Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 20-03-2022 Executado por Diego (administrador) em LAPTOP-8SR4EU2K (LENOVO 80YH) (21-03-2022 13:29:38) Executando a partir de C:\Users\Diego\Downloads Perfis Carregados: Diego Plataforma: Microsoft Windows 10 Home Single Language Versão 21H2 19044.1586 (X64) Idioma: Português (Brasil) Navegador padrão: Edge Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe (C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe (C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3> (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14> (services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe (services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2> (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18391088 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [829632 2016-06-24] (Dolby Laboratories, Inc. -> ) HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Nenhum Arquivo) HKLM-x32\...\Run: [USB Gamepad] => C:\WINDOWS\USB Vibration\7906\USB Gamepad.exe [796784 2008-12-10] (Shen Zhen Dragon Rise Macro Technology Limited Company -> ) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Nenhum Arquivo) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATENÇÃO HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (Borislav Surbat -> MyCity) HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\...\Run: [uTorrent] => "C:\Users\Diego\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (Nenhum Arquivo) HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd -> Disc Soft Ltd) HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\...\Run: [Discord] => C:\Users\Diego\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub) HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4279208 2022-03-14] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Diego\AppData\Local\Microsoft\Teams\Update.exe [2452152 2020-10-02] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\...\Run: [ut] => "C:\Users\Diego\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (Nenhum Arquivo) HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\...\Run: [MicrosoftEdgeAutoLaunch_E645C02DD85363918E4F96458C83B102] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\...\MountPoints2: {1b62c8a6-8298-11e8-8221-5cc9d39617e5} - "E:\AUTORUN.EXE" HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\WINDOWS\system32\hpzllw71.dll [53248 2009-07-13] (Microsoft Windows -> Hewlett-Packard Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2018-10-10] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.) Startup: C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\REDRAGON Gaming Mouse.lnk [2022-02-06] ShortcutTarget: REDRAGON Gaming Mouse.lnk -> C:\Program Files (x86)\REDRAGON Gaming Mouse\RDCfg.exe () [Arquivo não assinado] HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {013278A5-C60C-4ADC-8760-78664A721156} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.) Task: {0465C324-FAB3-429E-9311-80EE1BA8B38D} - \Lenovo\ImController\TimeBasedEvents\6c2383e2-918d-407c-9ebe-1df0e6ec2362 -> Nenhum Arquivo <==== ATENÇÃO Task: {12349430-358C-449B-B74F-3F76D8A99916} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-17] (Adobe Inc. -> Adobe Inc.) Task: {127EA3A8-842A-4A9C-A29F-8383A0D93D01} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {1382809F-B9C9-4523-BA03-7474AB86A594} - \Lenovo\ImController\TimeBasedEvents\78d1aded-4049-4967-a10c-ab08a6573b70 -> Nenhum Arquivo <==== ATENÇÃO Task: {1D937A26-779F-4339-97B2-343225D6F8E4} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe (Nenhum Arquivo) Task: {1E14C439-50D0-4B3D-917E-526821633013} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110968 2022-03-11] (Microsoft Corporation -> Microsoft Corporation) Task: {31A49080-B76C-4F94-B1B3-AF07579BF1E3} - \Lenovo\ImController\TimeBasedEvents\5cf1c959-bb4d-4b95-b93d-379a92491cb8 -> Nenhum Arquivo <==== ATENÇÃO Task: {4370428D-645D-4E65-A722-2A9F9D9117B7} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {4DA2EA30-5119-4A4C-8B13-6BA1EA27878B} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {564A538C-A092-4139-92C8-82617B9C310C} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Nenhum Arquivo <==== ATENÇÃO Task: {6F8BC129-D9D9-43DD-8D48-0783FB84CBC0} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.) Task: {75100D53-8A1C-4490-BFDA-7A7643859CF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {7900BC0F-212A-48E2-BA28-21EFB4753957} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (Nenhum Arquivo) Task: {81D0B454-8156-462B-ADF0-E3EB38BB6696} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2017-02-17] (CyberLink Corp. -> CyberLink Corp.) Task: {93D383BC-968C-4D99-81C6-08E5AA9519C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580696 2022-03-11] (Microsoft Corporation -> Microsoft Corporation) Task: {978A7D11-DA39-41A5-85F8-80A191D31FAF} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.) Task: {A4176E13-C3E0-431F-A891-4B1CD6DE175F} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Nenhum Arquivo <==== ATENÇÃO Task: {A622BB34-8BE2-4D0C-AE22-97EFEA4422B5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22580696 2022-03-11] (Microsoft Corporation -> Microsoft Corporation) Task: {A6C9C4A8-6302-4024-BBC5-8FD2A5770481} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\ScheduleEventAction.exe [25344 2022-01-20] (Lenovo -> Lenovo Group Ltd.) Task: {B373F5E0-E99C-4D81-9006-FC6F1569DCB6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {B890799A-4451-44A8-83F0-C5D2E7DADDD3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1178600 2022-03-11] (Microsoft Corporation -> Microsoft Corporation) Task: {C0AA8701-4460-4CD5-A418-DD72FE2978D8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C28A8123-1316-48F6-9BC9-E837C1146347} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {D83BF006-0AC1-447C-BAD2-9E82D438CD0C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506376 2018-10-18] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {D8D3E4CE-C893-4A92-87F6-27272CC48B27} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [110968 2022-03-11] (Microsoft Corporation -> Microsoft Corporation) Task: {E7AD192D-7215-42BA-AEA2-E2D456BE2D7B} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (Nenhum Arquivo) Task: {EE300231-38B0-4BDF-BF53-2105BF17B4EC} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Nenhum Arquivo <==== ATENÇÃO (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 181.213.132.3 181.213.132.2 Tcpip\..\Interfaces\{1c194405-ab8e-43ff-addf-ba5ab5eb04fb}: [DhcpNameServer] 181.213.132.3 181.213.132.2 Tcpip\..\Interfaces\{439aabd0-ec5c-4dc7-9b32-57a807434dc6}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{447cccbf-ef79-49f3-ada6-6973051a98fb}: [DhcpNameServer] 10.0.0.1 Edge: ======= Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)] Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)] Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)] Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)] Edge DefaultProfile: Default Edge Profile: C:\Users\Diego\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-21] Edge HomePage: Default -> hxxp://www.google.com.br/ Edge Extension: (MetaMask) - C:\Users\Diego\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ejbalbakoplchlghecdalmeeeajnimhm [2022-03-11] Edge Extension: (AdBlock — o melhor bloqueador de anúncios) - C:\Users\Diego\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2022-03-09] Edge HKU\S-1-5-21-1832640792-4251457729-1687516665-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2022-03-10] [UpdateUrl:hxxps://sadownload.mcafee.com/products/SA/Win/xpi/webadvisor/update.json] FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-03] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-06] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-17] (Adobe Inc. -> Adobe Inc.) S2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2021-06-17] (Kaspersky Lab JSC -> AO Kaspersky Lab) S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8914856 2021-09-13] (BattlEye Innovations e.K. -> ) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11649952 2022-03-06] (Microsoft Corporation -> Microsoft Corporation) S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd -> Disc Soft Ltd) S2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2018-09-25] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [810800 2021-07-12] (EasyAntiCheat Oy -> Epic Games, Inc) S4 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.) S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [351424 2020-09-23] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [447104 2021-06-17] (Kaspersky Lab JSC -> AO Kaspersky Lab) S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.11.20.0\LenovoVantageService.exe [28928 2022-01-20] (Lenovo -> Lenovo Group Ltd.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [8022200 2022-03-20] (Malwarebytes Inc -> Malwarebytes) R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [972936 2022-03-10] (McAfee, LLC -> McAfee, LLC) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] S4 npggsvc; C:\WINDOWS\system32\GameMon.des [7455240 2018-04-17] (INCA Internet Co.,Ltd. -> INCA Internet Co., Ltd.) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Arquivo não assinado] S4 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-11-22] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X] ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [237288 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2018-07-09] (Disc Soft Ltd -> Disc Soft Ltd) S3 EMACDRV; C:\WINDOWS\System32\drivers\EMAC-Driver-x64.sys [2797592 2021-07-17] (Gamers Club (Gamers Club Ltda) -> ) S3 h647906; C:\WINDOWS\System32\drivers\h647906.sys [62576 2008-12-01] (Shen Zhen Dragon Rise Macro Technology Limited Company -> Your Corporation) R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [105280 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [206600 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [119568 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab) R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [522504 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [687936 