techserving
  • Tecnologia
  • Equipamento elétrico
  • Indústria de Materiais
  • Vida digital
  • política de Privacidade
  • Ó nome
  • Portuguese
    English Spanish French Portuguese Serbian (Latin) Finnish Czech Bulgarian
Localização: Casa / Tecnologia / A infecção por HTML/Phish.RA!MTB não foi definitivamente removida

A infecção por HTML/Phish.RA!MTB não foi definitivamente removida

techserving |
1104

Oi. Eu tenho um laptop Windows 10 de 64 bits cujo AV principal é o Defender.

A fonte de infecção é SPAM. O Defender identificou o malware imediatamente quando toquei no arquivo no Thunderbird. Descobri que estava recebendo vários spams com uma linha de assunto começando com um sublinhado (_) e toda vez que o e-mail chegava à minha caixa de entrada alertava o Defender. O problema era que o Defender geralmente tentava remover ou colocar em quarentena, mas o resumo final era este

trojan.JPG 57,7 KB0 downloads

HTML/Phish.RA!MTB infecção definitivamente não removido

Finalmente consegui controlá-lo fazendo login no meu webmail e excluindo todas as mensagens com _subject do servidor do provedor antes de baixá-las para o meu laptop. Também usei as ferramentas de spam dos provedores para rejeitar qualquer assunto que começasse com um sublinhado. Não tenho certeza se isso cobrirá, mas nenhum _assunto até agora. Estou respirando de novo, pois essa ameaça é descrita como um coletor de senhas. Mas é uma solução improvisada feia e o Defender me deixa com um status incerto de Remediação Incompleta. Nem o Housecall nem o MBAM conseguiram ver o vírus quando fiz a varredura com eles.

Outro sintoma foi que, após o primeiro alerta do Defender, comecei a ter dificuldade em ver meus e-mails da caixa de entrada (todos em branco) e não conseguia esvaziar a lixeira. O sistema respondeu com a mensagem estranha "Não há espaço em disco suficiente para baixar novas mensagens." Infelizmente, não fiz uma captura de tela e não tenho certeza se era uma mensagem do Thunderbird ou do Windows.

Em última análise, a única coisa que removeu o X vermelho do Defender foi uma verificação offline. Obrigado.

Bem, aqui está o FRST:

