[SOLVED] Need some help here.

jccruz · May 18, 2022

Greetings, first of all i want to thank "axe0" for the help in this thread Unable to clear protection history in Windows Defender if he passes by through here the logs are attached, sorry they are in portuguese, FRST assumed automatically the native language

@axe0

Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 18-05-2022
Executado por Utilizador (administrador) em JCCRUZ (Hewlett-Packard HP EliteBook 840 G2) (18-05-2022 17:24:38)
Executando a partir de C:\Users\Utilizador\Downloads
Perfis Carregados: Utilizador
Plataforma: Microsoft Windows 10 Pro Versão 21H2 19044.1706 (X64) Idioma: Português (Portugal)
Navegador padrão: Edge
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8515832 2015-08-19] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [225280 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare software CO., LIMITED -> Wondershare)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2637200 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [Free Download Manager] => C:\Users\Utilizador\AppData\Local\Softdeluxe\Free Download Manager\fdm.exe [4960768 2021-04-16] (Softdeluxe) [Arquivo não assinado]
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [36836592 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Utilizador\AppData\Local\Microsoft\Teams\Update.exe [2489016 2022-02-16] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [pteid] => C:\Program Files\Portugal Identity Card\pteidguiV2.exe [2286080 2021-12-15] (Portuguese Government) [Arquivo não assinado]
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Run: [MicrosoftEdgeAutoLaunch_275433059902538E565B89FC49C29F5C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3547048 2022-05-12] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\Windows\system32\WSPDFelementMonitor.dll [286264 2020-10-23] (Wondershare Technology Co.,Ltd -> Wondershare Software)
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {1B338406-3BA9-41D4-9F05-D1A8F96BF74E} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {264FD1E4-2C6C-46E5-BD97-4DC5152B65C0} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4215696 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {3817E056-FF10-4B90-AB97-32A0F597CEFE} - System32\Tasks\CCleanerSkipUAC - Utilizador => C:\Program Files\CCleaner\CCleaner.exe [30924528 2022-05-11] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {3DDF37A1-97B9-4ECB-9665-E59E3C164A1E} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NoUACCheck
Task: {4913F685-99DD-49FE-96A2-A5F0266B2E17} - System32\Tasks\Hewlett-Packard\HP Web Products Detection => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPWPD.exe /Register (Nenhum Arquivo)
Task: {492BFAA0-CDF7-4820-83D4-25A4C3BF2122} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4215696 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D15D004-FB65-4671-9846-6CD8F1572B67} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8377312 2022-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6169AD00-B12D-4F5B-9645-0CAFB7FB427F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6521B0C3-58E5-4B52-B0C5-9B5207789D9F} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4103336 2022-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E25D97D-4B71-4DC2-ADCE-51604FFC380D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {72C40CDC-3681-4C87-9206-57CFB34D2065} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894544 2022-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {74475F4C-AFA7-4C3E-A2DC-F4CCA54A7CDE} - System32\Tasks\Hewlett-Packard\HPDeviceCheck => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPDeviceCheck.exe /Register (Nenhum Arquivo)
Task: {84D9FC85-E704-480D-BE41-86FA8E027C25} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144816 2022-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D2D9D08-C9B6-4CF3-9B4A-C88E13D2EF97} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-04-21] () [Arquivo não assinado]
Task: {9506887D-2646-4E79-8651-3C5625A0C162} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4215696 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {99572E2B-5B9D-4C20-AC80-54E2A3964CB5} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144816 2022-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {9EFA6245-610B-4981-9A53-D5F4B5BD5EC1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A4E7D534-1000-4CD8-A452-63218C369020} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-05-11] (Piriform Software Ltd -> Piriform)
Task: {A68E1010-68E9-461E-800E-35910285CC79} - System32\Tasks\HPCustParticipation HP OfficeJet Pro 8720 => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPCustPartic.exe [6439048 2018-04-06] (Hewlett Packard -> HP Inc.)
Task: {B0201E96-9857-4140-A32D-2F275E8C94EF} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [61336 2022-05-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {C553313A-EEB6-4149-9462-02B0CBCF7B8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8377312 2022-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {C7E5B314-5B5D-4A68-92EE-9AA1402C3000} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22894544 2022-05-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {E046D0FE-BF84-4E92-9CE3-74D5507B8E37} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E90634D2-4FFA-4C01-8455-5A3A1B16675B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF8D890C-29EC-48B4-8831-78FABAC2B788} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {FAFD1677-4F6B-482A-99FC-13DFA4AFA3B0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

ProxyServer: [S-1-5-21-3653589094-3565606866-458211961-1001] => proxyserver:80
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3eb7cafb-a097-4484-8ad7-d5df78a7ca12}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ada72b8e-5dad-49e0-a430-a36d8abc07b6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{ada72b8e-5dad-49e0-a430-a36d8abc07b6}: [DhcpNameServer] 192.168.1.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Utilizador\AppData\Local\Microsoft\Edge\User Data\Default [2022-05-18]
Edge HomePage: Default -> hxxp://www.netacad.com/
Edge StartupUrls: Default -> "hxxp://www.netacad.com/","hxxps://skillsforall.com/","hxxps://mail.google.com/"
Edge Extension: (Boomerang for Gmail) - C:\Users\Utilizador\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdpaoopmnbhmhpnpplpdanjigencjjje [2022-01-05]
Edge Profile: C:\Users\Utilizador\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-05-17]

