Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 26-01-2022 Executado por Rafael (administrador) em RAFAELPC (Compal NCL60/61) (26-01-2022 09:57:19) Executando a partir de C:\Users\Rafael\Downloads Perfis Carregados: Rafael Plataforma: Microsoft Windows 10 Pro Versão 21H1 19043.1466 (X64) Idioma: Português (Brasil) Navegador padrão: Chrome Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) () [Arquivo não assinado] C:\Program Files (x86)\REDRAGON M711 Gaming Mouse\hid.exe (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <18> (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\plugins_nms.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe (Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2> (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677688 2021-09-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-10-01] (Synaptics Incorporated -> Synaptics Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2022-01-14] (Adobe Inc. -> ) HKLM-x32\...\Run: [REDRAGON M711 Gaming Mouse] => C:\Program Files (x86)\REDRAGON M711 Gaming Mouse\hid.exe [965120 2019-02-21] () [Arquivo não assinado] HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> ) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO HKU\S-1-5-21-2960865112-1731992900-3936724381-1000\...\Run: [Discord] => C:\Users\Rafael\AppData\Local\Discord\Update.exe [1512104 2021-05-24] (Discord Inc. -> GitHub) HKU\S-1-5-21-2960865112-1731992900-3936724381-1000\...\Run: [ut] => C:\Users\Rafael\AppData\Roaming\uTorrent\uTorrent.exe [2091560 2021-09-17] (BitTorrent Inc -> BitTorrent Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\97.0.4692.99\Installer\chrmstp.exe [2022-01-25] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [>{26923b43-4d38-484f-9b9e-de460746276c}] -> C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0371D95A-F9E6-4D9D-A985-C6C5C0BA44EE} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {05FBAE93-DB1B-4DAC-B43C-8AA0A43E33AA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646896 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {08128D23-2FF0-4781-BB60-922B984161F0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (Nenhum Arquivo) Task: {0C7C4D18-3CC8-4E0C-8807-467A4E33107D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [906480 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {0E071B20-8B7C-437B-ABD6-C76BF4706355} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (Nenhum Arquivo) Task: {0E4AFC7D-ECA6-4BBD-A0BD-711856F3C2B1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation) Task: {0F0D76B6-9290-4B5C-82EA-3B7B61D538F4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {14680195-840B-4DAD-B810-B84C0C411EA7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log Task: {1CF758B8-DCE5-41AE-81FB-F863AADDD93E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-17] (Google LLC -> Google LLC) Task: {21004B23-1850-4446-AC6D-D90AEB90C8BA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (Nenhum Arquivo) Task: {2591379E-CD31-4EDC-962A-E4096C5C397E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (Nenhum Arquivo) Task: {3B6E5F1A-F275-4A4C-B3C9-54CB80E17C06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {3E4A436A-34F5-41B8-A6AF-4EC09D40C2D4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (Nenhum Arquivo) Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB} Task: {4AE3094F-353F-430A-8DA4-A39FFC69A938} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate Task: {4CF30CAC-1C84-4157-BE57-C54DF38F16B0} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {5C0E65D2-6AB3-425F-9B85-51A845105DC6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (Nenhum Arquivo) Task: {5E12AE3B-BED4-41C0-ADDD-ABAA964EC749} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (Nenhum Arquivo) Task: {6FD50EB5-54EE-4815-AA7A-79A0EA6224E0} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {73208B4B-EE78-4630-A7F3-040EF8AA7EE3} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {887E2F0D-5BAF-4008-B12E-48F2E0B00F9E} - System32\Tasks\update-S-1-5-21-2960865112-1731992900-3936724381-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: ) Task: {89B0F96E-337E-4B7C-B3D8-0292C348EF0C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (Nenhum Arquivo) Task: {8A67AA4E-AE8B-4837-A592-FDB82303E6C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8413176 2022-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {8BA8A13D-FDCD-4620-B0C4-2E4C5E954492} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {8E74DD37-5CD4-4F54-89DC-86A932A3325E} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1127664 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {A032E1D9-4225-4A49-9CFB-655ADBC8A914} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (Nenhum Arquivo) Task: {A0A36D40-F02E-42BD-9C2B-E03086B7B718} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (Nenhum Arquivo) Task: {A5B29847-AF4E-4CFE-AD77-DA88D1E0E7CD} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rafael.olliveira8143@outlook.com.br => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled (Nenhum Arquivo) Task: {A7383D48-8B2C-4210-BBBA-39B0CF6C1F85} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2021-01-11] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log Task: {AB81C9AA-24EE-45B2-94B1-25E2DD37C275} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (Nenhum Arquivo) Task: {ADCCCE49-5FCB-4E6F-80DB-614AB690FE4B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (Nenhum Arquivo) Task: {B0424BC0-D118-4B73-B008-A846A285C240} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (Nenhum Arquivo) Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371} Task: {B41F1731-8106-4ACE-9CEA-7FDCE9E0DE9D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138592 2022-01-19] (Microsoft Corporation -> Microsoft Corporation) Task: {B59C4956-AAD0-4A16-B328-E46D343F6617} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: ) Task: {BCA9EEB3-77CB-49C5-B33E-12E6BEF490B0} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1} Task: {BE288507-82EA-4220-8737-281687425F33} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {C5A99C97-5A51-412C-9173-B166DED6219A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2021-09-17] (Google LLC -> Google LLC) Task: {C91DB906-419B-4494-B7E8-D3A62AC12CF7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (Nenhum Arquivo) Task: {CECE9BE7-F263-48ED-BC8D-73E812E19E8C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (Nenhum Arquivo) Task: {CED56457-4BB3-4C77-8F10-2941A5E84EA4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22844272 2022-01-10] (Microsoft Corporation -> Microsoft Corporation) Task: {D6FDEB21-D325-4027-AD22-76622F2E54D8} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E} Task: {D9E2FACB-372F-4FDF-922C-4A8E7270C975} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302128 2021-01-27] (NVIDIA Corporation -> NVIDIA Corporation) Task: {DBB9E752-4CDA-43D4-AF79-6B06E1E44D34} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (Nenhum Arquivo) Task: {DFFA534A-1058-4862-ACA1-35A612868EB2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (Nenhum Arquivo) Task: {E2877F8F-632D-4717-9F5F-A94252377724} - System32\Tasks\{DFA601E9-DCC5-47F6-9FC6-CD5FA8F563AF} => C:\Windows\system32\pcalua.exe -a C:\Users\Rafael\AppData\Local\Temp\Temp1_driver_iwa_3000.zip\driver_iwa_3000\Setup.exe <==== ATENÇÃO Task: {E48D12DE-8063-4C63-8515-5C55054CE0B7} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (Nenhum Arquivo) Task: {EA7E2AD4-ED30-4514-8996-535DCFBA226C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (Nenhum Arquivo) Task: {EC965878-E53A-4ED7-9420-1D7CDC29EB85} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61} Task: {EE521451-D488-4A72-8840-138B18467E9B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Nenhum Arquivo) Task: {F06212A3-F951-443F-87F3-6F2B6BD4EB25} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Nenhum Arquivo) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\WINDOWS\Tasks\update-S-1-5-21-2960865112-1731992900-3936724381-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Hosts: Há mais de uma entrada no Hosts. Veja a seção Hosts do Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{9f94746d-3918-4ccc-8956-652499f7bf14}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B681475B-8AA6-460E-A075-826A4F791C63}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Rafael\AppData\Local\Microsoft\Edge\User Data\Default [2022-01-21] Edge HKU\S-1-5-21-2960865112-1731992900-3936724381-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] FireFox: ======== FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a) FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => não encontrado (a) FF Plugin: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2022-01-26] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2022-01-26] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-01-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-01-19] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems) Chrome: ======= CHR Profile: C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default [2022-01-26] CHR Notifications: Default -> hxxps://www85.nathanaeldan.pro CHR HomePage: Default -> hxxps://www.baixaki.com.br/ CHR StartupUrls: Default -> "hxxp://websearch.pu-results.info/?pid=724&r=2013/05/10&hid=2827450244&lg=EN&cc=BR","hxxp://br.hao123.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=HP_ss&mntrId=52F600A0C6000000","hxxp://search.babylon.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=HP_ss_din2g&mntrId=52F600A0C6000000","hxxp://search.softonic.com/MOY00015/tb_v1?SearchSource=48&cc=&mi=52f6f849000000000000000000000000","chrome://newtab/?source=home","hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=52F600A0C6000000&affID=122600&tt=160713_9127&tsp=4946","hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=65965155-1116-45fc-a0bc-b86521098309&searchtype=hp&installDate={installDate}","hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=TJ&userid=65965155-1116-45fc-a0bc-b86521098309&searchtype=hp&installDate=09/08/2013","hxxp://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=f0a7208c-625e-48f2-8697-0222ffebb5e6&searchtype=hp&installDate={installDate}","hxxp://search.certified-toolbar.com/?si=43168&st=home&tid=4003&ver=3.6&ts=1372470987335&tguid=43168-4003-1372470987335-40F00415C5F95B8BB3FEAC58C04A6F1A","hxxp://www.mystartsearch.com/?type=hp&ts=1428539391&from=slbnew&uid=ST3250310AS_6RYLTMGE","hxxp://www.istartsurf.com/?type=hp&ts=1436396053&z=2fe2ef17d7bcec93040f642g4zcc1qec5tfq6e8zaz&from=cor&uid=ST3250310AS_6RYLTMGE","hxxp://www.istartsurf.com/?type=hppp&ts=1436396110&z=f323b51e77dc24d6c63891egczecbq4c0t2q5g3efg&from=cor&uid=ST3250310AS_6RYLTMGE","hxxp://www.mystartsearch.com/?type=hp&ts=1442349431&z=5598dec56732e2e62a5e12fg9zcz7o1c8z4tbodm2e&from=cmi&uid=WDCXWD1600BEVS-22VAT0_WD-WXC508A5885358853","hxxp://www.istartsurf.com/?type=hp&ts=1442436153&z=746f9ec12eb0a2d32499953g6z0z2o6zdcdw4t6t7g&from=face&uid=WDCXWD1600BEVS-22VAT0_WD-WXC508A5885358853","hxxp://www.mystartsearch.com/?type=hp&ts=1442601632&z=4948f6b4da65e6b0d9ad5e6g2zcz9o6q2edgbz7q8q&from=cmi&uid=WDCXWD1600BEVS-22VAT0_WD-WXC508A5885358853","hxxp://www.mystartsearch.com/?type=hp&ts=1442945356&z=3b471f8ad2e8b4b00701114g9z8z4o1t0z8wbg1m3t&from=cmi&uid=WDCXWD1600BEVS-22VAT0_WD-WXC508A5885358853","hxxp://br.hao123.com/?tn=sdks_inner_hp_09_hao123_br&fr=EUsc4l0yRP999idrAAps6xFMHedVIAm3NQ%3D%3D","hxxp://www.mystartsearch.com/?type=hp&ts=1443039034&z=c0bf6aaee76f9dc528975b2g3z5z6c9ecccb5bfwcz&from=cmi&uid=WDCXWD1600BEVS-22VAT0_WD-WXC508A5885358853","hxxp://www.mystartsearch.com/?type=hp&ts=1443556668&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=cmi&uid=WDCXWD1600BEVS-22VAT0_WD-WXC508A5885358853","hxxp://www.mystartsearch.com/?type=hp&ts=1445287317&z=2ba5083e1ebd53fe1c3c39bg3zbzcwao2bam0e9m3o&from=cmi&uid=WDCXWD1600BEVS-22VAT0_WD-WXC508A5885358853" CHR