Resultado da verificação da Farbar Recovery Scan Tool (FRST) (x64) Versão: 13-04-2022 01Executado por cope (administrador) em LAPTOP-PV813QTR (LENOVO 80X4) (14-04-2022 21:04:50)Executando de C: \Users\cope\DownloadsLoaded Profiles: copePlatform: Microsoft Windows 10 Home Version 21H2 19044.1645 (X64) Idioma: inglês (Estados Unidos)Navegador padrão: ChromeBoot Mode: Normal ================ ==== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) ( Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe(C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe -> ;) (Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe(C:\Program Files (x86)\Common Files\Adobe\ Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Arquivos de Programas (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe(C:\Arquivos de Programas (x86 )\Arquivos comuns\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe -> ;) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe(C:\Program Files\Adobe\Adobe Creative Cloud \ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>(C :\Arquivos de programas\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Arquivos de programas\Arquivos comuns\Adobe\Creative Cloud Libraries\CCLibrary.exe (C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\ libs\node.exe(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCopyAccelerator.exe(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe -> ;) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe <3>(C:\Windows\Lenovo\ImController\Service\ Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe(explorer.exe -> ) (Dolby Laboratories, Inc. -> ) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files ( x86)\Google\Chrome\Application\chrome.exe <17>(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(explorer.exe ->) (SatoshiLabs, s.r.o. -> ) C:\Program Files (x86)\TREZOR Bridge\trezord.exe( Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxEM.exe(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Arquivos (x86)\Arquivos comuns\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Arquivos de programas (x86)\Arquivos comuns\ Adobe\ARM\1.0\armsvc.exe(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe(services .exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Arquivos de programas (x86)\Arquivos comuns\Adobe\AdobeGCClient\AGSService.exe(services.exe ->) (Apple Inc. - > Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2 \DAX2_API\DolbyDAX2API.exe(services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\ibtsiva.exe(services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxCUIService.exe( services.exe ->) (Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\IntelCpHDCPSvc.exe(services.exe ->) (Intel® pGFX ->Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\IntelCpHeciSvc.exe(services.exe ->) (Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel ® Rapid Storage Technology\IAStorDataMgrSvc.exe(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe(services.exe -> ;) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\ Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek \Audio\HDA\RtkAudioService64.exe(svchost.exe ->) (Adobe Systems Incorporated) C:\Arquivos de programas\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe(svchost.exe ->) (Microsoft Corporation - > Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings. exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C :\Windows\System32\smartscreen.exe(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe ============== ====== Registry (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o item do registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2017-05-25] (LENOVO -> )HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677488 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321592 2019-03-11] (Intel® Rapid Storage Technology -> Intel Corporation)HKLM\...\Run: [DAX2_APP] => ; C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849928 2016-09-19] (Dolby Laboratories, Inc. -> )HKLM-x32\...\Run: [Adobe Creative Cloud] = > C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2084920 2019-09-27] (Adobe Inc. -> Adobe Inc.)HKU\S-1-5-21-313246963-3037881445 -1802910-1001\...\Executar: [Limpeza Inteligente do CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [35888256 2022-03-10] (Piriform Software Ltd -> Piriform Software Ltd)HKU\S-1-5-21-313246963-3037881445-1802910-1001\.. .