FireFox:
========
FF DefaultProfile: 0erzjgf7.default
FF ProfilePath: C:\Users\Utilizador\AppData\Roaming\Mozilla\Firefox\Profiles\0erzjgf7.default [2021-07-27]
FF ProfilePath: C:\Users\Utilizador\AppData\Roaming\Mozilla\Firefox\Profiles\ljb7c2qe.default-release-1649860381996 [2022-05-18]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-03-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-03-02] (Microsoft Corporation -> Microsoft Corporation)

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
S3 CCleanerPerformanceOptimizerService; C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe [789744 2022-05-11] (Piriform Software Ltd -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11759056 2022-05-14] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncHelper.exe [3406224 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
R2 HotKeyServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [223904 2022-04-28] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 LanWlanWwanSwitchingServiceUWP; C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8524512 2022-05-17] (Malwarebytes Inc. -> Malwarebytes)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-11-19] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\22.089.0426.0003\OneDriveUpdaterService.exe [3843472 2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6254856 2022-05-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746728 2021-11-22] (Oracle Corporation -> Oracle Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2022-05-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2022-05-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239560 2022-05-17] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [74744 2021-04-21] (Insecure.Com LLC -> Insecure.Com LLC.)
S4 npcap_wifi; C:\Windows\system32\DRIVERS\npcap.sys [74744 2021-04-21] (Insecure.Com LLC -> Insecure.Com LLC.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [52872 2020-05-22] (Tomasz Moń -> USBPcap)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [239672 2021-11-22] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [249584 2021-11-22] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [174776 2021-11-22] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49600 2022-04-08] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [443664 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-08] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2022-05-18 17:24 - 2022-05-18 17:25 - 000020737 _____ C:\Users\Utilizador\Downloads\FRST.txt
2022-05-18 17:24 - 2022-05-18 17:24 - 000000000 ____D C:\Users\Utilizador\Downloads\FRST-OlderVersion
2022-05-18 17:24 - 2022-05-18 17:24 - 000000000 ____D C:\FRST
2022-05-18 17:21 - 2022-05-18 17:24 - 002366464 _____ (Farbar) C:\Users\Utilizador\Downloads\FRST64.exe
2022-05-18 17:13 - 2022-05-18 17:13 - 000223176 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000239560 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000103888 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000021480 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2022-05-17 18:30 - 2022-05-17 18:30 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2022-05-17 18:30 - 2022-05-17 18:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2022-05-17 18:29 - 2022-05-17 18:30 - 000000000 ____D C:\Program Files\Malwarebytes
2022-05-17 18:29 - 2022-05-17 18:29 - 002443448 _____ (Malwarebytes) C:\Users\Utilizador\Downloads\MBSetup-37335.37335-consumer.exe
2022-05-17 16:43 - 2022-05-17 16:43 - 000000000 ____D C:\SFCFix
2022-05-17 15:57 - 2022-05-18 17:13 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2022-05-17 15:56 - 2022-05-17 15:56 - 000000000 ____D C:\Users\TEMP.JCCRUZ.000\AppData\Local\CrashDumps
2022-05-17 15:56 - 2022-05-17 15:56 - 000000000 ____D C:\Users\TEMP.JCCRUZ.000\AppData\Local\Comms
2022-05-17 15:55 - 2022-05-17 15:55 - 000000000 ____D C:\Users\TEMP.JCCRUZ.000\AppData\Local\PlaceholderTileLogoFolder
2022-05-17 15:53 - 2022-05-17 15:56 - 000000000 ____D C:\Users\TEMP.JCCRUZ.000\AppData\Local\ConnectedDevicesPlatform
2022-05-17 15:53 - 2022-05-17 15:55 - 000000000 ____D C:\Users\TEMP.JCCRUZ.000\AppData\Local\Packages
2022-05-17 15:53 - 2022-05-17 15:53 - 000002348 _____ C:\Users\TEMP.JCCRUZ.000\Desktop\Microsoft Edge.lnk
2022-05-17 15:53 - 2022-05-17 15:53 - 000000020 ___SH C:\Users\TEMP.JCCRUZ.000\ntuser.ini
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ.000\Os Meus Documentos
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ.000\Modelos
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ.000\Menu Iniciar
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ.000\Documents\Os Meus Vídeos
