Versão: 10.0.19041.844 Versão da Imagem: 10.0.19043.1110 [== 3.8% ] [== 4.2% ] [== 4.2% ] [== 4.5% ] [== 4.9% ] [=== 5.4% ] [=== 5.7% ] [=== 6.2% ] [=== 6.7% ] [==== 7.2% ] [==== 7.8% ] [==== 8.5% ] [===== 9.2% ] [===== 10.1% ] [====== 10.4% ] [====== 11.4% ] [======= 12.4% ] [======= 13.4% ] [======== 14.3% ] [======== 15.3% ] [========= 16.2% ] [========= 17.1% ] [========== 17.7% ] [========== 18.6% ] [=========== 19.6% ] [=========== 20.5% ] [============ 21.0% ] [============ 21.9% ] [============ 22.0% ] [============ 22.3% ] [============= 22.6% ] [============= 22.9% ] [============= 23.3% ] [============= 23.4% ] [============= 23.8% ] [============= 23.8% ] [============= 24.0% ] [============= 24.1% ] [============= 24.1% ] [============== 24.4% ] [============== 25.3% ] [=============== 26.1% ] [=============== 27.1% ] [================ 28.1% ] [================ 29.1% ] [================= 30.0% ] [================= 30.7% ] [================== 31.4% ] [================== 32.2% ] [=================== 32.8% ] [=================== 33.4% ] [=================== 34.1% ] [=================== 34.4% ] [==================== 35.1% ] [==================== 35.6% ] [==================== 35.7% ] [==================== 35.8% ] [==================== 36.0% ] [==================== 36.0% ] [===================== 36.2% ] [===================== 36.4% ] [===================== 36.5% ] [===================== 36.7% ] [===================== 36.7% ] [===================== 37.0% ] [===================== 37.1% ] [===================== 37.4% ] [===================== 37.7% ] [===================== 37.7% ] [===================== 37.9% ] [====================== 38.1% ] [====================== 38.5% ] [====================== 38.6% ] [====================== 39.0% ] [======================= 39.7% ] [======================= 40.5% ] [======================= 40.9% ] [======================= 41.4% ] [======================== 41.7% ] [======================== 41.7% ] [======================== 42.0% ] [======================== 42.4% ] [======================== 42.6% ] [======================== 43.0% ] [========================= 43.2% ] [========================= 43.5% ] [========================= 43.7% ] [========================= 43.8% ] [========================= 44.2% ] [========================= 44.4% ] [========================= 44.7% ] [========================== 45.0% ] [========================== 45.3% ] [========================== 45.7% ] [===========================46.6% ] [===========================46.7% ] [===========================47.7% ] [===========================48.5% ] [===========================48.8% ] [===========================49.8% ] [===========================50.8% ] [===========================51.8% ] [===========================52.5% ] [===========================52.6% ] [===========================52.6% ] [===========================52.6% ] [===========================52.7% ] [===========================52.8% ] [===========================52.9% ] [===========================53.0% ] [===========================53.0% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.1% ] [===========================53.2% ] [===========================53.2% ] [===========================53.3% ] [===========================53.4% ] [===========================53.4% ] [===========================53.4% ] [===========================53.5% ] [===========================53.6% ] [===========================53.7% ] [===========================53.7% ] [===========================53.8% ] [===========================53.9% ] [===========================53.9% ] [===========================54.0% ] [===========================54.0% ] [===========================54.0% ] [===========================54.1% ] [===========================54.2% ] [===========================54.3% ] [===========================54.3% ] [===========================54.3% ] [===========================54.4% ] [===========================54.4% ] [===========================54.5% ] [===========================54.6% ] [===========================54.6% ] [===========================54.6% ] [===========================54.6% ] [===========================54.7% ] [===========================54.8% ] [===========================54.8% ] [===========================54.8% ] [===========================54.9% ] [===========================54.9% ] [===========================55.0% ] [===========================55.1% ] [===========================55.2% ] [===========================55.3% ] [===========================55.3% ] [===========================55.4% ] [===========================55.5% ] [===========================55.5% ] [===========================55.6% ] [===========================55.7% ] [===========================55.8% ] [===========================55.8% ] [===========================56.4% ] [===========================56.6% ] [===========================56.8% ] [===========================57.1%= ] [===========================57.7%= ] [===========================58.7%== ] [===========================59.5%== ] [===========================62.3%==== ] [===========================84.9%================= ] [==========================100.0%==========================] Operação de restauração concluída com êxito. A operação foi concluída com êxito. ========= Fim de Powershell: ========= SystemRestore: On => completado =========== EmptyTemp: ========== BITS transfer queue => 8151040 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25090926 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 127083642 B Edge => 1268944 B Chrome => 18428513 B Firefox => 63029903 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 125174 B Famaqui => 235002863 B Logoterapia => 243656113 B RecycleBin => 0 B EmptyTemp: => 688.4 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 22:17:22 ====

