Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 20-01-2023 Executado por User (23-01-2023 11:54:55) Executando a partir de C:\Users\User\Desktop Microsoft Windows 10 Pro Versão 21H2 19044.2486 (X64) (2019-12-07 07:05:46) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-1657209916-3698779994-3562846091-500 - Administrator - Disabled) Convidado (S-1-5-21-1657209916-3698779994-3562846091-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1657209916-3698779994-3562846091-503 - Limited - Disabled) User (S-1-5-21-1657209916-3698779994-3562846091-1001 - Administrator - Enabled) => C:\Users\User WDAGUtilityAccount (S-1-5-21-1657209916-3698779994-3562846091-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 22.003.20310 - Adobe) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden Amazon Games (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\{4DD10B06-78A4-4E6F-AA39-25E9C38FA568}) (Version: 2.3.8425.2 - Amazon.com Services, Inc.) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 22.12.6044 - Avast Software) Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 109.1.47.171 - Autores do Brave) Discord (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\Discord) (Version: 1.0.9007 - Discord Inc.) EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.89.0.5346 - Electronic Arts) Hidden EA app (HKLM-x32\...\{014fa904-eb9d-4318-8434-c40951edfdb8}) (Version: 12.89.0.5346 - Electronic Arts) Epic Games Launcher (HKLM-x32\...\{792AE4CE-8FD8-406B-82D7-4C3374E402F3}) (Version: 1.3.51.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Epic Online Services (HKLM-x32\...\{19695986-25CE-41AC-9C6F-54794653EDBA}) (Version: 2.0.36.0 - Epic Games, Inc.) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.5 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{DBC38C08-9FB5-43A5-B6BA-EB10AC7DA570}) (Version: 3.11.0053 - Seiko Epson Corporation) EPSON L3250 Series Printer Uninstall (HKLM\...\EPSON L3250 Series) (Version: - Seiko Epson Corporation) Epson Photo+ (HKLM-x32\...\{5DCB4864-C363-4654-89BF-42660B841136}) (Version: 3.7.1.0 - Seiko Epson Corporation) Epson Printer Connection Checker (HKLM-x32\...\{562C1C83-6199-49DD-987B-60D5FF7BC971}) (Version: 3.3.2.0 - Seiko Epson Corporation) Epson Scan 2 (HKLM-x32\...\Epson Scan 2) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 3.00.04 - SEIKO EPSON Corp.) EPSON Scan PDF EXtensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.02 - SEIKO EPSON Corp.) Epson ScanSmart (HKLM-x32\...\{948F96A1-DA95-455C-8086-A77CDC184770}) (Version: 3.6.5 - Seiko Epson Corporation) Epson Software Updater (HKLM-x32\...\{26A9B753-4B5D-46D8-A329-5CEF96FC22D2}) (Version: 4.6.5 - Seiko Epson Corporation) EpsonNet Print (HKLM\...\{96ED1D58-440C-4345-8FEE-C4781366C67F}) (Version: 3.1.4.0 - SEIKO EPSON Corporation) FormatFactory 5.13.0.0 (HKLM-x32\...\FormatFactory) (Version: 5.13.0.0 - Free Time) Fortrek G Pro K7 PLUS (HKLM-x32\...\{CEC46A8A-2B68-4AE4-871D-59622D67C88F}_is1) (Version: 1.0.4 - Fortrek) GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.75 - Google LLC) Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) Java 8 Update 341 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180341F0}) (Version: 8.0.3410.10 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Manual Epson L3250_L3251 (HKLM-x32\...\UsersGuideManual Epson L3250_L3251_is1) (Version: 1.0 - Epson America, Inc.) Microsoft .NET Host - 5.0.10 (x86) (HKLM-x32\...\{EEC610D2-6934-4567-A658-092A1429A21A}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.10 (x86) (HKLM-x32\...\{29F55E7D-9FB8-4F1D-A233-1F5995CB0FF5}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.10 (x86) (HKLM-x32\...\{17675144-2D5B-4BA3-AF21-A65F7D824149}) (Version: 40.40.30412 - Microsoft Corporation) Hidden Microsoft 365 Apps para Grandes Empresas - pt-br (HKLM\...\O365ProPlusRetail - pt-br) (Version: 16.0.15629.20156 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.61 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.61 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{6BBE9278-659F-FA16-E4B8-C2D60DE0DCC7}) (Version: 10.1.22621.1863 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.002.0102.0004 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\Teams) (Version: 1.5.00.8070 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016 (HKLM\...\{F07B1E25-5670-4556-9C7F-5A1966C83269}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016 (HKLM\...