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ.000\Documents\As Minhas Imagens
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ.000\Documents\A Minha Música
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ.000\Definições Locais
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ.000\AppData\Local\Histórico
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 ___RD C:\Users\TEMP.JCCRUZ.000\3D Objects
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 ____D C:\Users\TEMP.JCCRUZ.000\AppData\Roaming\hpqLog
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 ____D C:\Users\TEMP.JCCRUZ.000\AppData\Roaming\Adobe
2022-05-17 15:53 - 2022-05-17 15:53 - 000000000 ____D C:\Users\TEMP.JCCRUZ.000
2022-05-17 15:53 - 2022-05-16 20:49 - 000000000 ___RD C:\Users\TEMP.JCCRUZ.000\OneDrive
2022-05-17 15:42 - 2022-05-17 15:43 - 000000000 ____D C:\Users\Administrador
2022-05-17 15:42 - 2022-05-17 15:42 - 000000000 ____D C:\WpSystem
2022-05-17 15:42 - 2022-05-17 15:42 - 000000000 ____D C:\Users\TEMP.JCCRUZ\AppData\Local\Comms
2022-05-17 15:38 - 2022-05-17 15:38 - 000000000 ____D C:\Users\TEMP.JCCRUZ\AppData\Local\PlaceholderTileLogoFolder
2022-05-17 15:36 - 2022-05-17 15:38 - 000000000 ____D C:\Users\TEMP.JCCRUZ\AppData\Local\Packages
2022-05-17 15:36 - 2022-05-17 15:36 - 000002348 _____ C:\Users\TEMP.JCCRUZ\Desktop\Microsoft Edge.lnk
2022-05-17 15:36 - 2022-05-17 15:36 - 000000020 ___SH C:\Users\TEMP.JCCRUZ\ntuser.ini
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ\Os Meus Documentos
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ\Modelos
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ\Menu Iniciar
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ\Documents\Os Meus Vídeos
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ\Documents\As Minhas Imagens
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ\Documents\A Minha Música
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ\Definições Locais
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 _SHDL C:\Users\TEMP.JCCRUZ\AppData\Local\Histórico
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 ___RD C:\Users\TEMP.JCCRUZ\3D Objects
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 ____D C:\Users\TEMP.JCCRUZ\AppData\Roaming\hpqLog
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 ____D C:\Users\TEMP.JCCRUZ\AppData\Roaming\Adobe
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 ____D C:\Users\TEMP.JCCRUZ\AppData\Local\ConnectedDevicesPlatform
2022-05-17 15:36 - 2022-05-17 15:36 - 000000000 ____D C:\Users\TEMP.JCCRUZ
2022-05-17 15:36 - 2022-05-16 20:49 - 000000000 ___RD C:\Users\TEMP.JCCRUZ\OneDrive
2022-05-17 14:52 - 2022-05-17 14:52 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-500
2022-05-17 14:51 - 2022-05-17 14:56 - 000000000 ____D C:\Users\TEMP
2022-05-16 21:33 - 2022-05-17 14:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-05-16 20:49 - 2022-05-17 15:52 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2022-05-16 20:49 - 2022-05-16 20:49 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2022-05-16 20:49 - 2022-05-16 20:49 - 000002258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-05-16 20:49 - 2022-05-16 20:49 - 000000000 ___RD C:\Users\Default\OneDrive
2022-05-16 17:25 - 2022-05-16 17:30 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2022-05-15 21:29 - 2022-05-18 00:36 - 096468992 _____ C:\Windows\system32\config\SOFTWARE
2022-05-14 23:10 - 2022-05-14 23:10 - 000000000 ___HD C:\$SysReset
2022-05-13 15:43 - 2022-05-13 15:43 - 108664968 _____ (Oracle Corporation) C:\Users\Utilizador\Downloads\VirtualBox-6.1.34-150636-Win.exe
2022-05-12 22:30 - 2022-05-12 22:30 - 000003881 _____ C:\Users\Utilizador\Downloads\Clientes.zip
2022-05-12 22:13 - 2022-05-12 22:13 - 000000000 ____D C:\ProgramData\Piriform
2022-05-11 17:06 - 2022-05-11 17:06 - 000188928 _____ C:\Windows\system32\uwfcfgmgmt.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 000288768 _____ C:\Windows\system32\Windows.Management.InprocObjects.dll
2022-05-11 17:05 - 2022-05-11 17:05 - 000093696 _____ C:\Windows\system32\Drivers\cimfs.sys
2022-05-11 17:05 - 2022-05-11 17:05 - 000011799 _____ C:\Windows\system32\DrtmAuthTxt.wim
2022-05-11 17:02 - 2022-05-11 17:02 - 000001809 _____ C:\Users\Public\Desktop\Stellarium.lnk
2022-05-11 16:56 - 2022-05-11 16:56 - 000000000 ___HD C:\$WinREAgent
2022-05-04 20:07 - 2021-11-30 18:23 - 000000000 ____D C:\Program Files\jcryptool
2022-05-04 19:47 - 2022-05-04 19:47 - 000000000 ____D C:\Users\Utilizador\.eclipse
2022-04-26 21:10 - 2022-04-26 21:10 - 000000000 ____D C:\Program Files\PCHealthCheck