Boa noite! Estava trabalhando em um arquivo de um pendrive e ele ficou inacessível. Quando abri o pendrive vi que esse arquivo e outros estavam com datas de criação último acesso de 2030, 2040, entre outras. Outros arquivos ficaram corrompidos. Fiz uma varredura no pendrive e no computador e nada foi detectado. Será que há algum malware não detectado pelo Win Defender? Seguem abaixo os logs da FRST: https://www.cjoint.com/c/KBCxH5n7VaZ https://www.cjoint.com/c/KBCxJaDfAGZ Muito obrigada! Obs.: O mesmo tópico foi possivelmente criado em local errado, peço que seja deletado.

Boa noite, DigRam! Desculpa pela demora. Minha máquina parou de funcionar. Problema com a placa mãe e não teve como consertar. Restou apenas o HD interno que com um case agora é um HD externo. Por isso peço, por favor, para arquivar esse tópico, ok? Obrigada!

Boa noite, DigRam! O computador está menos lento pós limpeza! O que aconteceu hoje foi de novo um malware em outro pendrive. Não usava esse pendrive há muito tempo. Utilizando o UsbFix foi detectado um malware em um arquivo. Esse arquivo foi para a quarentena. Eu acabei não gerando o relatório. Posteriormente, eu utilizei de novo a ferramenta UsbFix e seguem abaixo os relatórios. Obrigada novamente! # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : Windows # User : Ivan (Administrator) # Device : IVAN-PC # Started : 21/04/2021 19:06:06 # ---------------------------------------------------- ------------ | Analyzed disks | C:\ NTFS (208GB/465GB) [Fixed] ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe, 04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe 04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade 04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe 04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe ------------ | Tasks | Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync ------------ | C:\ %SystemDrive% - Fixed drive (NTFS) | [13/09/2016 - 21:50:20 | A | 1 Ko] - DelFix.txt [21/04/2021 - 17:37:07 | ASH | 8 Ko] - DumpStack.log.tmp [21/04/2021 - 17:37:06 | ASH | 3138180 Ko] - hiberfil.sys [21/04/2021 - 17:37:07 | ASH | 2359296 Ko] - pagefile.sys [21/04/2021 - 17:37:07 | ASH | 262144 Ko] - swapfile.sys [06/10/2015 - 20:26:43 | A | 1 Ko] - .rnd [10/06/2020 - 20:06:24 | SHD] - Config.Msi [06/03/2017 - 22:23:55 | A | 2 Ko] - console.log [13/04/2021 - 11:10:37 | ASH | 8 Ko] - DumpStack.log [25/09/2018 - 12:02:57 | SH | 0 Ko] - bootTel.dat [30/11/2020 - 22:43:52 | SHD] - $Recycle.Bin [14/07/2009 - 02:08:56 | SHD] - Documents and Settings [12/11/2013 - 09:06:26 | SHD] - Arquivos de Programas [12/11/2013 - 10:20:06 | RHD] - MSOCache [06/02/2014 - 12:56:19 | D] - Php2 [06/02/2014 - 13:13:19 | D] - PHP [06/07/2014 - 15:26:11 | D] - ODF_MAINFRAME [15/12/2014 - 09:21:55 | D] - temp [06/02/2015 - 16:28:10 | D] - Level up [01/09/2015 - 10:08:30 | D] - MySQL_1 [23/09/2015 - 01:08:37 | D] - 3aeb140115f410706a411c [30/10/2015 - 04:18:34 | ASH | 0 Ko] - BOOTNXT [07/09/2017 - 21:37:32 | D] - dosprog [02/03/2018 - 14:47:49 | HD] - $SysReset [03/03/2018 - 12:13:01 | RSHD] - Office Activation Technologies [24/03/2018 - 15:36:46 | D] - Sierra [25/01/2019 - 12:02:04 | D] - instaldor [28/01/2019 - 22:05:43 | D] - Jogos [26/05/2019 - 18:37:51 | HD] - VTRoot [22/09/2019 - 20:11:51 | D] - Boruto [07/12/2019 - 06:14:52 | D] - PerfLogs [11/07/2020 - 22:42:25 | D] - Python [26/09/2020 - 18:38:31 | HD] - $WinREAgent [29/09/2020 - 01:55:27 | SHD] - Recovery [14/11/2020 - 21:30:44 | D] - SecurityCheck [30/11/2020 - 16:58:48 | HD] - ProgramData [22/03/2021 - 12:07:29 | RD] - Users [22/03/2021 - 12:09:00 | RD] - Program Files [26/03/2021 - 16:11:16 | RD] - Program Files (x86) [28/03/2021 - 16:25:14 | D] - FRST [10/04/2021 - 20:19:32 | D] - Arquivos de Programas RFB [20/04/2021 - 18:30:01 | D] - Windows Infected elements : 0 Analyzed elements : 86318 in 00h 00m 23s # UsbFix-Report-47.txt [6740B] ------------ | E.O.F | # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : Shell Menu # User : Ivan (Administrator) # Device : IVAN-PC # Started : 21/04/2021 19:29:24 # ---------------------------------------------------- ------------ | Analyzed disks | H:\ FAT32 (2GB/4GB) [Removable] ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe, 04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe 04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade 04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe 04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe ------------ | Tasks | Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync ------------ | H:\ - Removable drive (FAT32) | [15/06/2013 - 09:35:56 | N | 0 Ko] - ~$Fromages_2013.pptx [10/04/2021 - 20:32:02 | D] - autorun.inf [12/04/2012 - 21:33:58 | D] - Backup pen drive [12/04/2012 - 21:34:48 | D] - Backup pendrive [12/04/2012 - 21:34:50 | D] - Arquivos 15 [12/04/2012 - 21:34:52 | D] - Arquivos 14 [12/04/2012 - 21:34:56 | D] - Arquivos 13 [17/11/2012 - 14:47:46 | D] - Arquivos 12 [17/11/2012 - 14:48:48 | D] - Arquivos 11 [17/11/2012 - 14:49:08 | D] - Arquivos 10 [19/11/2013 - 15:29:16 | D] - Arquivos 9 [25/02/2014 - 15:46:00 | D] - Arquivos 8 [24/11/2014 - 19:41:56 | D] - Arquivos 6 [27/02/2015 - 13:15:48 | D] - Arquivos 5 [23/09/2015 - 18:11:04 | D] - Arquivos 4 [06/06/2017 - 13:59:10 | D] - Arquivos 3 [10/08/2017 - 17:06:52 | D] - Arquivos 2 [19/09/2019 - 10:43:26 | D] - Arquivos 1 [21/04/2021 - 19:28:30 | RD] - Desktop Infected elements : 0 Analyzed elements : 9227 in 00h 00m 01s # UsbFix-Report-52.txt [5648B] ------------ | E.O.F |