Session Restore: Default -> está habilitado. CHR Extension: (Apresentações) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-09-17] CHR Extension: (Just Black) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghfnjkcakhmadgdomlmlhhaocbkloab [2021-09-18] CHR Extension: (Kaspersky Protection) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2022-01-25] CHR Extension: (Documentos) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-09-17] CHR Extension: (Google Drive) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-09-17] CHR Extension: (Economize! Adrenaline) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkhpibkldkmjjpikipeklkbdamlknnc [2022-01-13] CHR Extension: (ColorZilla) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2021-09-17] CHR Extension: (YouTube) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-09-17] CHR Extension: (Adblock para o Youtube™) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2022-01-26] CHR Extension: (Folhas de cálculo) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-09-17] CHR Extension: (Google Docs offline) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-01-19] CHR Extension: (Cuponomia - Cupom e Cashback) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidejehfgombmkfflghejpncblgfkagj [2022-01-26] CHR Extension: (AdBlock – O melhor Bloqueador de Anúncios) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2022-01-26] CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-17] CHR Extension: (Gmail) - C:\Users\Rafael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-09-17] CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [184768 2022-01-25] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12119432 2022-01-10] (Microsoft Corporation -> Microsoft Corporation) S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 KSDE5.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe [447104 2022-01-25] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6137040 2022-01-13] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2022-01-12] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2022-01-12] (Microsoft Windows Publisher -> Microsoft Corporation) S3 xigncode3_pbbr; C:\Program Files\Common Files\UNCHEATER\xigncode3_pbbr.exe [6650608 2022-01-14] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Arquivo não assinado] S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado] R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 cpuz150; C:\WINDOWS\temp\cpuz150\cpuz150_x64.sys [44832 2022-01-19] (CPUID S.A.R.L.U. -> CPUID) S3 FairplayKD; C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [104512 2022-01-18] (Hans Roes -> Multi Theft Auto) R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab) R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [689976 2021-11-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1507648 2021-11-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.3\Bases\klids.sys [272168 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2022-01-25] (Kaspersky Lab JSC -> AO Kaspersky Lab) R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2021-02-19] (AnchorFree Inc -> The OpenVPN Project) R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [287904 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [319720 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [115968 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [229248 2022-01-25] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2022-01-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2022-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2022-01-12] (Microsoft Windows -> Microsoft Corporation) S3 xhunter1; C:\WINDOWS\xhunter1.sys [2522256 2022-01-15] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.) S3 