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2022-05-18 17:21 - 2021-07-27 12:54 - 000000000 ____D C:\Users\Utilizador\AppData\LocalLow\Mozilla
2022-05-18 17:21 - 2021-06-24 16:24 - 000004174 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{B6D416E1-DBCA-4835-B3A8-104A008BDE7D}
2022-05-18 17:21 - 2021-06-08 20:24 - 000000000 ____D C:\Program Files\CCleaner
2022-05-18 17:21 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-05-18 17:19 - 2021-03-31 09:11 - 001671696 _____ C:\Windows\system32\PerfStringBackup.INI
2022-05-18 17:19 - 2019-12-07 16:10 - 000732130 _____ C:\Windows\system32\prfh0816.dat
2022-05-18 17:19 - 2019-12-07 16:10 - 000144484 _____ C:\Windows\system32\prfc0816.dat
2022-05-18 17:19 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2022-05-18 17:15 - 2021-04-06 16:03 - 000000436 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2022-05-18 17:13 - 2021-04-06 15:58 - 000001134 _____ C:\Windows\system32\config\VSMIDK
2022-05-18 17:13 - 2021-03-31 10:51 - 000000000 __SHD C:\Users\Utilizador\IntelGraphicsProfiles
2022-05-18 17:13 - 2021-03-31 09:10 - 000000000 ___RD C:\Users\Utilizador\OneDrive
2022-05-18 17:13 - 2021-03-31 09:03 - 000008192 ___SH C:\DumpStack.log.tmp
2022-05-18 17:13 - 2020-11-19 00:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2022-05-18 00:36 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2022-05-18 00:30 - 2020-11-19 00:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2022-05-17 22:13 - 2022-04-13 15:32 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-05-17 21:46 - 2021-04-07 10:00 - 000000000 ____D C:\Users\Utilizador\AppData\Local\D3DSCache
2022-05-17 19:03 - 2021-04-07 11:45 - 000000000 ____D C:\Users\Utilizador\.VirtualBox
2022-05-17 18:49 - 2021-04-07 10:57 - 000000000 ____D C:\ProgramData\VirtualBox
2022-05-17 18:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2022-05-17 17:16 - 2020-11-19 00:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-05-17 16:44 - 2021-04-28 21:26 - 000000000 ____D C:\Users\Utilizador\Desktop\SCRIPTS DIVS
2022-05-17 16:43 - 2021-08-25 17:31 - 000000000 ____D C:\Users\Utilizador\AppData\Local\niemiro
2022-05-17 16:39 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2022-05-17 16:15 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2022-05-17 16:12 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-05-17 15:53 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2022-05-17 14:59 - 2022-04-13 15:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-05-17 14:50 - 2021-03-31 10:51 - 000000000 ____D C:\Intel
2022-05-17 13:33 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\registration
2022-05-17 12:50 - 2022-04-13 15:32 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-05-17 12:50 - 2022-04-13 15:32 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2022-05-16 20:49 - 2021-12-12 04:48 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3653589094-3565606866-458211961-1001
2022-05-15 21:29 - 2021-04-07 22:37 - 000000000 ____D C:\Windows\Microsoft Antimalware
2022-05-15 14:00 - 2020-11-19 00:48 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-05-14 18:45 - 2021-04-06 15:45 - 000000000 ____D C:\Program Files\Microsoft Office
2022-05-13 19:31 - 2021-04-06 13:55 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\hpqLog
2022-05-12 22:33 - 2021-04-07 09:18 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\Notepad++
2022-05-12 22:20 - 2021-04-07 09:28 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\FileZilla
2022-05-12 22:13 - 2021-04-07 15:36 - 000000000 ____D C:\Users\Utilizador\AppData\Local\CrashDumps
2022-05-12 22:11 - 2021-06-08 20:25 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2022-05-12 16:14 - 2021-04-07 16:39 - 000000000 ____D C:\Users\Utilizador\VirtualBox VMs
2022-05-12 15:53 - 2021-12-14 18:59 - 000001370 _____ C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-05-12 15:53 - 2021-12-14 18:59 - 000000000 ____D C:\Users\Utilizador\AppData\Local\PCHealthCheck
2022-05-11 17:34 - 2021-12-20 01:22 - 000000000 ____D C:\Users\Utilizador\Cisco Packet Tracer 8.1.0
2022-05-11 17:33 - 2021-07-22 22:45 - 000000000 ____D C:\Users\Utilizador\Cisco Packet Tracer 8.0.1
2022-05-11 17:33 - 2021-04-07 08:38 - 000000724 _____ C:\Users\Utilizador\.packettracer
2022-05-11 17:15 - 2020-11-19 00:46 - 000446280 _____ C:\Windows\system32\FNTCACHE.DAT
2022-05-11 17:14 - 2021-04-06 15:57 - 000000000 ____D C:\Program Files\Hyper-V
2022-05-11 17:14 - 2019-12-07 16:13 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\UNP
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2022-05-11 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2022-05-11 17:02 - 2022-03-31 19:08 - 000000958 _____ C:\Users\Public\Desktop\Stellarium User Guide.lnk
2022-05-11 17:02 - 2021-04-07 09:23 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\Stellarium
2022-05-11 17:02 - 2021-04-07 09:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2022-05-11 17:02 - 2021-04-07 09:23 - 000000000 ____D C:\Program Files\Stellarium
2022-05-11 16:55 - 2022-01-03 22:14 - 000000000 ____D C:\Program Files\draw.io
2022-05-11 16:55 - 2021-09-19 13:29 - 000000000 ____D C:\Users\Utilizador\AppData\Roaming\draw.io
2022-05-11 16:55 - 2021-04-08 12:03 - 000000000 ____D C:\Windows\system32\MRT
2022-05-11 16:54 - 2021-09-19 13:29 - 000000000 ____D C:\Users\Utilizador\AppData\Local\draw.io-updater
2022-05-11 16:53 - 2021-04-08 12:03 - 145501456 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2022-05-10 13:26 - 2020-11-19 00:48 - 000003674 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-05-10 13:26 - 2020-11-19 00:48 - 000003550 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-05-04 19:47 - 2021-03-31 09:07 - 000000000 ____D C:\Users\Utilizador
2022-05-04 18:30 - 2022-02-17 13:36 - 000000000 ____D C:\Users\Utilizador\Desktop\NETWORK DEFENSE
2022-05-01 18:07 - 2021-05-19 13:20 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2022-05-01 18:07 - 2021-05-13 21:51 - 000000000 ____D C:\Windows\system32\Tasks\HP
2022-04-28 21:05 - 2021-04-07 10:22 - 000000914 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2022-04-26 21:10 - 2021-10-28 22:48 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2022-04-21 15:55 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports

==================== Arquivos na raiz de alguns diretórios ========

2021-07-27 15:46 - 2022-01-12 14:09 - 000000128 _____ () C:\Users\Utilizador\AppData\Local\PUTTY.RND
2021-05-05 18:37 - 2021-05-05 18:37 - 000007602 _____ () C:\Users\Utilizador\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)

==================== Fim de FRST.txt ========================

Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 18-05-2022
Executado por Utilizador (18-05-2022 17:26:09)
Executando a partir de C:\Users\Utilizador\Downloads
Microsoft Windows 10 Pro Versão 21H2 19044.1706 (X64) (2021-03-31 08:06:08)
Modo da Inicialização: Normal
==========================================================

==================== Contas: =============================

(Se uma entrada for incluída na fixlist, será removida.)

Administrador (S-1-5-21-3653589094-3565606866-458211961-500 - Administrator - Disabled) => C:\Users\Administrador
Convidado (S-1-5-21-3653589094-3565606866-458211961-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-3653589094-3565606866-458211961-503 - Limited - Disabled)
Utilizador (S-1-5-21-3653589094-3565606866-458211961-1001 - Administrator - Enabled) => C:\Users\Utilizador
WDAGUtilityAccount (S-1-5-21-3653589094-3565606866-458211961-504 - Limited - Disabled)

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Autenticação.Gov 3.7.0 (4491) (HKLM-x32\...\{824563DE-75AD-4166-9DC0-B6482F204491}) (Version: 3.7.4491 - Portuguese Government)
CCleaner (HKLM-x32\...\CCleaner) (Version: 6.00 - Piriform)
Cisco Packet Tracer 8.0.1 64Bit (HKLM-x32\...\Cisco Packet Tracer 8.0.1 64Bit_is1) (Version: - Cisco Systems, Inc.)
Cisco Packet Tracer 8.1.0 64Bit (HKLM-x32\...\Cisco Packet Tracer 8.1.0 64Bit_is1) (Version: - Cisco Systems, Inc.)
CPUID CPU-Z 2.01 (HKLM-x32\...\CPUID CPU-Z_is1) (Version: 2.01 - CPUID, Inc.)
draw.io 18.0.1 (HKLM-x32\...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 18.0.1 - JGraph)
Estudo de aprimoramento de produto para HP OfficeJet Pro 8720 (HKLM-x32\...\{F0BE764B-DFC9-453C-9515-12C63FB176AB}) (Version: 40.12.1161.1896 - HP Inc.)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileZilla Client 3.59.0 (HKLM-x32\...\FileZilla Client) (Version: 3.59.0 - Tim Kosse)
Free Download Manager (HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\{0C1D4CF2-5575-4786-834C-B0FC977E9714}}_is1) (Version: 6.14.1.3935 - Softdeluxe)
I.R.I.S. OCR (HKLM-x32\...\{09D14594-ADFA-49A0-BB36-3D685611DDFC}) (Version: 12.3.7.0 - HP)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Malwarebytes version 4.5.9.198 (HKLM-x32\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.9.198 - Malwarebytes)
Microsoft Teams (HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\Teams) (Version: 1.5.00.2164 - Microsoft Corporation)
MiniTool Partition Wizard Free 12.6 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.6 - MiniTool Software Limited)
Mozilla Firefox (x64 pt-PT) (HKLM-x32\...\Mozilla Firefox 100.0.1 (x64 pt-PT)) (Version: 100.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla)
Notepad++ (64-bit x64) (HKLM-x32\...\Notepad++) (Version: 8.3.3 - Notepad++ Team)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.31 - Nmap Project)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM-x32\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15128.20224 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 6.1.30 (HKLM-x32\...\{9F1FFDC2-9B49-41F3-B6F1-18DC368D6CA2}) (Version: 6.1.30 - Oracle Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7561 - Realtek Semiconductor Corp.)
Stellarium 0.22.1 (HKLM-x32\...\Stellarium_is1) (Version: 0.22.1 - Stellarium team)
Synaptics Pointing Device Driver (HKLM-x32\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.2781 - Microsoft Corporation)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM-x32\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
USBPcap 1.5.4.0 (HKLM-x32\...\USBPcap) (Version: 1.5.4.0 - Tomasz Mon)
Verificação do estado de funcionamento do PC Windows (HKLM-x32\...\{50323A6F-77C1-4136-B3C6-AFF46C3E1CF8}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Verificação do estado de funcionamento do PC Windows (HKLM-x32\...\{ABFE1296-80CE-4FDD-924F-BEF8625C6351}) (Version: 3.3.2110.22002 - Microsoft Corporation)
Verificação do estado de funcionamento do PC Windows (HKLM-x32\...\{D8BFA63F-BE37-4D9F-9001-541D74D74488}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 6.00 (64-bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH)
Wireshark 3.4.8 64-bit (HKLM-x32\...\Wireshark) (Version: 3.4.8 - The Wireshark developer community, hxxps://www.wireshark.org)
Wise Program Uninstaller 2.6.1 (HKLM-x32\...\Wise Program Uninstaller_is1) (Version: 2.6.1 - WiseCleaner.com, Inc.)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
Wondershare PDFelement(Build 7.6.8) (HKLM-x32\...\{77078E40-A92E-47FD-A0F6-168A4BF6CF3A}_is1) (Version: 7.6.8.5031 - Wondershare Software Co.,Ltd.)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_136.1.269.0_x64__v10z8vjag6ke6 [2022-05-17] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.29.0_x64__v10z8vjag6ke6 [2022-05-17] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-05-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-05-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-05-17] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0 [2021-08-18] (Spotify AB) [Startup Task]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0 [2022-05-13] (Spotify AB) [Startup Task]
Suplemento do Motor Multimédia da Aplicação Fotografias -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-05-19] (Microsoft Corporation)

==================== Análise Personalizada CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-3653589094-3565606866-458211961-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Utilizador\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21348.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2022-03-14] (Notepad++ -> )
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-10-23] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3-x32: [FAExt] -> {05672D66-9736-42F5-8BEB-FA1DD3CA51C4} => C:\Program Files (x86)\FileASSASSIN\FileASSASSINExt.dll [2007-03-30] (Malwarebytes) [Arquivo não assinado]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.089.0426.0003\FileSyncShell64.dll [2022-05-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2022-05-17] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Atalhos & WMI ========================

==================== Módulos Carregados (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-01] (Microsoft Corporation -> Microsoft Corporation)

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\sharepoint.com -> hxxps://formacaoiefp-files.sharepoint.com

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

2021-04-06 16:03 - 2022-05-18 17:15 - 000000436 _____ C:\Windows\system32\drivers\etc\hosts.ics
172.27.192.1 JCCRUZ.mshome.net # 2027 5 1 17 16 15 1 881

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-3653589094-3565606866-458211961-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Utilizador\Downloads\632692.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall do Windows está habilitado.