\{E493B8F4-E300-43EC-95D0-BDF3711297EA}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016 (HKLM-x32\...\{5CD4E357-9ED6-42AC-B654-F1FC21DD60C9}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016 (HKLM-x32\...\{E2C131AD-D30F-4D67-ACE9-B3D485E84DA8}) (Version: 14.27.29016 - Microsoft Corporation) Hidden Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{ba8ab6bd-ad21-447e-b617-feee84353247}) (Version: 5.0.10.30418 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 5.0.10 (x86) (HKLM-x32\...\{DCE5198A-7449-4F9F-A630-C8363759D0FB}) (Version: 40.40.30418 - Microsoft Corporation) Hidden Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 106.0 (x64 pt-BR)) (Version: 106.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 105.0.3 - Mozilla) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20156 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.5.116.52126 - Electronic Arts, Inc.) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9239.1 - Realtek Semiconductor Corp.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation) TeamViewer (HKLM\...\TeamViewer) (Version: 15.34.4 - TeamViewer) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 135.0.10753 - Ubisoft) Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) WhatsApp (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\WhatsApp) (Version: 2.2246.10 - WhatsApp) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) ZombsRoyale.io (HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\519338998791929866) (Version: - ) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.39.3.0_x64__6rarf9sa4v8jt [2022-10-13] (Disney) Email e Calendário -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad] iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa [2023-01-22] (Apple Inc.) [Startup Task] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2019-12-07] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2022-10-13] (Microsoft Studios) [MS Ad] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.5002.0_x64__8wekyb3d8bbwe [2022-11-30] (Microsoft Studios) Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2022-11-05] (Microsoft Studios) MSN Clima -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2022-10-13] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c [2022-10-13] (Skype) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0 [2022-10-13] (Spotify AB) [Startup Task] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-1657209916-3698779994-3562846091-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22062.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2022-04-19] (Free Time) [Arquivo não assinado] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [FormatFactoryShell] -> {A3888923-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FormatFactory\ShellEx_108.dll [2022-04-19] (Free Time) [Arquivo não assinado] ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.002.0102.0004\FileSyncShell64.dll [2023-01-21] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2023-01-22] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2022-03-03] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\User\Desktop\Joana - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\J - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 1" ==================== Módulos Carregados (Whitelisted) ============= 2020-02-07 17:20 - 2020-02-07 17:20 - 000132096 _____ (Seiko Epson Corporation) [Arquivo não assinado] C:\Program Files (x86)\Epson Software\Event Manager\epnsm.dll 2018-03-05 16:41 - 2018-03-05 16:41 - 000057856 _____ (Seiko Epson Corporation) [Arquivo não assinado] C:\Program Files (x86)\Epson Software\Event Manager\EPNWPSHDevFinder.DLL 2009-10-21 17:39 - 2009-10-21 17:39 - 000291328 _____ (SEIKO EPSON CORPORATION) [Arquivo não assinado] C:\Program Files (x86)\Epson Software\Event Manager\LcMgr.dll 2016-09-14 14:31 - 2016-09-14 14:31 - 000500736 ____S (SEIKO EPSON CORPORATION) [Arquivo não assinado] C:\Windows\System32\enppmon.dll 2022-10-22 20:30 - 2022-10-22 20:30 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] C:\Program Files (x86)\Origin\LIBEAY32.dll 2022-10-22 20:30 - 2022-10-22 20:30 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Arquivo não assinado] C:\Program Files (x86)\Origin\ssleay32.dll 2022-10-22 20:30 - 2022-10-22 20:30 - 001611264 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\platforms\qwindows.