Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 13-04-2022 01 Executado por gsbad (14-04-2022 12:14:41) Executando a partir de C:\Users\gsbad\Desktop Microsoft Windows 10 Pro Versão 21H1 19043.1586 (X64) (2020-10-07 18:59:34) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-1036876464-1709329310-3854566978-500 - Administrator - Disabled) Convidado (S-1-5-21-1036876464-1709329310-3854566978-501 - Limited - Disabled) DefaultAccount (S-1-5-21-1036876464-1709329310-3854566978-503 - Limited - Disabled) gsbad (S-1-5-21-1036876464-1709329310-3854566978-1001 - Administrator - Enabled) => C:\Users\gsbad WDAGUtilityAccount (S-1-5-21-1036876464-1709329310-3854566978-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Binance 1.33.2 (HKLM\...\Binance) (Version: 1.33.2 - BinanceTech) BitTorrent (HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\BitTorrent) (Version: 7.10.5.46097 - BitTorrent Inc.) BlueStacks 5 (HKLM\...\BlueStacks_nxt) (Version: 5.6.100.1025 - BlueStack Systems, Inc.) BlueStacks X (HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\BlueStacks X) (Version: 0.14.1.13 - BlueStack Systems, Inc.) Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 100.1.37.113 - Autores do Brave) BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.77.1092 - AB Team, d.o.o.) CurseForge (HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.195.2.1 - Overwolf app) DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.14.0.1679 - Disc Soft Ltd) Discord (HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.) emusak (HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\emusak_ui) (Version: 1.0.109 - stromcon) Goat Simulator (HKLM-x32\...\Goat Simulator_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 100.0.4896.88 - Google LLC) Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden Hot Wheels Worlds Best Driver (HKLM-x32\...\Hot Wheels Worlds Best Driver_is1) (Version: - ) I Am Fish (HKLM-x32\...\I Am Fish_is1) (Version: - ) Iggy's Egg Adventure (HKLM-x32\...\SWdneXNFZ2dBZHZlbnR1cmU=_is1) (Version: 1 - ) Java 8 Update 321 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180321F0}) (Version: 8.0.3210.7 - Oracle Corporation) K-Lite Codec Pack 16.2.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 16.2.0 - KLCP) Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden LEGO DC Super Villains Shazam (HKLM-x32\...\LEGO DC Super Villains Shazam_is1) (Version: - ) LEGO Jurassic World MULTi10 - ElAmigos versão 1.0 u1 (HKLM-x32\...\{9F378A75-86FD-49AB-9924-DFE85CBE9CB7}_is1) (Version: 1.0 u1 - Warner Bros) LEGO MARVEL Super Heroes (HKLM-x32\...\LEGO MARVEL Super Heroes_is1) (Version: - Warner Bros. Games) LEGO The Incredibles MULTi13 - ElAmigos versão 1.0 (HKLM-x32\...\{07BBB35A-3FD2-454D-850D-8177ED000F6B}_is1) (Version: 1.0 - Warner Bros) LEGO Worlds (HKLM-x32\...\LEGO Worlds_is1) (Version: 1.0.0.0 - TT Games) Macro Recorder 5.8.1 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.1 - Jitbit Software) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 100.0.1185.39 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 100.0.1185.39 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.15028.20160 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29913 (HKLM-x32\...\{855e31d2-9031-46e1-b06d-c9d7777deefb}) (Version: 14.28.29913.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 3.1.8 (x64) (HKLM-x32\...\{3e04c2ef-ccc7-4fe6-a32f-f36572af0f42}) (Version: 3.1.8.29220 - Microsoft Corporation) Mozilla Firefox (x64 pt-BR) (HKLM\...\Mozilla Firefox 99.0.1 (x64 pt-BR)) (Version: 99.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 97.0 - Mozilla) My Game Long Name (HKLM\...\UDK-74c4fa6e-1a0e-4ce3-8c88-3dc564866012) (Version: - Epic Games, Inc.) NVIDIA Driver de áudio HD 1.3.39.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.3 - NVIDIA Corporation) NVIDIA Driver de gráficos 512.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 512.15 - NVIDIA Corporation) NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation) NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA USBC Driver 1.46.