xspirit; C:\WINDOWS\xspirit.sys [47928 2022-01-14] (Wellbia.com Co., Ltd. -> ) S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X] U3 idsvc; não ImagePath ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Três meses (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-01-26 09:57 - 2022-01-26 10:00 - 000033033 _____ C:\Users\Rafael\Downloads\FRST.txt 2022-01-26 09:54 - 2022-01-26 09:54 - 002311680 _____ (Farbar) C:\Users\Rafael\Downloads\FRST64.exe 2022-01-26 09:54 - 2022-01-26 09:54 - 000000000 ____D C:\Users\Rafael\Downloads\FRST-OlderVersion 2022-01-26 09:44 - 2022-01-26 09:42 - 000191832 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2022-01-25 16:37 - 2022-01-25 16:34 - 000096008 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpnpflt.sys 2022-01-25 16:26 - 2022-01-25 16:26 - 000319720 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys 2022-01-25 16:19 - 2022-01-25 16:20 - 000000000 ____D C:\Program Files\Common Files\AV 2022-01-25 16:19 - 2022-01-25 16:19 - 000287904 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys 2022-01-25 16:19 - 2022-01-25 16:19 - 000229248 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys 2022-01-25 16:19 - 2022-01-25 16:19 - 000115968 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys 2022-01-25 16:18 - 2022-01-25 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN 2022-01-25 16:17 - 2022-01-25 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Cloud 2022-01-25 16:16 - 2022-01-25 16:17 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2022-01-25 16:16 - 2022-01-25 16:17 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2022-01-25 16:16 - 2021-02-19 21:09 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll 2022-01-25 16:15 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys 2022-01-25 16:15 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys 2022-01-25 15:51 - 2022-01-25 15:52 - 003281381 _____ C:\Users\Rafael\Downloads\cpu-z_1.99-en.zip 2022-01-25 15:45 - 2022-01-25 15:45 - 002760536 _____ (Kaspersky) C:\Users\Rafael\Downloads\ks4.021.3.10.391en_25092.exe 2022-01-25 12:17 - 2022-01-26 09:59 - 000000000 ____D C:\FRST 2022-01-22 03:56 - 2022-01-22 03:56 - 028988305 _____ C:\Users\Rafael\Downloads\FreePsdVn.com_2101467_ACTION_vintage_offset_printer_5673346.zip 2022-01-21 13:25 - 2022-01-21 13:26 - 004751770 _____ C:\Users\Rafael\Downloads\Pinceles Rodillos y Brochas.abr 2022-01-21 13:24 - 2022-01-21 13:26 - 012357458 _____ C:\Users\Rafael\Downloads\WG_Spray_1.abr 2022-01-21 13:14 - 2022-01-21 13:14 - 000288731 _____ C:\Users\Rafael\Downloads\Dharma Gothic E.zip 2022-01-21 13:13 - 2022-01-21 13:13 - 000031933 _____ C:\Users\Rafael\Downloads\PODIUMSharp-2.12.zip 2022-01-21 11:24 - 2022-01-21 11:24 - 000000000 ____D C:\WINDOWS\LastGood.Tmp 2022-01-20 23:07 - 2022-01-20 23:07 - 112735504 _____ C:\Users\Rafael\Downloads\free-letter-size-magazine-mockup.zip 2022-01-20 14:51 - 2022-01-20 14:51 - 000141420 _____ C:\Users\Rafael\Downloads\f1642701069.zip 2022-01-20 13:24 - 2022-01-20 13:34 - 061612194 _____ C:\Users\Rafael\Downloads\Sticker Free.zip 2022-01-20 13:23 - 2022-01-20 13:33 - 1508118670 _____ C:\Users\Rafael\Downloads\FREE PACK 1K -@olirumdesigner.rar 2022-01-20 09:34 - 2022-01-21 13:15 - 000000000 ____D C:\Users\Rafael\FontBase 2022-01-20 09:33 - 2022-01-22 04:23 - 000000000 ____D C:\Users\Rafael\AppData\Roaming\FontBase 2022-01-20 09:33 - 2022-01-20 09:33 - 000002420 _____ C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FontBase.lnk 2022-01-20 09:32 - 2022-01-20 09:33 - 000000000 ____D C:\Users\Rafael\AppData\Local\fontbase-app-updater 2022-01-19 17:42 - 2022-01-19 17:44 - 000000000 ____D C:\Users\Rafael\AppData\LocalLow\uTorrent 2022-01-19 16:14 - 2022-01-19 16:14 - 000000000 ____D C:\Users\Rafael\Documents\Lightshot 2022-01-19 15:00 - 2022-01-19 15:00 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2022-01-19 14:58 - 2022-01-19 14:58 - 000002491 