Network Binding:
=============
Rede móvel 9: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Ethernet): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Ethernet): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
VirtualBox Host-Only Network: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 6: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 10: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Wi-Fi: Npcap Packet Driver (NPCAP) (Wi-Fi) -> INSECURE_NPCAP_WIFI (enabled)
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Rede móvel 13: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 11: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 4: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (VirtualBox Host): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (VirtualBox Host): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Default Switch): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Default Switch): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Rede móvel 5: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 17: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 15: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 7: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Rede móvel): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Rede móvel): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
vEthernet (Wi-Fi): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
vEthernet (Wi-Fi): Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 12: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 16: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Rede móvel 14: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "Free Download Manager"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_275433059902538E565B89FC49C29F5C"
HKU\S-1-5-21-3653589094-3565606866-458211961-1001\...\StartupApproved\Run: => "pteid"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [{74AE69D5-D89C-454A-8AC4-26D8D11A5A39}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{7CC5D478-D598-4E39-9390-D2A1BD923A7B}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{72B60262-0758-4D08-A96A-99D9ED2685ED}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5BAAEDB6-FCE0-4315-A5D9-2CA525095932}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{64581E9E-A039-4241-99C9-EC71EB9D07CE}C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{5008711B-ECBD-4690-9683-3A25632F191E}C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B7DB7215-A07D-4C5D-ABFD-A22BB9C231C5}] => (Block) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{62D3E442-1BD1-4D85-9351-818690D404A4}] => (Block) C:\users\utilizador\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8275206A-69CB-4FB5-997A-0AA7F3407985}C:\program files\oracle\virtualbox\virtualboxvm.exe] => (Block) C:\program files\oracle\virtualbox\virtualboxvm.exe (Oracle Corporation -> Oracle Corporation)
FirewallRules: [UDP Query User{AE9F2CEE-305E-4CEC-8F4D-BEC49B49359C}C:\program files\oracle\virtualbox\virtualboxvm.exe] => (Block) C:\program files\oracle\virtualbox\virtualboxvm.exe (Oracle Corporation -> Oracle Corporation)
FirewallRules: [TCP Query User{96B1D973-28E3-4495-948D-90B3A6E12873}C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [Arquivo não assinado]
FirewallRules: [UDP Query User{38F4C825-003E-47DC-A47A-76FF4D9B3CB6}C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe] => (Allow) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [Arquivo não assinado]
FirewallRules: [{72B2087F-3053-42F1-AB96-BAF565A434F3}] => (Block) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [Arquivo não assinado]
FirewallRules: [{0A2861DA-8B05-4C75-B88A-9F554285A0DA}] => (Block) C:\users\utilizador\appdata\local\softdeluxe\free download manager\fdm.exe (Softdeluxe) [Arquivo não assinado]
FirewallRules: [{64AE16CF-1417-4D37-9850-6F8E39ED7059}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [{E2907D1C-B844-43BC-9BB1-FE30EE1652DE}] => (Allow) C:\Program Files (x86)\HP\Diagnostics\PSDR\SoftPaq\Binaries\HPDiagnosticCoreUI.exe (HP Inc. -> HP Development Company, L.P.)
FirewallRules: [TCP Query User{443A76B7-FC38-4DA6-A1BE-8B2D421EEEAD}C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [UDP Query User{916FEE1E-2367-4C9C-896F-24664157B9A9}C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe] => (Allow) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{298182D2-90F8-4D03-8306-2CEA91E2176C}] => (Block) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{90520ACA-F751-45C1-AA64-EDA8A83F2284}] => (Block) C:\program files\cisco packet tracer 8.0.1\bin\packettracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [{8B606F76-B19A-486D-91AD-8C558A85E247}] => (Block) C:\Program Files\Cisco Packet Tracer 8.0.1\bin\PacketTracer.exe (CISCO SYSTEMS, INC. -> Cisco Systems, Inc)
FirewallRules: [TCP Query User{EADD1FC6-DEB7-438C-86B9-506C7E4C3757}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Block) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [UDP Query User{295F0BBF-CDCB-41B3-B92E-88863A7E635B}C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe] => (Block) C:\program files (x86)\hp\diagnostics\telemetrywatch\psdrtelemetrywatch.exe (HP Inc. -> )
FirewallRules: [{CA196E5D-52ED-43C9-B831-4956DEC5768B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5A13EFE3-1DD2-4880-AEE5-317CA4FB84CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{2BB27DF6-FB7A-43E5-A395-0D1EBF5114D6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{C2E05D5C-131E-4B02-802E-0C89ED774886}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5084AEC8-A322-4449-9A4F-7B13216DDACC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F91FC57F-E301-4067-A2A7-16422653E843}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{949D43D7-E767-4791-9592-343F70B7E47A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{645B5184-7EC4-4C40-AA23-EFCEDCC53164}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.166.578.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10D38250-A4BA-4457-8B90-2E411F54F364}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{683B112A-3CB9-4290-8362-2C0A77AAB64E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C0F1BA87-5564-4BEB-A71B-F30E708D0C33}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5EF1FDC0-D19D-4246-88B7-83518B1652FC}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe (HP Inc. -> HP Inc.)
FirewallRules: [{0EFFAF90-F386-46BC-BFB8-AB9B6B8AA0F7}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe (HP Inc. -> HP Inc.)
FirewallRules: [{AECD2D3B-36DA-4E21-8A02-E7492FE8088E}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe (HP Inc. -> HP Inc.)
FirewallRules: [{A886C570-E63D-4CCF-84F3-72B008B97547}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe (HP Inc. -> HP Inc.)
FirewallRules: [{331849D3-C637-4E29-8504-1436B7F72FB0}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe (HP Inc. -> HP Inc.)
FirewallRules: [{BB91CDD8-4F94-4856-8FDF-0C2719F7CB61}] => (Allow) LPort=5357
FirewallRules: [{5713FCB8-0613-4FBC-97D8-A1E0490BBC17}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> HP Inc.)
FirewallRules: [{B6CE44D0-706C-4B2D-8B9A-5A3DC11B1678}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0139D0C4-40FB-40FF-BC1F-1B2C28BFF7BC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E3923B9C-69D2-4282-8E70-B885253C9E4D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B335FE5-DB67-4674-A68F-8EFBFE0098E0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{86574292-FEE7-4BC4-9A6D-85DDAF0BDEC6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A4955918-C11A-45A9-A802-6EFADB690C67}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.83.408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{79614C22-5B17-4FF4-B492-201D79648F04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BAE6425F-400F-450F-A221-D8A7CC3B3F38}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B4C37F77-CF80-4083-806D-2EEC506900E4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{93F11EF5-D1B4-497D-AF1E-24A764EB5516}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{224A61F2-7ED9-4018-8AF4-C8FDFC3CCB9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4C226591-46A0-4F00-98CB-9BD61EFDD1AA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{609706A7-EF86-4D29-BF24-29F3525D4831}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1D36414F-194B-49C7-A109-9FB9B2468A71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.185.895.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{8D1F7F52-535C-4255-BD9A-AC7F9D94D559}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\101.0.1210.47\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Pontos de Restauração =========================