\Executar: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\100.0.4896.88\Installer\chrmstp.exe [2022-04-11] (Google LLC -> Google LLC)Inicialização: C:\ProgramData\Microsoft\Windows \Start Menu\Programs\Startup\TREZOR Bridge.lnk [2019-11-20]Atalho Alvo: TREZOR Bridge.lnk -> C:\Program Files (x86)\TREZOR Bridge\trezord.exe (SatoshiLabs, s.r.o. -> )GroupPolicy: Restriction ? <==== ATTENTIONPolicies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION ==================== Tarefas agendadas (lista branca) ============ (Se uma entrada for incluída na fixlist, ela será removida do registro. O arquivo não será movido a menos que seja listado separadamente.) Tarefa: {01694321-4C2C-4B51-A741-C99F3943D56A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\469cb482-fd66-4cac-a870-9e68a5ff8e59 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Tarefa: {0209A36C-E368-4F8F-96C7-809B70BCC558} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-313246963-3037881445-1802910-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)Tarefa: {039F46E7-8402-4106-B901-FA84A1F9D5F3 } - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)Tarefa: {0427B744-2090-47A1-AA79- 457E90E93D2A} - System32\Tasks\CCleanerSkipUAC - cope => C:\Program Files\CCleaner\CCleaner.exe [30053504 2022-03-10] (Piriform Software Ltd -> Piriform Software Ltd)Tarefa: {25B4348D-CED6-416E-9BEF-DF9A86294C99} - System32\Tasks\Microsoft\ Office\Atualizações de recursos do Office => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Tarefa: {3A8E30CB-3EF6-456E-B935-050089915D39} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Manutenção agendada => "%windir%\system32\sc.exe" START ImControllerServiceTask: {3E5ECBD8-CAE4-4C32-9C17-DA2DD1F96B8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verificação agendada => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)Tarefa: {435DDE76-E3F5-47C2-A1AC- BDEBD879376B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Tarefa: {570AABD4-1BC4-4217-9BF0-E338143FC28C} - System32\Tasks\Microsoft\ Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Tarefa: {59C536E1-F8BA-46DE-BFCB-7EEAEB5E1998} - System32\ Tarefas\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)Tarefa: {5ED1416D-084D-46C2-BD02-71129D53B410} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-16] (Google Inc -> Google Inc.)Tarefa: {61003686-87EA-4D45-B710-7488F4AFE5BA} - System32\ Tarefas\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)Tarefa: {6B7D48DC-91EE-42E0-B746 -4130DA6A431B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)Tarefa: {8788E93F-6B8D-4BE9-A8C2- BA338897109B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verificação => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)Tarefa: {89C093CF-4F70-4CBB-AC64- 07D696629E0C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Arquivos de programas\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"Task: {91045D90-E7DA-4F50-BEEC-F7E8A471B5A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MpCmdRun.exe [993000 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)Tarefa: {98D2CD6D-7566-4F48-B962- 899F38081515} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\14db7110-c370-4e33-89b4-e4ffc69aa531 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Tarefa: {9DABA2BB-DF3F-4C0B-8FEB-C9D0E337A386} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-01-16] (Google Inc -> Google Inc.)Tarefa: {B1257E74-0889-4670-94E1-E4F70C559F07} - System32\ Tarefas\Lenovo\ImController\TimeBasedEvents\4c4b4016-eb07-4017-b034-a65ffb94f6de => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Tarefa: {BDD1FDDA-B2AE-4028-AAC0-3518E7AE810D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1eb6cb73-2891-429f-837f-cdaf935c00d6 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Tarefa: {C244C3C6-AFAD-41A6-B2A3-434EDF30FB4F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22865832 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Tarefa: {C3278433-4829-48AB-A745-A0AC38150AC6} - System32\ Tarefas\Lenovo\ImController\TimeBasedEvents\88bf197c-fd62-4ae3-a5e9-4a2b348cce3e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)Tarefa: {C4AF5A87-C19F-47C1-8663-BEC7452AC4E0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2022-03-10] (Piriform Software Ltd -> Piriform)Tarefa: {EA22C148-B71A-46AF-AAD9-62DF4B7E65CD} - System32\Tasks\Microsoft\Office\ Atualizações de recursos do Office Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [111512 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Tarefa: {FE749972-32D7-49A7-8D15-71279A350F08} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 (Se uma entrada for incluída na fixlist, a tarefa (.job) arquivo será movido. O arquivo que está sendo executado pela tarefa não será movido.)