Boa tarde, DigRam! Segue abaixo o relatório. Obrigada. Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 28-03-2021 Executado por Ivan (28-03-2021 16:01:53) Run:4 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: Ivan & Ana & postgres Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: Createrestorepoints: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe" HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe" Task: {166C390A-1AC0-4A57-9FB9-89C3C873F4D9} - \Adobe Flash Player Updater -> Nenhum Arquivo <==== ATENÇÃO Task: {D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6" SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000 -> URL hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_25050030005_76.0.3809.132_u_ds&p={searchTerms} SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1004 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=82_25050004005_65.0.2.15_u_ds&p={searchTerms} FirewallRules: [UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo FirewallRules: [TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo FirewallRules: [UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo FirewallRules: [{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo FirewallRules: [{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo EmptyTemp: Reboot: ***************** Processos fechados com sucesso. Createrestorepoints: => Erro: Nenhuma correção automática foi encontrada para esta entrada. HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso. HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk => Atalho argumento removido (a) com sucesso. "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL" => removido (a) com sucesso. HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}" => removido (a) com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 12607488 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 195212909 B Java, Flash, Steam htmlcache => 1095 B Windows/system/drivers => 141098158 B Edge => 0 B Chrome => 2284501 B Firefox => 1138797994 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 9019374 B Ivan => 1183767532 B Ana => 1441549614 B postgres => 1441549614 B RecycleBin => 775424631 B EmptyTemp: => 5.9 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 16:08:56 ====

Boa noite, DigRam! Conforme orientações, seguem os relatórios. Obrigada e desculpa pela demora! Obs.: Após o evento de troca de datas dos arquivos e outros, eu fiz uma varredura com o Win Defender, copiei os arquivos que não foram corrompidos para outro local e formatei o pendrive. # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : Windows # User : Ivan (Administrator) # Device : IVAN-PC # Started : 24/03/2021 18:43:05 # ---------------------------------------------------- ------------ | Analyzed disks | C:\ NTFS (216GB/465GB) [Fixed] ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe, 04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe 04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade 04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe 04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync ------------ | C:\ %SystemDrive% - Fixed drive (NTFS) | [13/09/2016 - 21:50:20 | A | 1 Ko] - DelFix.txt [24/03/2021 - 09:02:18 | ASH | 8 Ko] - DumpStack.log.tmp [24/03/2021 - 09:02:17 | ASH | 3138180 Ko] - hiberfil.sys [24/03/2021 - 09:02:18 | ASH | 262144 Ko] - swapfile.sys [24/03/2021 - 16:05:38 | ASH | 2438768 Ko] - pagefile.sys [06/10/2015 - 20:26:43 | A | 1 Ko] - .rnd [10/06/2020 - 20:06:24 | SHD] - Config.Msi [06/03/2017 - 22:23:55 | A | 2 Ko] - console.log [20/02/2021 - 13:19:26 | ASH | 8 Ko] - DumpStack.log [25/09/2018 - 12:02:57 | SH | 0 Ko] - bootTel.dat [30/11/2020 - 22:43:52 | SHD] - $Recycle.Bin [14/07/2009 - 02:08:56 | SHD] - Documents and Settings [12/11/2013 - 09:06:26 | SHD] - Arquivos de Programas [12/11/2013 - 10:20:06 | RHD] - MSOCache [06/02/2014 - 12:56:19 | D] - Php2 [06/02/2014 - 13:13:19 | D] - PHP [06/07/2014 - 15:26:11 | D] - ODF_MAINFRAME [15/12/2014 - 09:21:55 | D] - temp [06/02/2015 - 16:28:10 | D] - Level up [01/09/2015 - 10:08:30 | D] - MySQL_1 [23/09/2015 - 01:08:37 | D] - 3aeb140115f410706a411c [30/10/2015 - 04:18:34 | ASH | 0 Ko] - BOOTNXT [07/09/2017 - 21:37:32 | D] - dosprog [02/03/2018 - 14:47:49 | HD] - $SysReset [03/03/2018 - 12:13:01 | RSHD] - Office Activation Technologies [24/03/2018 - 15:36:46 | D] - Sierra [25/01/2019 - 12:02:04 | D] - instaldor [28/01/2019 - 22:05:43 | D] - Jogos [26/05/2019 - 18:37:51 | HD] - VTRoot [22/09/2019 - 20:11:51 | D] - Boruto [07/12/2019 - 06:14:52 | D] - PerfLogs [20/02/2020 - 17:16:08 | D] - Arquivos de Programas RFB [11/07/2020 - 22:42:25 | D] - Python [26/09/2020 - 18:38:31 | HD] - $WinREAgent [29/09/2020 - 01:55:27 | SHD] - Recovery [14/11/2020 - 21:30:44 | D] - SecurityCheck [30/11/2020 - 16:58:48 | HD] - ProgramData [28/02/2021 - 19:33:11 | D] - FRST [12/03/2021 - 00:46:33 | D] - Windows [22/03/2021 - 12:07:29 | RD] - Users [22/03/2021 - 12:09:00 | RD] - Program Files [24/03/2021 - 18:41:55 | RD] - Program Files (x86) Infected elements : 0 Analyzed elements : 88788 in 00h 00m 51s # UsbFix-Report-01.txt [6841B] ------------ | E.O.F | # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : USB # User : Ivan (Administrator) # Device : IVAN-PC # Started : 24/03/2021 18:48:14 # ---------------------------------------------------- ------------ | Analyzed disks | H:\ FAT32 (8GB/8GB) [Removable] ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe, 04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe 04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe 04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe" 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup 04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade 04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe 04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe 04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync ------------ | H:\ - Removable drive (FAT32) | Infected elements : 0 Analyzed elements : 65992 in 00h 00m 12s # UsbFix-Report-01.txt [4912B] ------------ | E.O.F |