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.46.831.832 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20050 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15028.20160 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Oracle VM VirtualBox 6.1.30 (HKLM\...\{9F1FFDC2-9B49-41F3-B6F1-18DC368D6CA2}) (Version: 6.1.30 - Oracle Corporation) Overwolf (HKLM-x32\...\Overwolf) (Version: 0.194.0.16 - Overwolf Ltd.) PokeXGames versão 1.0 (HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\{59CE89A4-DA29-4148-A7FA-5F416E798641}_is1) (Version: 1.0 - PokeXGames) Python 3.10.0 (64-bit) (HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\{21b42743-c8f9-49d7-b8b6-b5855317c7ed}) (Version: 3.10.150.0 - Python Software Foundation) Python 3.10.0 Add to Path (64-bit) (HKLM\...\{1E0407FA-6C90-44CC-BF29-3C83CB09A7D3}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python 3.10.0 Core Interpreter (64-bit) (HKLM\...\{B137EFE9-BD8A-4138-AC7F-360461C4EEAF}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python 3.10.0 Development Libraries (64-bit) (HKLM\...\{A8E320AF-B8C7-493C-97D8-6328C1CE721B}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python 3.10.0 Documentation (64-bit) (HKLM\...\{23A78F0F-0B41-497A-BB67-7E9AC3C20351}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python 3.10.0 Executables (64-bit) (HKLM\...\{D623791F-7EBA-4794-BF56-79D4CFC6BE65}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python 3.10.0 pip Bootstrap (64-bit) (HKLM\...\{D545AFB9-E0E8-4B43-897A-0EB97ED46859}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python 3.10.0 Standard Library (64-bit) (HKLM\...\{BB3BA776-4C84-43FB-9CE6-5A37FFC23032}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python 3.10.0 Tcl/Tk Support (64-bit) (HKLM\...\{AE37C7FB-835D-4E31-851E-801D5C659A3E}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python 3.10.0 Test Suite (64-bit) (HKLM\...\{6B61C3C6-43DE-4D58-BDC4-76170C7C7C32}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python 3.10.0 Utility Scripts (64-bit) (HKLM\...\{578C5B87-CBE0-4720-90C0-46A917C4FE5C}) (Version: 3.10.150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{463B0974-B1E1-401E-8F59-B0F9F81258E4}) (Version: 3.10.7581.0 - Python Software Foundation) Return of the Saiyans versão 1.5.5 (HKLM-x32\...\{6E33E84C-69CD-47DA-882C-8CAD6A04322E}_is1) (Version: 1.5.5 - Wizin S.C.) Spyro Reignited Trilogy MULTi14 - ElAmigos versão 1.0 (HKLM-x32\...\{B54AC624-2EA5-40FA-8F60-A00C3C5184BF}_is1) (Version: 1.0 - Activision) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Stremio (HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\Stremio) (Version: 4.4.120 - Smart Code Ltd) Tibia (HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\Tibia) (Version: - CipSoft GmbH) UE4 Prerequisites (x64) (HKLM\...\{D7B591D8-1091-4A00-A0B3-5301C45E5D51}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden UE4 Prerequisites (x64) (HKLM-x32\...\{0d995f46-317b-4b5f-bf3e-9f98bae9d339}) (Version: 1.0.14.0 - Epic Games, Inc.) Hidden Verificação de integridade do PC Windows (HKLM\...\{BDA76587-4949-46D7-8427-AE49451F93D4}) (Version: 3.2.2110.14001 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.16 - VideoLAN) Warsaw 2.18.0.65 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.18.0.65 - Diebold Nixdorf) WinRAR 6.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.00.0 - win.rar GmbH) Packages: ========= Age of Empires IV -> C:\Program Files\WindowsApps\Microsoft.Cardinal_5.0.12973.0_x64__8wekyb3d8bbwe [2022-04-08] (Microsoft Studios) Centro de comando de gráficos Intel® -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3407.0_x64__8j3eq9eme6ctt [2021-12-27] (INTEL CORP) [Startup Task] Centro de controle Thunderbolt™ -> C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.34.0_x64__8j3eq9eme6ctt [2021-08-06] (INTEL CORP) Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-02-12] (Microsoft Corporation) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-28] (Microsoft Studios) [MS Ad] Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.18.1201.0_x64__8wekyb3d8bbwe [2022-03-28] (Microsoft Studios) Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.0.159.0_x64__8wekyb3d8bbwe [2022-03-29] (Microsoft Studios) Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-03-17] (Netflix, Inc.) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.962.0_x64__56jybvy8sckqj [2022-03-29] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.226.0_x64__dt26b99r8h8gj [2020-10-07] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0 [2022-03-16] (Spotify AB) [Startup Task] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> ) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-01-19] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2021-01-19] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_b31ddd6f2a24807e\OptaneShellExt.dll [2021-02-09] (Intel(R) Rapid Storage Technology -> ) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_d76251acf4d55737\nvshext.dll [2022-03-18] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-12-01] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= 2022-03-15 05:20 - 2021-08-16 13:17 - 000196096 _____ () [Arquivo não assinado] C:\Program Files\BlueStacks_nxt\boost_json-vc142-mt-x64-1_76.dll ==================== Alternate Data Streams (Whitelisted) ======== (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274] AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [5490] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274] AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [5490] AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274] AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [5490] AlternateDataStreams: C:\ProgramData\Application Data:chnpbmzkyg [274] AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [5490] AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274] AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [5490] ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-03-04] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll [2022-03-27] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll [2022-03-27] (Oracle America, Inc. -> Oracle Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-04-06] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Existem ainda 7942 sites a mais. IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\123simsen.com -> www.123simsen.com Existem ainda 7942 sites a mais. ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2020-09-29 23:40 - 2021-07-18 16:06 - 000454940 ____R C:\WINDOWS\system32\drivers\etc\hosts 192.168.0.10 host.docker.internal 192.168.0.10 gateway.docker.internal 127.0.0.1 kubernetes.docker.internal 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com Existem ainda 15610 mais linhas. 2020-11-21 14:41 - 2022-04-14 07:52 - 000000505 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics 172.24.32.1 gsdell.mshome.net # 2027 4 2 13 10 52 36 569 58 482 ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Python39\Scripts\;C:\Python39\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\dotnet\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\ProgramData\chocolatey\bin HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\Control Panel\Desktop\\Wallpaper -> c:\users\gsbad\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\original.jpg DNS Servers: 10.2.0.93 - 10.2.0.97 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. Network Binding: ============= Wi-Fi: Diebold Network Monitor -> nt_wsddntf (enabled) Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) vEthernet (Default Switch): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) vEthernet (Default Switch): Diebold Network Monitor -> nt_wsddntf (enabled) Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) Ethernet: Diebold Network Monitor -> nt_wsddntf (enabled) vEthernet (BluestacksNxt): VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) vEthernet (BluestacksNxt): Diebold Network Monitor -> nt_wsddntf (enabled) VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_VBoxNetLwf (enabled) VirtualBox Host-Only Network: Diebold Network Monitor -> nt_wsddntf (enabled) ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App" HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\StartupApproved\StartupFolder: => "GenuineService.lnk" HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\StartupApproved\Run: => "Steam" HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\StartupApproved\Run: => "btweb" HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [TCP Query User{EDD34FE8-FE5B-4EB1-BC0A-2F92A4D579CE}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo FirewallRules: [UDP Query User{1B378227-FA43-4417-BEDA-4A24F9DF6714}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo FirewallRules: [{B4245339-EC78-46C9-ABF0-53053438013C}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo FirewallRules: [{14EFBD45-A904-49AC-A438-00FDDE3BF7A0}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo FirewallRules: [TCP Query User{890389ED-CDA9-4A79-979A-F7787CD13A56}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Block) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [UDP Query User{82915159-E82E-49D7-AFDC-4EA6E444D8D8}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Block) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{D850FEDF-5D4D-4DDC-BCB2-6A1792C74CE1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{1271D56A-E5E1-4303-BA06-420D226F230B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{2FB7F1A4-9A97-4E53-89C2-C65A89BF2ADD}D:\iggys egg adventure\binaries\win32\iea.exe] => (Allow) D:\iggys egg adventure\binaries\win32\iea.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [UDP Query User{CB0918F9-7882-4F3B-8B60-B3648DDEEAEF}D:\iggys egg adventure\binaries\win32\iea.exe] => (Allow) D:\iggys egg adventure\binaries\win32\iea.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{854B93C2-DED6-476B-B524-D50251A165EC}] => (Block) D:\iggys egg adventure\binaries\win32\iea.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [{E37DA714-583C-4916-B860-93D0D13BE995}] => (Block) D:\iggys egg adventure\binaries\win32\iea.exe (Epic Games Inc. -> Epic Games, Inc.) FirewallRules: [TCP Query User{DCDA6C0E-7AF8-4E6E-8097-9DCED4DF552C}C:\users\gsbad\appdata\local\programs\lnv\stremio-4\node.exe] => (Allow) C:\users\gsbad\appdata\local\programs\lnv\stremio-4\node.exe (Node.js Foundation -> Node.js) FirewallRules: [UDP Query User{0A920558-2EFA-4B50-8C7C-C45DEF46BA71}C:\users\gsbad\appdata\local\programs\lnv\stremio-4\node.exe] => (Allow) C:\users\gsbad\appdata\local\programs\lnv\stremio-4\node.exe (Node.js Foundation -> Node.js) FirewallRules: [{44F6D931-628C-4628-85C4-4F58A7F64959}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{060E478E-3994-44D7-A093-3BF639EDF8E9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{08B4B64A-7C46-4A80-9297-E1E817142077}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{3536AAEB-1095-4485-B10C-E75263EED3DE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.73.124.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{389611E9-12DE-4AEE-B2AA-A549BACAB157}D:\steam\steam.exe] => (Block) D:\steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [UDP Query