====================== Internet (Whitelisted) ======= ============= (Se um item for incluído na fixlist, se for um item de registro, ele será removido ou restaurado para o padrão.) Winsock: Catalog5 08 C:\Program Files (x86 )\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12 ] (Apple Inc. -> Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{a324593e-2193-40e1-81d6-51cbd21b84a1}: [DhcpNameServer] 169.254.131.49Tcpip .\Interfaces\{b3dfa0c7-b6eb-438c-bd53-91ce6540439c}: [DhcpNameServer] 192.168.1.254 Edge: =======Extensão do Edge: (Sem nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado]Edge Extension: (sem nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado]Edge Extension: (sem nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado]Edge Extension: (sem nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado]Edge Profile: C:\Users\cope\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-11]Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox:========FF DefaultProfile: f81ixan5.default-1602258033880FF ProfilePath: C:\Users\cope\AppData\Roaming\Mozilla\Firefox\ Profiles\f81ixan5.default-1602258033880 [2022-04-13]FF Extension: (Video DownloadHelper) - C:\Users\cope\AppData\Roaming\Mozilla\Firefox\Profiles\f81ixan5.default-1602258033880\Extensions\{b9db16a4- 6edc-47ec-a1f4-b86292ed211d}.xpi [2022-01-09]FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-04-07] (Adobe Inc. -> Adobe Systems Inc.)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-09-27] (Adobe Inc. -> Adobe Systems)FF Plugin-x32: @microsoft.com/SharePoint,version =14,0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-03-04] (Microsoft Corporation -> Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.2 .8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN -> VideoLAN)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-09-27] (Adobe Inc. -> Adobe Systems) Chrome: =======CHR Profile: C :\Users\cope\AppData\Local\Google\Chrome\User Data\Default [2022-04-14]CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://meet.google.com; hxxps://www.facebook.com; hxxps://www.netflix.com; hxxps://www.newsbreak.comCHR HomePage: Padrão -> hxxp://www.google.com/CHR Restauração da sessão: Padrão -> está ativado.CHR Extension: (Slides) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-16]CHR Extension: (Docs) - C:\Users\cope \AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-16]CHR Extension: (Google Drive) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\ Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-05]CHR Extension: (YouTube) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-16]CHR Extension: (Sheets) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-16]CHR Extension: (Qualys BrowserCheck for Windows) - C:\Users \cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\foklmnihmhdobgonljkdamiiohnobkff [2022-04-11]CHR Extension: (Google Docs Offline) - C:\Users\cope\AppData\Local\Google\Chrome\ User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-03-23]CHR Extension: (Malwarebytes Browser Guard) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2022- 04-11]CHR Extension: (Video DownloadHelper) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2021-07-09]CHR Extension: (Chrome Web Store Payments ) - C:\Users\cope\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-09]CHR Extension: (Gmail) - C:\Users\cope\AppData\Local\ Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-05]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechdogeegckofjeeegckofjeechdoeegck ] ==================== Serviços (lista branca) =================== (Se uma entrada for incluída na fixlist, ele será removido do registro. O arquivo não será movido a menos que listado separadamente.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [823352 2019-09-27] (Adobe Inc. -> Adobe Inc.)R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [680288 2016-12-06] (LENOVO -> Lenovo)R2 ClickToRunSvc; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11666384 2022-04-05] (Microsoft Corporation -> Microsoft Corporation)R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8348856 2022-04-11] (Malwarebytes Inc -> Malwarebytes)R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe [3116848 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation)R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe [133544 2022-04-07] (Microsoft Windows Publisher -> Microsoft Corporation) =========== ========== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, ela será removida do registro O arquivo não será movido a menos que seja listado separadamente.