Seguem links dos logs do FRST para análise: https://www.cjoint.com/c/IEuvOzhKaPa https://www.cjoint.com/c/IEuvQSrcnWa Obrigada.

Boa noite, DigRam! Foram feitas as desinstalações sugeridas, exceto o AnyDesk. Obrigada e desculpa pela demora!

Boa noite, DigRam! A lentidão diminuiu. Segue abaixo relatório. Obrigada! SecurityCheck by glax24 & Severnyj v.1.4.0.53 [27.10.17] WebSite: www.safezone.cc DateLog: 14.11.2020 21:30:44 Path starting: C:\Users\Ivan\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Ivan VersionXML: 7.94s-04.10.2020 ___________________________________________________________________________ Windows 10(6.3.19041) (x64) Core Release: 2004 Lang: Portuguese(0416) Installation date OS: 29.09.2020 04:57:49 LicenseStatus: Windows(R), Core edition The machine is permanently activated. LicenseStatus: Office 15, OfficeProPlusVL_KMS_Client edition Windows is in Notification mode Boot Mode: Normal Default Browser: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [182.9 Gb] Free: [282.3 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.572.19041.0 [+] User Account Control enabled (Level 3) Automatically download and schedule installation Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviços de Área de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2013 x86 v.15.0.4569.1506 ---------------------------- [ Antivirus_WMI ] ---------------------------- Windows Defender (enabled and up to date) ---------------------------- [ Firewall_WMI ] ----------------------------- COMODO Firewall (disabled) COMODO Firewall (disabled) -------------------------- [ SecurityUtilities ] -------------------------- Internet Security Essentials v.1.6.472587.185 --------------------------- [ OtherUtilities ] ---------------------------- VLC media player v.3.0.11 Microsoft Silverlight v.5.1.50918.0 Cisco Webex Meetings v.40.10.3 [+] Microsoft OneDrive v.20.169.0823.0008 [+] Zoom v.5.0 Warning! Download Update Python 3.7.3 (32-bit) v.3.7.3150.0 Warning! Download Update K-Lite Codec Pack 10.0.0 Full v.10.0.0 Warning! Download Update TeamViewer v.15.8.3 Warning! Download Update TeamViewer (TeamViewer) - The service is running -------------------------------- [ Arch ] --------------------------------- WinRAR 4.20 (32-bit) v.4.20.0 Warning! Download Update --------------------------------- [ IM ] ---------------------------------- Discord v.0.0.306 Warning! Download Update Telegram Desktop version 2.4.1 v.2.4.1 Warning! Download Update ---------------------------- [ ProxyAndVPNs ] ----------------------------- McAfee Safe Connect v.1.6.0.223 --------------------------------- [ SPY ] --------------------------------- AnyDesk v.ad 6.0.7 Warning! RAT!. -------------------------------- [ Java ] --------------------------------- Java 8 Update 261 v.8.0.2610.12 --------------------------- [ AdobeProduction ] --------------------------- Adobe AIR v.18.0.0.144 Warning! Download Update Adobe Flash Player 32 NPAPI v.32.0.0.453 [+] Adobe Flash Player 32 PPAPI v.32.0.0.453 [+] Adobe Shockwave Player 12.0 v.12.0.3.133 Warning! This software is no longer supported. Please uninstall it. swMSM v.12.0.0.1 << Hidden Warning! This software is no longer supported. Please uninstall it. Adobe Reader XI (11.0.23) v.11.0.23 Warning! This software is no longer supported. Please uninstall it and use Adobe Acrobat Reader DC. ------------------------------- [ Browser ] ------------------------------- Mozilla Firefox 82.0.3 (x64 pt-BR) v.82.0.3 [+] Google Chrome v.86.0.4240.193 [+] Microsoft Edge v.86.0.622.69 [+] ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files (x86)\Comodo\Internet Security Essentials\vkise.exe v.1.6.13835.185 isesrv (isesrv) - The service is running C:\Program Files (x86)\Comodo\Internet Security Essentials\isesrv.exe v.1.6.13835.185 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\MsMpEng.exe v.4.18.2010.7 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2010.7-0\NisSrv.exe v.4.18.2010.7 Serviço Microsoft Defender Antivírus (WinDefend) - The service is running Serviço de Inspeção de Rede do Microsoft Defender Antivírus (WdNisSvc) - The service is running ---------------------------- [ UnwantedApps ] ----------------------------- McAfee Security Scan Plus v.3.11.1924.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. VdhCoApp 1.5.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Paltalk Warning! Suspected Adware! If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware and Malwarebytes AdwCleaner. Before uninstallation and scanning it is necessary to consult in the forum where cure is provided for you!!! ----------------------------- [ End of Log ] ------------------------------

Boa noite segue o log, Perdão pela demora Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 24-10-2020 Executado por Ivan (24-10-2020 21:31:26) Run:3 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: Ivan & Ana Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: COMODO Firewall (HKLM\...\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}) (Version: 12.2.2.7036 - COMODO Security Solutions Inc.) Hidden FirewallRules: [{774701DB-F707-4453-9472-6F8C3C282346}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo FirewallRules: [UDP Query User{F5D5078A-D2C9-457D-880B-C80037C10552}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => Nenhum Arquivo FirewallRules: [TCP Query User{B410A6D0-575A-441C-B4BE-2BF74902DC48}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe => Nenhum Arquivo HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\StartupApproved\Run: => "McAfeeSafeConnect" ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6" EmptyTemp: Reboot: ***************** Processos fechados com sucesso. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0E9AFD45-C3BA-41D1-B54B-495A22CB3409}\\SystemComponent" => não encontrado (a) "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{774701DB-F707-4453-9472-6F8C3C282346}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F5D5078A-D2C9-457D-880B-C80037C10552}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B410A6D0-575A-441C-B4BE-2BF74902DC48}C:\program files (x86)\java\jre1.8.0_241\bin\javaw.exe" => removido (a) com sucesso. "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\McAfeeSafeConnect" => removido (a) com sucesso. "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\McAfeeSafeConnect" => não encontrado (a) C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Google Chrome.lnk => Atalho argumento removido (a) com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 12345344 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 55381551 B Java, Flash, Steam htmlcache => 291 B Windows/system/drivers => 620486 B Edge => 0 B Chrome => 23729963 B Firefox => 801299193 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B