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2022-01-19 14:58 - 2022-01-19 14:58 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2022-01-19 14:58 - 2022-01-19 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2022-01-19 14:42 - 2022-01-19 14:58 - 000000000 ____D C:\Program Files\Microsoft Office 2022-01-19 14:42 - 2022-01-19 14:42 - 000000000 ____D C:\Program Files\Microsoft Office 15 2022-01-19 13:13 - 2022-01-19 13:13 - 089325568 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit 2022-01-19 13:13 - 2022-01-19 13:13 - 000540672 _____ C:\WINDOWS\system32\config\DEFAULT.iobit 2022-01-19 13:13 - 2022-01-19 13:13 - 000069632 _____ C:\WINDOWS\system32\config\SAM.iobit 2022-01-19 13:13 - 2022-01-19 13:13 - 000040960 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2022-01-19 12:29 - 2022-01-19 12:40 - 000000000 ____D C:\Users\Rafael\AppData\Roaming\UUID 2022-01-19 12:29 - 2022-01-19 12:29 - 000000000 ____D C:\Users\Rafael\AppData\Roaming\ProfCleaner 2022-01-19 12:28 - 2022-01-19 12:28 - 000000000 ____D C:\Users\Rafael\AppData\Local\Yandex 2022-01-18 09:00 - 2022-01-18 09:03 - 000000000 ____D C:\Program Files (x86)\MTA San Andreas 1.5 2022-01-18 09:00 - 2022-01-18 09:00 - 000000000 ___HD C:\WINDOWS\msdownld.tmp 2022-01-18 09:00 - 2022-01-18 09:00 - 000000000 ____D C:\WINDOWS\SysWOW64\directx 2022-01-18 08:58 - 2022-01-18 09:03 - 000000000 ____D C:\ProgramData\MTA San Andreas All 2022-01-18 08:51 - 2022-01-18 08:57 - 000000000 ____D C:\Users\Rafael\Documents\GTA San Andreas User Files 2022-01-18 08:51 - 2022-01-18 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA San Andreas 2022-01-17 11:54 - 2022-01-19 09:30 - 000000408 _____ C:\WINDOWS\Tasks\update-sys.job 2022-01-17 11:54 - 2022-01-19 09:30 - 000000408 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2960865112-1731992900-3936724381-1000.job 2022-01-17 11:54 - 2022-01-17 11:54 - 000003400 _____ C:\WINDOWS\system32\Tasks\update-S-1-5-21-2960865112-1731992900-3936724381-1000 2022-01-17 11:54 - 2022-01-17 11:54 - 000003334 _____ C:\WINDOWS\system32\Tasks\update-sys 2022-01-17 11:54 - 2022-01-17 11:54 - 000000424 _____ C:\Users\Rafael\AppData\Local\UserProducts.xml 2022-01-17 11:54 - 2022-01-17 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot 2022-01-17 11:54 - 2022-01-17 11:54 - 000000000 ____D C:\Program Files (x86)\Skillbrains 2022-01-15 13:47 - 2022-01-15 13:47 - 000043802 _____ C:\WINDOWS\unins000.dat 2022-01-15 13:47 - 2022-01-15 13:47 - 000000000 ____D C:\Users\Rafael\Documents\M711 Gaming Mouse 2022-01-15 13:47 - 2022-01-15 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REDRAGON M711 2022-01-15 13:47 - 2022-01-15 13:47 - 000000000 ____D C:\Program Files (x86)\REDRAGON M711 Gaming Mouse 2022-01-15 13:47 - 2022-01-15 13:46 - 001502943 _____ C:\WINDOWS\unins000.exe 2022-01-15 00:04 - 2022-01-15 00:04 - 000000000 ____D C:\Users\Rafael\AppData\Local\UXP 2022-01-14 23:53 - 2022-01-14 23:53 - 000002513 _____ C:\Users\Rafael\Desktop\Adobe Illustrator 2021.lnk 2022-01-14 23:51 - 2022-01-14 23:51 - 000001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2020.lnk 2022-01-14 23:51 - 2022-01-14 23:51 - 000001064 _____ C:\Users\Rafael\Desktop\Adobe Photoshop 2020.lnk 2022-01-14 23:33 - 2022-01-14 23:33 - 000002513 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2021.lnk 2022-01-14 22:52 - 2022-01-14 22:52 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2960865112-1731992900-3936724381-1000 2022-01-14 22:52 - 2022-01-14 22:52 - 000002392 _____ C:\Users\Rafael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-01-14 15:21 - 2022-01-14 15:21 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll 2022-01-14 11:20 - 2022-01-14 12:22 - 000000000 ____D C:\Users\Rafael\Downloads\Adobe Illustrator 2021 v25.2.1.236 (x64) + Fix {CracksHash} 2022-01-14 11:17 - 2022-01-14 11:48 - 000000000 ____D C:\Users\Rafael\Downloads\Adobe Photoshop 2020 v21.1.1.121 (x64) Multilingual Pre-Activated [FileCR] 2022-01-14 00:45 - 2022-01-14 00:45 - 000000000 ____D C:\WINDOWS\SystemTemp 2022-01-13 22:57 - 2022-01-13 22:57 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf 2022-01-13 22:56 - 2022-01-13 22:56 - 000000000 ____D C:\Program Files\Synaptics 2022-01-13 22:33 - 2022-01-13 22:33 - 000464384 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe 2022-01-13 22:32 - 2022-01-13 22:32 - 000523776 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe 2022-01-13 22:32 - 2022-01-13 22:32 - 000011797 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-01-13 22:30 - 2022-01-13 22:30 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2022-01-13 22:27 - 2022-01-13 22:27 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe 2022-01-13 22:24 - 2022-01-13 22:24 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2022-01-13 22:24 - 2022-01-13 22:24 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe 2022-01-13 21:24 - 2022-01-13 21:24 - 000000000 ___HD C:\$WinREAgent 2022-01-13 20:01 - 2022-01-14 22:52 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2960865112-1731992900-3936724381-1000 2022-01-13 19:54 - 2022-01-13 19:54 - 000001154 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk 2022-01-13 19:53 - 2022-01-13 19:54 - 000000000 ____D C:\Program Files\PCHealthCheck 2021-11-13 02:57 - 2021-11-13 02:57 - 000689976 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klgse.sys 2021-11-13 02:56 - 2021-11-13 02:56 - 001507648 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys ==================== Três meses (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-01-26 10:07 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-01-26 09:44 - 2021-09-21 23:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2022-01-26 09:44 - 2021-09-21 23:04 - 000000000 ____D C:\Program Files\Java 2022-01-26 09:40 - 2021-09-17 16:29 - 000000000 ____D C:\ProgramData\NVIDIA 2022-01-26 09:37 - 2021-09-17 19:26 - 000000000 ____D C:\Users\Rafael 2022-01-26 09:37 - 2021-09-17 13:58 - 000000000 ____D C:\Program Files (x86)\Google 2022-01-26 09:32 - 2021-09-17 19:36 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-01-26 09:32 - 2021-09-17 19:11 - 000008192 ___SH C:\DumpStack.log.tmp 2022-01-26 09:32 - 2021-09-17 19:11 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-01-25 16:20 - 2021-09-17 13:58 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-01-25 16:18 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF 2022-01-25 16:17 - 2019-12-07 06:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2022-01-25 16:16 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2022-01-25 15:36 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-01-24 12:42 - 2021-09-17 19:40 - 000000000 ____D C:\Users\Rafael\AppData\Local\Packages 2022-01-22 12:47 - 2021-09-17 19:18 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-01-22 12:47 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-01-22 04:11 - 2021-09-22 14:04 - 000001456 _____ C:\Users\Rafael\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2022-01-21 14:17 - 2021-09-17 22:52 - 000000000 ____D C:\Users\Rafael\AppData\Local\D3DSCache 2022-01-21 11:18 - 2021-09-17 19:36 - 000003590 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA 2022-01-21 11:18 - 2021-09-17 19:36 - 000003466 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore 2022-01-20 22:50 - 2021-09-17 19:11 - 000307368 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-01-20 22:48 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2022-01-20 22:43 - 2021-09-22 13:15 - 000000000 ____D C:\Program Files\Adobe 2022-01-20 19:04 - 2021-09-17 23:35 - 000000000 ____D C:\Users\Rafael\AppData\Roaming\discord 2022-01-20 18:44 - 2021-09-17 23:34 - 000000000 ____D C:\Users\Rafael\AppData\Local\Discord 2022-01-20 08:13 - 2021-09-17 19:40 - 000000000 ____D C:\Users\Rafael\AppData\Roaming\Adobe 2022-01-20 