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 005487104 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Core.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 005841920 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Gui.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 001179136 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Network.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 000146432 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5WebSockets.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 005089792 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Widgets.dll 2022-11-14 15:09 - 2022-10-22 20:30 - 000184832 _____ (The Qt Company Ltd) [Arquivo não assinado] C:\Program Files (x86)\Origin\Qt5Xml.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_341\bin\ssv.dll [2022-10-13] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_341\bin\jp2ssv.dll [2022-10-13] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-13] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\localhost -> localhost ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-12-07 06:14 - 2019-12-07 06:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\dotnet\ HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "GogGalaxy" HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "EADM" HKU\S-1-5-21-1657209916-3698779994-3562846091-1001\...\StartupApproved\Run: => "Steam" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{4C27E999-B343-4C1E-BBF0-74D200E1AC39}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{785F03AD-29C8-4C21-93AD-41BC32EB4450}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{4D00FA10-2161-4571-8A8C-956CBA56CC31}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{08875B5A-025C-43AA-825A-600E780EC2A1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{7497319A-E41C-47C4-A494-2ADB5D48DACB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{4D58A185-9BDA-4E68-B443-A76FA1BDA3C3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{7B8CFCCE-FA4A-4993-9E96-543EB8D1445A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{32C00CBF-B073-4227-8CE4-953D3D059FC5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3C50A3AF-A065-4371-9529-9A5FC38A9A86}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C2DD29A2-1DFA-4A8B-BFF3-15A933FA9831}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3EA88C6F-E5E1-476D-8E91-22ABB07255D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E90695D1-DC9F-4184-BF18-D56F42DB3545}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{506592D5-ABD8-4A46-9BC5-0F855CB3E013}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7C1983F7-062B-4BA0-8E49-AA1CC2C31C89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D9D51054-B65F-4204-9434-CBB97E59C1B7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7264278B-8955-4A97-B000-32B07AF5B0C2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{5DC565DA-7022-4F9D-9D2D-6BEB8430BCB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3F58395D-C15E-4C96-BC80-2B690647FCF2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{A07F2489-1E9A-4E98-9FE5-A8034EAD0E98}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.195.893.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{AE6B0910-FC61-41BB-AD8A-99845FFD792E}D:\driver pc\samdrivers_17.2.2\sdi64-drv.exe] => (Allow) D:\driver pc\samdrivers_17.2.2\sdi64-drv.exe => Nenhum Arquivo FirewallRules: [UDP Query User{AA06E31C-9AE2-41DB-AFB9-313CD3F08048}D:\driver pc\samdrivers_17.2.2\sdi64-drv.exe] => (Allow) D:\driver pc\samdrivers_17.2.2\sdi64-drv.exe => Nenhum Arquivo FirewallRules: [TCP Query User{2B36607D-D3A8-49D0-A67B-D1005E663F49}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{92CCC004-150B-492A-ADEC-C16A95C5A78A}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{9D8DE5C2-70D9-4F46-87C3-84AB0417338C}] => (Allow) C:\Users\User\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => Nenhum Arquivo FirewallRules: [{4908C8DE-C6C8-4E9C-BB0D-10B75B63AECF}] => (Allow) C:\Users\User\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => Nenhum Arquivo FirewallRules: [{BA5311F5-D427-4D93-AD34-DC7E3CF613C3}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [Arquivo não assinado] FirewallRules: [{4F80B0CC-404D-4BC5-8A6E-48BCED0BAE5F}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (Seiko Epson Corporation) [Arquivo não assinado] FirewallRules: [{8162F15F-9025-41AB-A409-891DBFF51E2E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{0FF2022B-5C9C-4F0B-832E-2B1566B353CB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CE0CA775-D11B-4051-BD12-474B65986DA8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{67EFD69B-139A-4873-B383-E44C2EB61A0A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{A062830A-97ED-482A-B62D-B98259AF5923}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [TCP Query User{D6238ABE-A124-4572-B548-1D27238EF20F}C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [UDP Query User{EE9848D0-564B-49A3-BBA2-F96254C7F15F}C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [TCP Query User{B1826536-3176-4067-A0B9-1BB6585F5C75}C:\users\user\downloads\anydesk (1).exe] => (Allow) C:\users\user\downloads\anydesk (1).exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [UDP Query User{F8BD1448-DEC7-4D4D-870D-724B1D793C55}C:\users\user\downloads\anydesk (1).exe] => (Allow) C:\users\user\downloads\anydesk (1).exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [TCP Query User{47F1BA21-79D1-4816-97B6-559E95761935}C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [UDP Query User{5F38B068-26D6-44D8-864A-A277BCDC5FF0}C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\user\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [TCP Query User{E1140E46-4965-4D85-8D29-CE6EDAC1B8AA}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{72828221-1BE4-4A67-9C72-5EBFE5BDDAEC}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{F8F56E85-D5BA-4622-AD26-6557A89D0D05}] => (Allow) C:\Users\User\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => Nenhum Arquivo FirewallRules: [{A3B1FB12-BFAE-4146-9223-632391F393D8}] => (Allow) C:\Users\User\AppData\Local\Temp\EpInsNav\DL\3013\Network\EpsonNetSetup\Data\ENEasyApp.exe => Nenhum Arquivo FirewallRules: [{D5049A7C-6A86-4E6E-AA6B-1DF6B66331DF}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe (Free Time Software Technology Co., Ltd. -> Free Time Co., Ltd.) FirewallRules: [{F117EA1A-3911-4FCA-8D56-3ED4D92452B3}] => (Allow) C:\Users\User\Downloads\anydesk-7.1.6-installer.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{632BF9C2-0F41-441E-920F-4DB5BB671CE8}] => (Allow) C:\Users\User\Downloads\anydesk-7.1.6-installer.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{5A5041D9-BBED-4AEA-BE24-FB78AF143C9D}] => (Allow) C:\Users\User\Downloads\anydesk-7.1.6-installer.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{183E0D83-2608-4172-A9C6-989F3A8B0F12}] => (Allow) C:\Users\User\Downloads\anydesk-7.1.6-installer.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{9523CE80-6030-4744-8EFC-9635D089DBB3}] => (Allow) C:\Users\User\Downloads\anydesk-7.1.6-installer.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{15556A07-304B-4A7B-8491-006334A0CB9E}] => (Allow) C:\Users\User\Downloads\anydesk-7.1.6-installer.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [TCP Query User{892DA57D-986D-48FE-852C-D0B8E07B5FF2}C:\users\user\desktop\joana\anydesk.exe] => (Allow) C:\users\user\desktop\joana\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [UDP Query User{7BC12FB8-8A3F-44E5-B120-EFA8D91D07C3}C:\users\user\desktop\joana\anydesk.exe] => (Allow) C:\users\user\desktop\joana\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH) FirewallRules: [{CF9E98B1-DBB8-4754-8336-16CB5D65B3AE}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin’s Creed Chronicles Russia\Binaries\Win32\ACCGame-Win32-Shipping.exe => Nenhum Arquivo FirewallRules: [{E83A611C-D000-4C5F-9D64-C019D90831EF}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin’s Creed Chronicles Russia\Binaries\Win32\ACCGame-Win32-Shipping.exe => Nenhum Arquivo FirewallRules: [{FEB66984-DF6F-423E-8F1F-5AF5461E7072}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{389373AD-567C-44AB-AF52-78AAD9AFC3F1}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{4A67598B-369A-4F56-A5EE-0F49634AA00A}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera GX\94.0.4606.69\opera.exe => Nenhum Arquivo FirewallRules: [{40341094-BC1C-4ABC-98F6-AD5DEFDAEA4D}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe => Nenhum Arquivo FirewallRules: [{DFB76611-AF17-493C-AA68-F959F7B9DF19}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe => Nenhum Arquivo FirewallRules: [{0F3A3A36-FCBD-4800-ACEF-002EA2997CD7}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe => Nenhum Arquivo FirewallRules: [{83145C0D-0FD8-4632-B4CE-5E67C87C5D61}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe => Nenhum Arquivo FirewallRules: [{F97FE293-A4CD-491D-915C-3386F23DA35E}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{3F3AF12E-5863-48D8-8FE7-394ABD2A3FE0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{23377AD1-E642-4E01-9FA9-101F3CA8BB6F}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{8CA0F2FD-C450-4F0D-9F61-2463D8ED1427}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{6386AF0C-A614-41CD-A4F4-F2533604F645}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts) FirewallRules: [{B9E197CD-FF1B-416D-A928-F150CE2376AC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.61\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{606E296A-3A27-4299-9E6D-3A75FA175529}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{876FB254-1490-4775-86E7-4D247AD7ABE3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D214F393-8954-46CB-83B7-F7924F0A16DE}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{00B09B07-3DE3-46E9-8F1B-3DB8E3568A93}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{00FF55D6-D8D6-4809-8AED-A72C2489EC7A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{10EA055A-5EAA-49DC-B994-A7D2B01F0D34}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1B6A99F3-F4E0-4E12-80AE-38291D13CF39}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B3B5A40F-8616-4A3C-83DE-51F02C3A36C4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12127.1.57051.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{252591D5-2DDD-4E0E-9FA0-A6C773DE91DE}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) FirewallRules: [{469D3D8E-F0B9-4C64-AEB9-EF34F706D030}] => (Allow) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software) ==================== Pontos de Restauração ========================= 07-01-2023 14:14:17 Ponto de Verificação Agendado 09-01-2023 19:03:21 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 10-01-2023 22:29:08 Instalador de Módulos do Windows 18-01-2023 09:50:11 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (01/22/2023 07:48:54 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: A Central de Segurança não validou o chamador com o erro %1. Error: (01/22/2023 07:40:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa FRST64.exe versão 20.1.2023.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 1554 Hora de Início: 01d92eb043a78dae Hora de Término: 4294967295 Caminho do Aplicativo: C:\Users\User\Desktop\FRST64.exe ID do Relatório: 2f02113b-64e1-4cb4-90d8-c1c38b006631 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Tipo com falha: Top level window is idle Error: (01/22/2023 07:17:50 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: A Central de Segurança não validou o chamador com o erro %1. Error: (01/21/2023 11:37:31 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Error: (01/21/2023 11:37:31 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado. ] Error: (01/21/2023 08:02:02 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: Microsoft.SharePoint.exe, versão: 23.2.102.4, carimbo de data/hora: 0x9ff405d5 Nome do módulo com falha: ucrtbase.dll, versão: 10.0.19041.789, carimbo de data/hora: 0x2bd748bf Código de exceção: 0xc0000409 Deslocamento da falha: 0x000000000007286e ID do processo com falha: 0x1164 Hora de início do aplicativo com falha: 0x01d92d87c5935901 Caminho do aplicativo com falha: C:\Program Files\Microsoft OneDrive\23.002.0102.0004\Microsoft.SharePoint.exe Caminho do módulo com falha: C:\Windows\System32\ucrtbase.dll ID do Relatório: 382f71bb-2807-4349-b64c-609a06d62205 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (01/20/2023 11:20:09 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em (C:) devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A) Error: (01/20/2023 10:59:21 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: ) Description: Não foi possível concluir o otimizador de armazenamento otimizar novamente em Reservado pelo Sistema devido a: A operação solicitada não é compatível com o hardware que contém o volume. (0x8900002A) Erros de Sistema: ============= Error: (01/23/2023 11:34:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço AltruisticsService foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 100 milissegundos: Reiniciar o serviço. Error: (01/23/2023 09:44:31 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço AltruisticsService foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 100 milissegundos: Reiniciar o serviço. Error: (01/22/2023 07:21:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Microsoft Office Click-to-Run Service foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (01/22/2023 07:21:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço AltruisticsService foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 100 milissegundos: Reiniciar o serviço. Error: (01/22/2023 07:21:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço GameInput Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar o serviço. Error: (01/22/2023 07:21:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço FeelgoodDestroyaWH foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 100 milissegundos: Reiniciar o serviço. Error: (01/22/2023 07:19:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço AltruisticsService foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 100 milissegundos: Reiniciar o serviço. Error: (01/22/2023 07:19:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Microsoft Office Click-to-Run Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Windows Defender: ================ Date: 2023-01-18 12:55:35 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Malgent!MSR&threatid=2147742994&enterprise=0 Nome: Trojan:Win32/Malgent!MSR Gravidade: Grave Categoria: Cavalo de Tróia Caminho: file:_C:\Program Files (x86)\Stereotyped Arithmetic Solution\Performance\PerformanceA.exe Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: DESKTOP-8MSIH6J\User Nome do Processo: C:\Program Files (x86)\Stereotyped Arithmetic Solution\pcapd.exe Versão da Inteligência de Segurança: AV: 1.381.2379.0, AS: 1.381.2379.0, NIS: 1.381.2379.0 Versão do Mecanismo: AM: 1.1.19900.2, NIS: 1.1.19900.2 Date: 2023-01-18 12:49:39 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Malgent!MSR&threatid=2147742994&enterprise=0 Nome: Trojan:Win32/Malgent!MSR Gravidade: Grave Categoria: Cavalo de Tróia Caminho: file:_C:\Program Files (x86)\Stereotyped Arithmetic Solution\Performance\PerformanceA.exe Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: DESKTOP-8MSIH6J\User Nome do Processo: C:\Program Files (x86)\Stereotyped Arithmetic Solution\pcapd.exe Versão da Inteligência de Segurança: AV: 1.381.2379.0, AS: 1.381.2379.0, NIS: 1.381.2379.0 Versão do Mecanismo: AM: 1.1.19900.2, NIS: 1.1.19900.2 Date: 2023-01-18 12:38:30 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Malgent!MSR&threatid=2147742994&enterprise=0 Nome: Trojan:Win32/Malgent!MSR Gravidade: Grave Categoria: Cavalo de Tróia Caminho: file:_C:\Program Files (x86)\Stereotyped Arithmetic Solution\Performance\PerformanceA.exe Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: DESKTOP-8MSIH6J\User Nome do Processo: C:\Program Files (x86)\Stereotyped Arithmetic Solution\pcapd.exe Versão da Inteligência de Segurança: AV: 1.381.2366.0, AS: 1.381.2366.0, NIS: 1.381.2366.0 Versão do Mecanismo: AM: 1.1.19900.2, NIS: 1.1.19900.2 Date: 2023-01-18 09:48:09 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {AA8BBEC3-3A9D-456A-9BCD-A3D0B9F534E2} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2023-01-16 22:59:02 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {C35A1BCF-66AC-441D-B259-FB50A4110C57} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA  CodeIntegrity: =============== Date: 2023-01-23 10:01:32 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. Date: 2023-01-23 08:34:59 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Avast Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements. ==================== Informações da Memória =========================== BIOS: Award Software International, Inc. F1 12/24/2010 placa-mãe: Gigabyte Technology Co., Ltd. M68MT-S2P Processador: AMD Athlon(tm) II X2 270 Processor Percentagem de memória em uso: 89% RAM física total: 4094.46 MB RAM física disponível: 449.61 MB Virtual Total: 6506.69 MB Virtual disponível: 1840.87 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.57 GB) (Free:312.86 GB) (Model: SanDisk SSD PLUS 480 SCSI Disk Device) NTFS \\?\Volume{5f201af2-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS \\?\Volume{5f201af2-0000-0000-0000-d0a76f000000}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 5F201AF2) Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=519 MB) - (Type=27) ==================== Fim de Addition.txt =======================