2022-02-08] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1542440 2022-02-08] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [273176 2021-08-11] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1049864 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [90896 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [104728 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [107328 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [78088 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [88328 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2020-06-29] (AnchorFree Inc -> The OpenVPN Project) R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [263896 2021-09-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [309104 2021-09-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [115768 2021-09-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [224888 2021-09-15] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [150280 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [325400 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [294680 2022-02-17] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [283216 2019-05-02] (Microsoft Windows Hardware Compatibility Publisher -> Oracle Corporation) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-06-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-11-09] (Malwarebytes Inc -> Malwarebytes) R3 MpKslfd6bf978; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B12501A1-3CB6-4FBF-94F2-BABB788DAD1F}\MpKslDrv.sys [137464 2022-03-21] (Microsoft Windows -> Microsoft Corporation) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167544 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 tesrsdt; C:\WINDOWS\system32\drivers\tesrsdt.sys [442128 2019-11-01] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 TesSafe; C:\WINDOWS\system32\TesSafe.sys [555064 2019-12-02] (Tencent Technology(Shenzhen) Company Limited -> TENCENT) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-11-27] (Apple, Inc.) [Arquivo não assinado] S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-14] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-14] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [74552 2019-11-22] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-03-21 13:29 - 2022-03-21 13:31 - 000026817 _____ C:\Users\Diego\Downloads\FRST.txt 2022-03-21 13:28 - 2022-03-21 13:30 - 000000000 ____D C:\FRST 2022-03-21 13:27 - 2022-03-21 13:27 - 002364928 _____ (Farbar) C:\Users\Diego\Downloads\FRST64.exe 2022-03-21 13:26 - 2022-03-21 13:26 - 000002214 _____ C:\Users\Diego\Desktop\AdwCleaner Relatorio após limpeza .txt 2022-03-21 11:56 - 2022-03-21 12:07 - 000000000 ____D C:\Users\Diego\Desktop\Arquivos Faculdade 2022-03-20 21:41 - 2022-03-20 21:41 - 000012288 _____ C:\WINDOWS\SysWOW64\persistent_q.db 2022-03-20 16:11 - 2022-03-20 16:11 - 000002521 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-03-20 16:11 - 2022-03-20 16:11 - 000002359 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2022-03-20 16:10 - 2022-03-20 16:10 - 000003618 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-03-20 16:10 - 2022-03-20 16:10 - 000003494 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-03-20 16:08 - 2022-03-20 16:08 - 000000000 ____D C:\Users\Diego\AppData\Roaming\HP 2022-03-20 15:52 - 2022-03-20 21:41 - 105906176 _____ C:\WINDOWS\system32\config\SOFTWARE 2022-03-20 15:52 - 2022-03-20 15:52 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware 2022-03-20 15:45 - 2022-03-20 15:45 - 008540344 _____ (Malwarebytes) C:\Users\Diego\Downloads\adwcleaner.exe 2022-03-20 14:17 - 2022-03-20 14:17 - 002443448 _____ (Malwarebytes) C:\Users\Diego\Downloads\MBSetup (1).exe 2022-03-18 22:49 - 2022-03-18 22:49 - 000000000 ____D C:\Users\Diego\AppData\LocalLow\Low-Hi Tech 2022-03-17 23:27 - 2022-03-17 23:27 - 000019676 _____ C:\Users\Diego\Desktop\Ata 17 03 2022 Pibid .pdf 2022-03-15 22:19 - 2022-03-15 22:19 - 000000000 ____D C:\Users\Diego\AppData\Roaming\stremio 2022-03-15 17:54 - 2022-03-15 17:54 - 000000000 ____D C:\Users\Diego\Desktop\Matematica 2022- 1ºsemestre 2022-03-09 19:59 - 2022-03-09 19:59 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-03-09 19:58 - 2022-03-09 19:58 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2022-03-09 19:56 - 2022-03-09 19:56 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2022-03-09 19:54 - 2022-03-09 19:54 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2022-03-09 19:53 - 2022-03-09 19:53 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe 2022-03-09 01:29 - 2022-03-09 01:29 - 000000000 ___HD C:\$WinREAgent 2022-03-07 23:13 - 2022-03-07 23:13 - 015067442 _____ () C:\Users\Diego\Downloads\csbot_v1.50.exe 2022-03-03 21:25 - 2022-03-03 21:25 - 000000000 ____D C:\Users\Diego\AppData\Roaming\LibreOffice 2022-03-02 19:58 - 2022-03-02 19:59 - 000000000 ____D C:\Users\Diego\Desktop\Educare 2022-03-01 16:01 - 2022-03-01 16:01 - 000000222 _____ C:\Users\Diego\Desktop\BRAIN OUT.url 2022-03-01 13:51 - 2022-03-21 12:07 - 000000000 ____D C:\Users\Diego\Desktop\Jogos 