17-05-2022 13:25:30 Ponto de Verificação Agendado

==================== Dispositivos Apresentando Falhas No Gerenciador ============

Name: Controlador de comunicações simples PCI
Description: Controlador de comunicações simples PCI
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP hs3110 HSPA+ Mobile Broadband Device
Description: HP hs3110 HSPA+ Mobile Broadband Device
Class Guid:
Manufacturer:
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (05/18/2022 05:13:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: bad_module_info, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000
Código de exceção: 0x00000000
Desvio de falha: 0x0000000000000000
ID do processo com falha: 0x5cc
Hora de início da aplicação com falha: 0x01d86ad2294a90d1
Caminho da aplicação com falha: bad_module_info
Caminho do módulo com falha: unknown
ID do Relatório: 8481fe53-d031-43ca-8d34-db5325b81f70
Nome completo do pacote com falha:
ID da aplicação relativa ao pacote com falha:

Erros de Sistema:
=============
Error: (05/18/2022 05:13:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: O serviço MessagingService_2fbb9 terminou com o seguinte erro:
O serviço não foi iniciado.

Error: (05/17/2022 09:13:56 PM) (Source: DCOM) (EventID: 10000) (User: JCCRUZ)
Description: Não foi possível iniciar um Servidor DCOM: {0358B920-0AC7-461F-98F4-58E32CD89148}. O erro:
"2147942767"
Ocorreu ao iniciar este comando:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (05/17/2022 08:07:39 PM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: Ocorreu um erro fatal ao criar uma credencial cliente de TLS. O estado de erro interno é 10013.

Windows Defender:
================
Date: 2022-05-17 18:49:40
Description:
A análise de Antivírus do Microsoft Defender foi parada antes de ser concluída.
ID de Análise: {E3F67749-9F25-4E29-98E8-11C352F4E64E}
Tipo de Análise: Antimalware
Parâmetros de Análise: Análise Rápida
Utilizador: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2022-05-17 18:48:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Informações da Memória ===========================

BIOS: Hewlett-Packard M71 Ver. 01.13 01/18/2016
placa-mãe: Hewlett-Packard 2216
Processador: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz
Percentagem de memória em uso: 27%
RAM física total: 16259.11 MB
RAM física disponível: 11865.19 MB
Virtual Total: 18691.11 MB
Virtual disponível: 14355.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.93 GB) (Free:25.05 GB) NTFS

\\?\Volume{6ef376e0-0000-0000-0000-100000000000}\ (Sistema Reservado) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{629458e4-0000-0000-0000-010000000000}\ (PortableBaseLayer) (Fixed) (Total:8 GB) (Free:7.51 GB) NTFS
\\?\Volume{6ef376e0-0000-0000-0000-707e3b000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 6EF376E0)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 8 GB) (Disk ID: 629458E4)
Partition 1: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt =======================

jccruz · May 18, 2022

Sorry, here are the logs in english.

axe0 · May 19, 2022

Hi jccruz,

Don't worry about the language used, I can translate it if needed.

Please do not use any tool like Winrar or 7zip for uploading log files, instead post the content of the logs. Additionally, please follow these guidelines to ensure a smooth process.

Please follow these guidelines

Refrain from making changes to your system, unless instructed to, so I know the exact state of your system. This includes installing or uninstalling programs, deleting files, modifying the registry, running scanners or tools of any kind.
Follow the provided instructions in the order they are posted.
If you have any problem with a tool or instructions, or have questions, please stop and ask me before moving on.
Do not run any tool more than once, unless instructed to.
Copy and paste log files inside your reply, unless otherwise instructed.
Make sure to use Notepad for all logs, ensure Wordwrap is unchecked. In Notepad, click Format and uncheck Word wrap if it is checked
Share as many details about your problem as possible, the more you share the easier it will be to solve your problem.
I may not reply immediately because these logs can take some time to analyze. If it takes more than 48 hours you'll be notified. Feel free to PM me with a link to your thread if you haven't received a reply after 48 hours.
Please try to reply within 24 up to 48 hours to ensure quick and efficient removal of malware. If there's no response from you within 3 days, I will bump your thread. If there hasn't been a response from you after 5 days then I will assume you no longer need help.
Stick with me until the end to ensure there are no remnants of malware left. When there is no malware present you will get a confirmation from me.