00:07 - 2021-09-21 12:16 - 000000000 ____D C:\ProgramData\Adobe 2022-01-19 18:37 - 2021-09-17 14:18 - 000000000 ____D C:\Users\Rafael\AppData\Roaming\uTorrent 2022-01-19 18:11 - 2021-09-21 10:39 - 000000000 ____D C:\Users\Rafael\AppData\Local\BitTorrentHelper 2022-01-19 14:58 - 2019-12-07 06:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2022-01-19 13:29 - 2021-09-17 14:03 - 000000000 ____D C:\ProgramData\IObit 2022-01-19 13:22 - 2021-09-17 18:27 - 000000000 ___DC C:\WINDOWS\Panther 2022-01-19 13:09 - 2021-09-17 14:04 - 000000000 ____D C:\ProgramData\ProductData 2022-01-19 12:35 - 2009-07-14 00:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2022-01-19 12:10 - 2021-01-16 18:53 - 000000000 ____D C:\Users\Rafael\Documents\Monkey Publicidade 2022-01-18 22:42 - 2021-09-18 04:15 - 000003618 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-01-18 22:42 - 2021-09-18 04:15 - 000003524 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7ac1447001fb1 2022-01-18 08:57 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-01-18 08:36 - 2021-09-18 01:50 - 000000000 ____D C:\Users\Rafael\AppData\Local\PlaceholderTileLogoFolder 2022-01-17 11:19 - 2021-09-21 12:12 - 000000000 ____D C:\Users\Rafael\AppData\Local\Adobe 2022-01-15 14:00 - 2021-09-18 00:29 - 002522256 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys 2022-01-15 00:05 - 2021-09-21 13:05 - 000000000 ____D C:\Users\Rafael\Documents\Adobe 2022-01-14 23:33 - 2021-09-21 12:31 - 000000000 ____D C:\Program Files\Common Files\Adobe 2022-01-14 23:18 - 2021-09-22 12:56 - 000000000 ____D C:\Program Files (x86)\Adobe 2022-01-14 23:17 - 2021-09-17 14:16 - 000000000 ____D C:\ProgramData\Package Cache 2022-01-14 15:21 - 2021-09-17 19:42 - 000000000 ____D C:\ProgramData\Packages 2022-01-14 12:33 - 2021-09-17 23:35 - 000002236 _____ C:\Users\Rafael\Desktop\Discord.lnk 2022-01-14 10:07 - 2021-09-18 00:30 - 000047928 _____ C:\WINDOWS\xspirit.sys 2022-01-14 08:38 - 2021-09-17 19:37 - 001741820 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-01-14 08:38 - 2019-12-07 11:53 - 000752602 _____ C:\WINDOWS\system32\prfh0416.dat 2022-01-14 08:38 - 2019-12-07 11:53 - 000148716 _____ C:\WINDOWS\system32\prfc0416.dat 2022-01-14 00:46 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2022-01-14 00:46 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2022-01-14 00:46 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-01-14 00:46 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\setup 2022-01-14 00:45 - 2019-12-07 11:56 - 000000000 ___SD C:\WINDOWS\system32\AppV 2022-01-14 00:45 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\Provisioning 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-01-14 00:45 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-01-14 00:45 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\servicing 2022-01-13 21:11 - 2021-09-17 23:07 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-01-13 21:06 - 2021-09-17 23:07 - 145765912 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2022-01-12 13:45 - 2021-09-17 19:36 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd ==================== Arquivos na raiz de alguns diretórios ======== 2021-09-22 14:04 - 2022-01-22 04:11 - 000001456 _____ () C:\Users\Rafael\AppData\Local\Adobe Salvar para Web 13.0 Prefs 2021-09-25 07:37 - 2021-09-25 07:37 - 000000000 _____ () C:\Users\Rafael\AppData\Local\oobelibMkey.log 2022-01-17 11:54 - 2022-01-17 11:54 - 000000003 _____ () C:\Users\Rafael\AppData\Local\updater.log 2022-01-17 11:54 - 2022-01-17 11:54 - 000000424 _____ () C:\Users\Rafael\AppData\Local\UserProducts.xml ==================== FCheck ================================ (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) FCheck: C:\WINDOWS\SysWOW64\version_IObitDel.dll [2021-09-17] <==== ATENÇÃO (zero byte Arquivo/Pasta) ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ========================