User{944A0DAE-D59A-4BD8-9D0B-3D9AD586C882}D:\steam\steam.exe] => (Block) D:\steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{A9C22ED7-5005-4814-A45D-6CE8D0DAAD53}] => (Allow) D:\Steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{73B38243-C444-4D3F-8AF2-7AECF05F1F76}] => (Allow) D:\Steam\steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{179B62AC-8DB5-40F4-9549-112673B054AC}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{D0604FF7-54A5-4875-98E8-CD74E043BE93}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{8BA765C5-C90B-4C9C-A288-166CD0BA4355}C:\users\gsbad\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\gsbad\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{7C2212C3-95EC-4EA6-9DF9-A3C13358E51A}C:\users\gsbad\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\gsbad\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{99FAE117-A329-4D40-B2A8-FE827AC342F4}] => (Block) C:\users\gsbad\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F2FA1F65-6A58-437F-937C-4189C7DF4E4E}] => (Block) C:\users\gsbad\appdata\roaming\bittorrent\bittorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{E934D059-31F7-4A9A-84B4-CE8D75547987}] => (Allow) D:\Steam\steamapps\common\Shark Simulator\shark_simulator.exe () [Arquivo não assinado] FirewallRules: [{6EB46056-B3ED-4C60-BD4A-28B77517908C}] => (Allow) D:\Steam\steamapps\common\Shark Simulator\shark_simulator.exe () [Arquivo não assinado] FirewallRules: [TCP Query User{8FBE381A-448B-46D2-9C73-C477694E9DDC}D:\games\i am fish\iamfish.exe] => (Allow) D:\games\i am fish\iamfish.exe () [Arquivo não assinado] FirewallRules: [UDP Query User{DAB873F5-1F66-40FA-BCCD-765E45C325F3}D:\games\i am fish\iamfish.exe] => (Allow) D:\games\i am fish\iamfish.exe () [Arquivo não assinado] FirewallRules: [{3A11A5BD-1702-440D-829F-CC023114F9BC}] => (Block) D:\games\i am fish\iamfish.exe () [Arquivo não assinado] FirewallRules: [{71B3D95E-648F-42E7-8977-A48744F5F765}] => (Block) D:\games\i am fish\iamfish.exe () [Arquivo não assinado] FirewallRules: [TCP Query User{DE63C52B-0A88-45DE-A9A6-9C59C17A0659}D:\arb simulator\animal revolt battle simulator\animal revolt battle simulator.exe] => (Allow) D:\arb simulator\animal revolt battle simulator\animal revolt battle simulator.exe () [Arquivo não assinado] FirewallRules: [UDP Query User{EB8BF5D6-5AFD-44D2-8266-1FD457C73D48}D:\arb simulator\animal revolt battle simulator\animal revolt battle simulator.exe] => (Allow) D:\arb simulator\animal revolt battle simulator\animal revolt battle simulator.exe () [Arquivo não assinado] FirewallRules: [{39044F5C-03BC-46B0-8444-867AB60E11B6}] => (Block) D:\arb simulator\animal revolt battle simulator\animal revolt battle simulator.exe () [Arquivo não assinado] FirewallRules: [{9F133310-B695-4F65-8E7B-80194DEDF252}] => (Block) D:\arb simulator\animal revolt battle simulator\animal revolt battle simulator.exe () [Arquivo não assinado] FirewallRules: [{6A9F6F85-BFC5-4239-AD1F-D8D4702AFC96}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E1EB58F2-1887-412E-A396-7FEA65341A83}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{50973B97-5311-4CED-BEC4-183366B1CF57}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{30CFA735-AC6B-494C-9AE4-FA92C061D423}E:\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) E:\goat simulator\binaries\win32\goatgame-win32-shipping.exe (Epic Games, Inc.) [Arquivo não assinado] FirewallRules: [UDP Query User{BAC997EF-04A5-4D8F-98DA-B3E08BB85AA5}E:\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) E:\goat simulator\binaries\win32\goatgame-win32-shipping.exe (Epic Games, Inc.) [Arquivo não assinado] FirewallRules: [TCP Query User{44564E68-EBD2-4DDB-A3F7-3F388ADCE9FF}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo FirewallRules: [UDP Query User{2ED338B5-B27D-42D0-B924-4248C03D39B1}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo FirewallRules: [TCP Query User{6D89A1B1-D07E-45B0-98C5-E64DB0B9944C}C:\program files\binance\binance.exe] => (Allow) C:\program files\binance\binance.exe (Binance Holdings Limited -> BinanceTech) FirewallRules: [UDP Query User{2463F4BE-681B-4071-B94A-D52E824359DB}C:\program files\binance\binance.exe] => (Allow) C:\program files\binance\binance.exe (Binance Holdings Limited -> BinanceTech) FirewallRules: [{ADAD2B09-8C2B-44A7-A3A5-08A2676924E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{287FEC09-4B3E-4216-90AD-FA3BC4D40BDD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{F916707D-4318-4992-815A-BD8D1BE9E93F}C:\users\gsbad\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9004\discord.exe (Discord Inc. -> Discord Inc.) FirewallRules: [UDP Query User{33A70217-E100-4BD8-8EB9-60DFC01C7EA6}C:\users\gsbad\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9004\discord.exe (Discord Inc. -> Discord Inc.) FirewallRules: [{60E4ABA7-B38B-49A2-8C72-E19EF9D89846}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.) FirewallRules: [{A25A2C96-AC69-4316-A96C-438704837B4F}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe (Bluestack Systems, Inc -> Bluestack Systems, Inc.) FirewallRules: [{499AE450-6FDE-46BE-9028-C66C5A2CD048}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{6EE58066-5B54-4371-9825-849F210016A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8D88355D-C694-47D4-B59B-65161E7C2266}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{555078EE-98BE-4ED2-BBA1-DD6BA6022931}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{7BE08129-6089-4EB9-9568-ED9CFCC25E85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{08613D7A-73F7-4773-BC81-597CA7812A64}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{8D68BCBC-D8A3-46EB-8110-F680EEC87502}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{2D8AD3E2-B0A8-454D-AB33-CFA24CECA0C5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.181.604.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{56B824A3-E018-4421-A81C-792F45E979A0}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) FirewallRules: [{C41FE16D-ABAC-4A93-9F17-0E02732B57DA}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) FirewallRules: [TCP Query User{A584E491-2E46-4CA6-980F-56C91AB70B01}D:\xboxgames\age of empires iv\content\reliccardinal_ws.exe] => (Allow) D:\xboxgames\age of empires iv\content\reliccardinal_ws.exe (Acesso Negado) [Arquivo não assinado] FirewallRules: [UDP Query User{CD2FA826-8FE9-401B-972A-6802D4760D5C}D:\xboxgames\age of empires iv\content\reliccardinal_ws.exe] => (Allow) D:\xboxgames\age of empires iv\content\reliccardinal_ws.exe (Acesso Negado) [Arquivo não assinado] FirewallRules: [{A6F354C2-446A-4352-8C16-B7410DF32085}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{000A14AA-0F44-4B25-8430-66B2AFBE7577}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{C9FEB33E-F4EA-42E3-B5F1-04CCFEAC8376}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{7692E3A6-1262-4C72-9B53-611443ECB1BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{75EFA60A-B689-4135-BF31-567A08921D79}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{F3DC0544-33AE-4615-8F0D-DC0BFBAF4A01}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation) FirewallRules: [{3CFD9E3E-55B2-454D-BB5E-F4DE34FF4D78}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe (Bluestack Systems, Inc -> BlueStack Systems) FirewallRules: [{3D49692B-00C0-440E-900F-7BDA5F68FB59}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo FirewallRules: [{C50C87E0-E284-4326-BCED-DE61FAECAA1B}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo FirewallRules: [{BBB0435B-BCDC-462F-A332-CD8DDB6D375E}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo FirewallRules: [{45EC089A-E35B-4EF8-9753-8554F708AEB9}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo FirewallRules: [{66251F09-1481-4808-8004-35ED118F952F}] => (Allow) D:\curseforge\Overwolf\0.194.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{31E919FB-9A6B-4E5D-9690-7072FB8085E8}] => (Allow) D:\curseforge\Overwolf\0.194.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{DDEE5CEB-C4C4-4FF2-BBE1-8D5D16419D37}] => (Block) D:\curseforge\Overwolf\0.194.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{B2E888ED-1D24-43DE-803E-4A906BC58156}] => (Block) D:\curseforge\Overwolf\0.194.0.