I have edited your post to include the FRST logs.

Please allow me some time to analyze your logs, I will get back to you as soon as possible.

axe0 · May 20, 2022

Thanks for your patience.

Your logs are clean of malware.

Please note, in my suggestions I may include suggestions that you have already tried. I want to inform you that the tools I use normally help in achieving the result you otherwise may not have gotten because it better deals with underlying things like permission problems preventing a successful deletion or modification as opposed to most other methods.

I would like to get a full picture of things you have tried already, so is there anything that you have done that has not been mentioned in your previous thread?

jccruz · May 20, 2022

Thanks for your quick reply, the things I’ve done so far are in this thread Unable to clear protection history in Windows Defender post #1.

kind regards

axe0 · May 20, 2022

A tip for preventing potential future problems, increase the amount of free space. You technically have enough free space, but due to the amount of RAM you have installed, if a BSOD crash were to occur, that may take a huge portion of free space which Windows will not like. You may get performance problems if that were to happen, and I recommend increasing the free space with at least a few GBs.

I suggest you to follow the below instructions, it does the same that you already have tried but using a different tool. Please save any work prior to running this fix, it will close all open programs to make sure nothing interferes and automatically initiate a reboot.

Run FRST Fix
Warning: This script was created for this specific system. Attempting to use the fix on another system may cause damage to the system

Right-click FRST64.exe then click "Run as administrator".
Select the entire content of the code below including "Start::" and "End::", right click and select "Copy"
Click Fix button once and wait
When finished, it will produce a log called Fixlog.txt in the same directory the tool was run from.
Please copy and paste the log in your next reply.

Code:

Start::
CloseProcesses:
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service
End::

===============================================

In your next post
In your next post, please include the following. Make sure to copy and paste any requested logs unless asked to attach it.

Content of fixlog.txt
List of history still populated?

jccruz · May 21, 2022

Thanks for you support axe0, I’ll fix the PC next week, I had to came to my parents in law homeland and didn’t brought the PC, as soon as possible I’ll report feedback.

Kind regards, have a nice weekend.

axe0 · May 21, 2022

Thanks for letting me know and have a good weekend yourself.

jccruz · May 21, 2022

I axe0, came back sooner as i expected, here´s the log result, history page still populated...

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-05-2022
Ran by Utilizador (21-05-2022 18:07:09) Run:1
Running from C:\FRST
Loaded Profiles: Utilizador
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service

*****************

Processes closed successfully.
C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service => moved successfully

The system needed a reboot.

==== End of Fixlog 18:07:10 ====

axe0 · May 22, 2022

Do you have the ransomware component in Windows Security enabled?

jccruz · May 23, 2022

Yes, don’t tell that is the problem...if so please explain why (just a lesson I’ll take)

axe0 · May 23, 2022

Your actions should have been successful which means the source is from a different component and a different location is used.

I found similar cases elsewhere indicating the ransomware component is involved and the ransomware history needs to be deleted, unfortunately I have not yet found this location and neither have many others.

The theory is that if the location where the ransomware component stores its history is emptied, the history should be gone.

axe0 · May 24, 2022

Let's confirm that this is really about the ransomware protection module.

In Windows Security in the Virus & threat protection part, click Manage ransomware protection at the bottom and then click Block history. Do you see history?

jccruz · May 24, 2022

I axe0, thanks for your effort, an image or two could help me find ”such” bottom.

jccruz · May 24, 2022

I see “block history” but if I click on it, it takes me to the “populated page”

axe0 · May 24, 2022

Do you see something like this?

In my case, I enabled it today for testing so there's nothing present.

jccruz · May 24, 2022

I can go there also...but it lives no choice rather then a populated page!!

jccruz · May 24, 2022

axe0 said:
Your actions should have been successful which means the source is from a different component and a different location is used.

I found similar cases elsewhere indicating the ransomware component is involved and the ransomware history needs to be deleted, unfortunately I have not yet found this location and neither have many others.

The theory is that if the location where the ransomware component stores its history is emptied, the history should be gone.

That's the conclusion i get to...

axe0 · May 24, 2022

Something you may want to consider as a faster, more aggressive, solution, reset the Windows Security data. To do this:

Search for Windows Security
Right click on Windows Security
Click App settings
Click Reset button

Note that you lose any exclusions and potentially any other customized settings, everything will be reset to default.

jccruz · May 24, 2022

If i right click on Windows Security, the only option that gives is to fix the app in task bar...

[SOLVED] Need some help here.

Well-known member

Attachments

Well-known member

Attachments

Administrator, BSOD Academy Instructor, Security Analyst

Administrator, BSOD Academy Instructor, Security Analyst

Well-known member

Administrator, BSOD Academy Instructor, Security Analyst

Well-known member

Administrator, BSOD Academy Instructor, Security Analyst

Well-known member

Administrator, BSOD Academy Instructor, Security Analyst

Well-known member

Administrator, BSOD Academy Instructor, Security Analyst

Administrator, BSOD Academy Instructor, Security Analyst

Well-known member

Well-known member

Administrator, BSOD Academy Instructor, Security Analyst

Well-known member

Well-known member

Administrator, BSOD Academy Instructor, Security Analyst

Well-known member

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst

Administrator,
BSOD Academy Instructor,
Security Analyst