Boa noite, DigRam! Seguem: - Link para o relatório Addition.txt: https://www.cjoint.com/c/JJqbe6XrveV - Relatório Fixlog.txt. Muito obrigada! Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-10-2020 Executado por Ivan (15-10-2020 21:08:55) Run:2 Executando a partir de C:\Users\Ana\Desktop Perfis Carregados: Ivan Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: (McAfee, LLC -> McAfee, LLC) C:\FRST\Quarantine\C\Program Files\McAfee Security Scan\3.11.1924\SSScheduler.exe HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1112960 2018-03-14] (AnchorFree Inc -> McAfee Inc.) HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2020-08-14] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.1924\SSScheduler.exe (Nenhum Arquivo) Task: {12B7BC63-E09C-4BBE-85B2-C3F1649FFCF0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.) 2020-10-09 10:22 - 2020-10-09 10:22 - 000000000 ____D C:\Users\Todos os Usuários\McAfee 2020-10-09 10:22 - 2020-10-09 10:22 - 000000000 ____D C:\ProgramData\McAfee 2020-09-29 01:54 - 2020-10-13 18:36 - 000004612 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier 2020-09-29 01:54 - 2020-10-13 17:36 - 000004642 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier 2020-09-29 01:54 - 2020-10-13 17:36 - 000004494 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater 2020-09-25 10:23 - 2020-08-14 10:57 - 000000000 ____D C:\Users\Todos os Usuários\McAfee Security Scan 2020-09-25 10:23 - 2020-08-14 10:57 - 000000000 ____D C:\ProgramData\McAfee Security Scan 2020-07-18 22:00 - 2020-07-18 22:00 - 000004608 _____ () C:\Users\Ivan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini EmptyTemp: Reboot: Hosts: ***************** Processos fechados com sucesso. C:\FRST\Quarantine\C\Program Files\McAfee Security Scan\3.11.1924\SSScheduler.exe => Não foi encontrado em execução o processo "HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\Software\Microsoft\Windows\CurrentVersion\Run\\McAfeeSafeConnect" => removido (a) com sucesso. HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => movido com sucesso "C:\Program Files\McAfee Security Scan\3.11.1924\SSScheduler.exe" => não encontrado (a) "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{12B7BC63-E09C-4BBE-85B2-C3F1649FFCF0}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12B7BC63-E09C-4BBE-85B2-C3F1649FFCF0}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. C:\Users\Todos os Usuários\McAfee => movido com sucesso "C:\ProgramData\McAfee" => não encontrado (a) C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier => movido com sucesso C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier => movido com sucesso C:\WINDOWS\system32\Tasks\Adobe Flash Player Updater => movido com sucesso C:\Users\Todos os Usuários\McAfee Security Scan => movido com sucesso "C:\ProgramData\McAfee Security Scan" => não encontrado (a) C:\Users\Ivan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => movido com sucesso C:\Windows\System32\Drivers\etc\hosts => movido com sucesso Hosts restaurado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 12345344 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54565276 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 239795 B Edge => 0 B Chrome => 46835686 B Firefox => 381724413 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 43688 B Ivan => 651231180 B Ana => 651231180 B RecycleBin => 201680724 B EmptyTemp: => 1.9 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 21:11:40 ====

Boa tarde, DigRam! Desculpa pela demora. Segue link para os logs: https://www.cjoint.com/c/JJpsoS7xi4E Obrigada.

Boa tarde, DigRam! Tudo ok pela demora! O importante é ficar bem de saúde. Eu gerei o log anterior em um usuário não administrador. Hoje, não verifiquei o primeiro item (BCD). Se for ncessário, posso gerar outro log e aí em um usuário administrador. Segue log, conforme solicitado por ti. Muito obrigada! __________________________________________________________________________________________________________

JOGO 01: LIVERPOOL-ING