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD) FirewallRules: [{F4FB942C-CCC7-42FF-8CC3-E39FBDD88C61}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.) FirewallRules: [{E5ECD441-3DE0-41C5-B492-47EAC7079FB0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.39\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{81B30D4F-6424-4F32-9453-3CD38855A07C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Pontos de Restauração ========================= ATENÇÃO: A Restauração do Sistema está desabilitada (Total:178.26 GB) (Free:48.18 GB) (27%) ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (04/13/2022 10:57:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa TextInputHost.exe versão 121.9202.4105.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 3558 Hora de Início: 01d84e66ec507a6b Hora de Término: 4294967295 Caminho do Aplicativo: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe ID do Relatório: 5979c8dd-dd01-4efb-8f77-59684cb53ae1 Nome completo do pacote com falha: MicrosoftWindows.Client.CBS_120.2212.4170.0_x64__cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: InputApp Tipo com falha: Quiesce Error: (04/13/2022 10:57:07 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa PaintStudio.View.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 4128 Hora de Início: 01d84f9ea2d17b2f Hora de Término: 4294967295 Caminho do Aplicativo: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2203.1037.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe ID do Relatório: fa413ab4-8b3f-4804-b276-d03633a6d6a9 Nome completo do pacote com falha: Microsoft.MSPaint_6.2203.1037.0_x64__8wekyb3d8bbwe ID do aplicativo relativo ao pacote com falha: Microsoft.MSPaint Tipo com falha: Quiesce Error: (04/12/2022 09:13:36 AM) (Source: DPTF) (EventID: 17) (User: AUTORIDADE NT) Description: Event-ID 17 Error: (04/08/2022 02:56:33 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: ) Description: Event-ID 12007 Error: (04/08/2022 02:56:33 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: ) Description: Event-ID 0 Error: (04/08/2022 07:42:35 AM) (Source: EventSystem) (EventID: 4622) (User: ) Description: O Sistema de Eventos COM+ não pôde realizar marshaling no assinante para a inscrição {588E1FAF-EDBE-4A24-8ECC-BD8881519B6B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. O HRESULT era 8007071a. Error: (04/08/2022 07:15:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: bad_module_info, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0x00000000 Deslocamento da falha: 0x0000000000000000 ID do processo com falha: 0x26ac Hora de início do aplicativo com falha: 0x01d849a6870c8bf0 Caminho do aplicativo com falha: bad_module_info Caminho do módulo com falha: unknown ID do Relatório: 5a212161-d0a7-4465-8e18-fb16c565c003 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (04/07/2022 09:14:56 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa TextInputHost.exe versão 121.9202.4105.0 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 2398 Hora de Início: 01d84a711c41a3ae Hora de Término: 4294967295 Caminho do Aplicativo: C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe ID do Relatório: 0b4700ad-37a0-433f-8f0b-24dda64b9d93 Nome completo do pacote com falha: MicrosoftWindows.Client.CBS_120.2212.4170.0_x64__cw5n1h2txyewy ID do aplicativo relativo ao pacote com falha: InputApp Tipo com falha: Quiesce Erros de Sistema: ============= Error: (04/12/2022 04:13:20 PM) (Source: HTTP) (EventID: 15005) (User: ) Description: Não é possível associar ao transporte subjacente de [::]:54288. A lista IP somente escuta pode conter uma referência a uma interface que talvez não exista neste computador. O campo de dados contém o número do erro. Error: (04/12/2022 12:24:49 PM) (Source: HTTP) (EventID: 15005) (User: ) Description: Não é possível associar ao transporte subjacente de [::]:54288. A lista IP somente escuta pode conter uma referência a uma interface que talvez não exista neste computador. O campo de dados contém o número do erro. Error: (04/12/2022 10:10:09 AM) (Source: DCOM) (EventID: 10005) (User: GSDELL) Description: O DCOM obteve o erro "87" ao tentar iniciar o serviço GamingServices com argumentos "Não Disponível" para executar o servidor: {3E8C9ABE-9226-4609-BF5B-60288A391DEE} Error: (04/12/2022 10:10:09 AM) (Source: DCOM) (EventID: 10005) (User: GSDELL) Description: O DCOM obteve o erro "87" ao tentar iniciar o serviço GamingServices com argumentos "Não Disponível" para executar o servidor: {3E8C9ABE-9226-4609-BF5B-60288A391DEE} Error: (04/12/2022 10:10:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: AUTORIDADE NT) Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80073d02: 9MWPM2CQNLHN-Microsoft.GamingServices. Error: (04/12/2022 09:15:09 AM) (Source: HTTP) (EventID: 15005) (User: ) Description: Não é possível associar ao transporte subjacente de [::]:54288. A lista IP somente escuta pode conter uma referência a uma interface que talvez não exista neste computador. O campo de dados contém o número do erro. Error: (04/12/2022 09:13:23 AM) (Source: Microsoft-Windows-Hyper-V-VmSwitch) (EventID: 15) (User: AUTORIDADE NT) Description: Falha ao restaurar a configuração para a porta EFD17207-5F37-4E54-8AE2-F34F9AA62549 (Nome Amigável: ) no comutador C08CB7B8-9B3C-408E-8E30-5E16A3AEB444 (Nome Amigável: ), status = 3221225524. UniqueEvent = 45. Error: (04/12/2022 09:13:36 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento do sistema que ocorreu às 08:50:56 do dia ‎12/‎04/‎2022 não era esperado. Windows Defender: ================ Date: 2022-04-14 05:13:37 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {164971C9-1B5A-4A10-AAFC-7E06DCF33444} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-04-12 06:03:48 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {EC52ABCF-9BA9-4A73-A3D8-09CAB4032D93} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-04-11 06:03:48 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {6F87F175-FC6D-4C53-9855-EF8595E77BCF} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-04-10 06:28:20 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {5A541941-8C5F-445F-87F6-097AEB14A7F9} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-04-09 06:05:02 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {F8B75480-C772-47B7-92F9-7B53C688DD7D} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA  CodeIntegrity: =============== Date: 2022-04-14 12:12:33 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4208a7ac24ac6344\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2022-04-14 07:52:31 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2022-04-14 07:52:30 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume5\Program Files\Diebold\Warsaw\wslbscr64.dll that did not meet the Microsoft signing level requirements. ==================== Informações da Memória =========================== BIOS: Dell Inc. 1.14.0 10/20/2020 placa-mãe: Dell Inc. 0CNDTP Processador: Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz Percentagem de memória em uso: 81% RAM física total: 16196.73 MB RAM física disponível: 3034.2 MB Virtual Total: 37261.02 MB Virtual disponível: 3608.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:178.26 GB) (Free:48.18 GB) NTFS Drive d: (DATA) (Fixed) (Total:851.39 GB) (Free:578.05 GB) NTFS Drive e: (sdd) (Fixed) (Total:40 GB) (Free:1.94 GB) NTFS \\?\Volume{c61f4c18-3107-4fc4-9ce0-924956c64762}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS \\?\Volume{4aa58d34-5b63-4c84-98b6-a7c7098a6b31}\ (WINRETOOLS) (Fixed) (Total:0.97 GB) (Free:0.5 GB) NTFS \\?\Volume{c1194a64-2e9f-47a6-8a2d-822a009e7929}\ (Image) (Fixed) (Total:16.74 GB) (Free:0.09 GB) NTFS \\?\Volume{0b0e01e9-989a-45a0-b745-ccd5ab87d182}\ (DELLSUPPORT) (Fixed) (Total:1.21 GB) (Free:0.42 GB) NTFS \\?\Volume{322d3815-67c9-c392-dea1-61e7c430f987}\ () (Fixed) (Total:0.01 GB) (Free:0 GB) NTFS \\?\Volume{29d039f6-83a3-43f0-9997-8457f4dd4edd}\ (ESP) (Fixed) (Total:0.63 GB) (Free:0.56 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: 44044C2A) Partition: GPT. ========================================================== Disk: 1 (Size: 238.5 GB) (Disk ID: 44044C70) Partition: GPT. Attempted reading MBR returned 0 bytes. Could not read MBR for disk 2. ==================== Fim de Addition.txt =======================