2022-03-01 13:26 - 2022-03-01 13:35 - 000000850 _____ C:\Users\Diego\Desktop\Descrições das atuações em vagas.txt 2022-02-24 21:32 - 2022-02-24 21:32 - 000000000 ____D C:\Users\Diego\AppData\Roaming\WinRAR 2022-02-24 20:49 - 2022-02-24 22:22 - 003683000 _____ C:\Users\Diego\Desktop\anexo_texto_bncc_reexportado.pdf ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-03-21 13:25 - 2020-03-13 19:27 - 000000000 ____D C:\WINDOWS\Lenovo 2022-03-21 13:25 - 2017-12-05 19:39 - 000000000 ____D C:\Users\Diego\AppData\Local\Lenovo 2022-03-21 13:25 - 2017-11-17 22:19 - 000000000 ____D C:\ProgramData\Lenovo 2022-03-21 13:18 - 2022-02-14 21:32 - 000000000 ____D C:\Users\Diego\AppData\Roaming\REDRAGON Gaming Mouse 2022-03-21 13:18 - 2017-12-31 00:18 - 000000000 ____D C:\ProgramData\MCShield 2022-03-21 13:18 - 2017-12-05 18:50 - 000000000 __SHD C:\Users\Diego\IntelGraphicsProfiles 2022-03-21 11:58 - 2018-01-04 05:24 - 000000000 ____D C:\Users\Diego\AppData\Local\Packages 2022-03-21 11:54 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-03-21 11:52 - 2020-10-26 00:30 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo 2022-03-20 21:42 - 2020-10-26 00:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-03-20 21:42 - 2020-10-25 23:36 - 000008192 ___SH C:\DumpStack.log.tmp 2022-03-20 21:42 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-03-20 21:41 - 2019-12-07 06:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2022-03-20 21:24 - 2020-10-25 23:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-03-20 16:42 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-03-20 16:11 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-03-20 16:07 - 2018-10-10 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2022-03-20 16:07 - 2018-10-10 09:30 - 000000000 ____D C:\Program Files (x86)\HP 2022-03-20 14:41 - 2018-10-02 18:40 - 000000000 ____D C:\Users\Diego\AppData\Local\mbam 2022-03-20 14:21 - 2021-11-09 20:53 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2022-03-20 14:21 - 2019-07-23 16:00 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2022-03-20 14:19 - 2018-07-29 01:15 - 000000000 ____D C:\ProgramData\Malwarebytes 2022-03-20 14:19 - 2018-07-29 01:15 - 000000000 ____D C:\Program Files\Malwarebytes 2022-03-19 13:55 - 2019-03-03 16:30 - 000000000 ____D C:\Program Files (x86)\Steam 2022-03-18 00:00 - 2018-10-01 22:29 - 000000000 ____D C:\Users\Diego\Desktop\Profissional 2022-03-14 20:08 - 2018-05-20 20:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-03-14 18:07 - 2018-06-25 00:51 - 000000000 ____D C:\Users\Diego\AppData\Local\CrashDumps 2022-03-11 21:20 - 2022-01-26 14:46 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1832640792-4251457729-1687516665-1001 2022-03-11 21:20 - 2020-10-26 00:30 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1832640792-4251457729-1687516665-1001 2022-03-11 21:20 - 2020-10-25 23:47 - 000002396 _____ C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-03-11 21:10 - 2017-11-17 21:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2022-03-10 20:33 - 2020-10-01 12:10 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2022-03-09 21:02 - 2022-02-14 21:45 - 000000000 ____D C:\Users\Diego\AppData\Roaming\Adobe 2022-03-09 21:02 - 2020-10-26 00:00 - 001741824 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-03-09 21:02 - 2019-12-07 11:54 - 000752646 _____ C:\WINDOWS\system32\prfh0416.dat 2022-03-09 21:02 - 2019-12-07 11:54 - 000148760 _____ C:\WINDOWS\system32\prfc0416.dat 2022-03-09 21:02 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF 2022-03-09 20:57 - 2020-10-25 23:36 - 000615456 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-03-09 20:48 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-03-09 20:48 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-03-09 20:48 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2022-03-09 20:48 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-03-09 20:48 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2022-03-09 20:48 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-03-09 20:48 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-03-09 20:48 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\servicing 2022-03-09 20:24 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-03-09 19:53 - 2020-10-25 23:41 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2022-03-09 01:25 - 2017-12-06 04:06 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-03-09 01:16 - 2017-12-06 04:05 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-03-08 01:50 - 2020-10-25 23:47 - 000000000 ____D C:\Users\Diego 2022-03-07 23:29 - 2018-05-23 00:30 - 000000000 ____D C:\Users\Diego\AppData\Local\D3DSCache 2022-03-07 23:13 - 2022-01-06 01:58 - 000000000 ____D C:\Users\Diego\Desktop\Cs 1.6 2022-02-28 13:16 - 2022-01-10 21:40 - 000000796 _____ C:\WINDOWS\storelibdebug.txt ==================== Arquivos na raiz de alguns diretórios ======== 2018-09-21 14:14 - 2018-09-21 14:14 - 000000017 _____ () C:\Users\Diego\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ========================