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (Compilação WDKTestCert,132303256403278908 -> Apple Inc.)S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado]R2 MBAMCameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223688 2022-04-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-01-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-02] (Malwarebytes Inc -> Malwarebytes)R3 MpKsl36c8f9ba; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4958C271-110F-4CB6-8B16-AEE8B0496171}\MpKslDrv.sys [139536 2022-04-14] (Microsoft Windows -> Microsoft Corporation)R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [329184 2016-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [937536 2017-04-09] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [828256 2019-12-10] (IDRIX SARL -> IDRIX)S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-04-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [443664 2022-04-07] (Microsoft Windows -> Microsoft Corporation)R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90384 2022-04-07] (Microsoft Windows -> Microsoft Corporation) =================== = NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, ela será removida do registro. O arquivo não será movido a menos que esteja listado separadamente.)====================== Um mês (criado) (lista branca) ======= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-04-14 21:04 - 2022-04-14 21:05 - 000024565 _____ C:\Users\cope\Downloads\FRST.txt2022-04-14 21:04 - 2022 -04-14 21:04 - 000024755 _____ C:\Users\cope\Desktop\bleeping tutorial.odt2022-04-14 20:32 - 2022-04-14 20:32 - 002365952 _____ (Farbar) C:\Users\ cope\Downloads\FRST64.exe2022-04-14 12:37 - 2022-04-14 12:37 - 000127653 _____ C:\Users\cope\AppData\Local\usado recentemente.xbel2022-04-13 23:33 - 2022-04-13 23:33 - 091226112 _____ C:\WINDOWS\system32\config\SOFTWARE2022-04-13 20:39 - 2022-04-13 20:39 - 000008646 _____ C:\WINDOWS\system32\AmspLogList.ini2022 -04-13 20:39 - 2022-04-13 20:39 - 000002222 _____ C:\WINDOWS\system32\AmspConfig.ini2022-04-13 20:39 - 2022-04-13 20:39 - 000002016 _____ C: \WINDOWS\system32\AmspLogFilter.ini2022-04-13 20:39 - 2022-04-13 20:39 - 000000127 _____ C:\WINDOWS\system32\trxhandler_log.ini2022-04-13 20:39 - 2022-04-13 20:39 - 000000080 _____ C:\WINDOWS\system32\log.ini2022-04-13 20:38 - 2022-04-13 20:38 - 000000000 ____D C:\WINDOWS\system32\TmAMSI2022-04-13 20:37 - 2022-04-13 21:48 - 000000000 ____D C:\Users\cope\AppData\Local\Trend Micro2022-04-13 20:37 - 2022-04-13 21:47 - 000000000 ____D C:\ProgramData\Trend Micro2022-04-13 20:11 - 2022-04-13 20:11 - 000870562 _____ C:\Users\cope\AppData\Local\census.cache2022-04-13 20:09 - 2022-04-13 20:09 - 000387211 _____ C:\Users\cope\AppData\Local\ars.cache2022-04-13 19:58 - 2022-04-13 21:48 - 000000000 ____D C:\Program Files\Trend Micro2022-04-13 19: 58 - 2022-04-13 20:40 - 000000036 _____ C:\Users\cope\AppData\Local\housecall.guid.cache2022-04-13 18:53 - 2022-04-13 18:53 - 000162883 _____ C: \Users\cope\Desktop\trojan.xcf2022-04-13 17:52 - 2022-04-14 20:29 - 001197879 _____ C:\Users\cope\Desktop\trash file sqlite-highlights.odt2022-04-13 15 :39 - 2022-04-13 15:39 - 001196591 _____ C:\Users\cope\Desktop\trash file sqlite.odt2022-04-12 21:12 - 2022-04-12 21:12 - 000048640 _____ (Adobe Systems ) C:\WINDOWS\system32\atmlib.dll2022-04-12 21:12 - 2022-04-12 21:12 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll2022-04-12 21: 12 - 2022-04-12 21:12 - 000011803 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim2022-04-12 21:11 - 2022-04-12 21:11 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool .exe2022-04-12 21:01 - 2022-04-12 21:01 - 000000000 ___HD C:\$WinREAgent2022-04-12 20:30 - 2022-04-12 21:21 - 000000000 ____D C:\Arquivos de programas (x86)\Mozilla Thunderbird2022-04-11 18:17 - 2022-04-13 23:32 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware2022-04-11 14:20 - 2022-04-11 14:20 - 000223688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys2022-04-11 13:58 - 2022-04-11 13:58 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla2022-03-30 12 :14 - 2022-03-30 12:14 - 000125820 _____ C:\Users\cope\Downloads\1099DIV-2019.pdf2022-03-30 12:12 - 2022-03-30 12:12 - 000125347 _____ C:\ Users\cope\Downloads\1099DIV-2021.pdf2022-03-29 12:34 - 2022-03-29 12:34 - 002004474 _____ C:\Users\cope\Downloads\EStatement-2021-12-15-41657.pdf2022 -03-23 ​​14:19 - 2022-03-23 ​​14:19 - 000035924 _____ C:\Users\cope\Downloads\EnrollCode (1).pdf2022-03-23 ​​14:18 - 2022-03-23 ​​14:18 - 002004474 _____ C:\Users\cope\Downloads\EStatement-2021-12-15-47888.pdf ==================== Um mês (modificado) == ================ (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2022-04-14 21:05 - 2019-08-02 12 :41 - 000000000 ____D C:\FRST2022-04-14 21:04 - 2018-01-17 15:54 - 000000000 ____D C:\Users\cope\.gimp-2.82022-04-14 21:03 - 2018-06 -22 12:22 - 000000000 ____D C:\Users\cope\AppData\LocalLow\Mozilla2022-04-14 20:46 - 2018-01-16 20:33 - 000000000 ____D C:\Program Files (x86)\Google2022- 14-04 20:28 - 07-12-2019 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2022-04-14 19:08 - 2020-08-10 22:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy2022-04-14 12:37 - 2018-01-17 16:13 - 000000000 ____D C:\ Users\cope\AppData\Local\gtk-2.02022-04-14 11:51 - 2018-01-31 09:49 - 000000000 ____D C:\Program Files\CCleaner2022-04-14 01:58 - 2019-10-02 09:58 - 000000000 ___HD C:\Usuários\Público\Documentos\AdobeGCData2022-04-14 01:54 - 2022-01-14 14:34 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864- e594e8d1fb382022-04-14 01:53 - 2018-01-16 17:06 - 000000000 __SHD C:\Users\cope\IntelGraphicsProfiles2022-04-13 21:48 - 2019-12-07 05:14 - 00000000:\ ___HD C00:\ WINDOWS\ELAMBKUP2022-04-13 20:52 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps2022-04-13 20:52 - 2019-12-07 05:14 - 000000000 ____D C: \WINDOWS\AppReadiness2022-04-13 20:39 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM2022-04-13 20:38 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF2022-04-13 19:37 - 2020-08-10 22:18 - 000842418 _____ C:\WINDOWS\system32\PerfStringBackup.INI2022-04-13 19:33 - 2020-08-10 22:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT2022-04-13 19:33 - 2020-08-10 22:14 - 000008192 ___SH C:\DumpStack.log.tmp2022-04-13 19:33 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState2022-04-13 19:28 - 2019-12-07 05:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI2022-04- 13 13:02 - 2019-08-02 12:36 - 000000000 ____D C:\Users\cope\AppData\Local\mbam2022-04-12 21:21 - 2020-08-10 22:14 - 000330904 _____ C:\ WINDOWS\system32\FNTCACHE.DAT2022-04-12 21:21 - 2018-01-16 20:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2022-04-12 21:20 - 2019-12- 07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism2022-04-12 21:20 - 2019- 12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\Dism2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ShellExperiences2022-04-12 21: 20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\Provisioning2022-04-12 21:20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions2022-04-12 21: 20 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr2022-04-12 21:15 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp2022-04-12 21: 00 - 2018-01-16 21:56 - 000000000 ____D C:\WINDOWS\system32\MRT2022-04-12 20:58 - 2018-01-16 21:56 - 143823848 ____C (Microsoft Corporation) C:\WINDOWS\system32 \MRT.exe2022-04-12 20:28 - 2020-08-10 22:19 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task2022-04-12 20:27 - 2021-11-19 12 :44 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Menu Iniciar\Programas\Adobe Acrobat DC.lnk2022-04-12 20:27 - 2021-11-19 12:44 - 000002068 _____ C:\Usuários\Público\ Desktop\Adobe Acrobat DC.lnk2022-04-12 12:56 - 2020-07-06 20:42 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Menu Iniciar\Programas\Microsoft Edge.lnk2022-04-11 19: 39 - 2018-01-16 20:33 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2022-04-11 19:39 - 2018-01-16 20:33 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk2022-04-11 14:24 - 2021-02-11 13:06 - 000000000 ____D C:\Users\cope\AppData\Local\CrashDumps2022-04-11 14: 18 - 2022-01-09 07:09 - 000000000 ____D C:\Program Files\Mozilla Firefox2022-04-11 13:58 - 2021-01-15 16:22 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes .lnk2022-04-11 13:58 - 2020-05-21 18:15 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk2022-04-11 13:58 - 2019-01- 01 22:16 - 000000000 ____D C:\ProgramData\Mozilla2022-04-11 13:58 - 2018-06-22 12:22 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Menu Iniciar\Programas\Firefox.lnk2022-04-11 13:56 - 2019-08-02 12:36 - 000000000 ____D C:\ProgramData\Malwarebytes2022-04-11 13:56 - 2019-08-02 12:36 - 000000000 ____D C:\Arquivos de programas \Malwarebytes2022-04-10 14:07 - 2018-01-29 16:40 - 000000000 ____D C:\Users\cope\AppData\Roaming\Canon2022-04-10 13:58 - 2020-08-10 22:19 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA2022-04-10 13:58 - 2020-08-10 22:19 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore2022-04-08 - 051:408 000003480 -02-17 19:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd2022-04-07 16:45 - 2021-01-24 14:05 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools2022- 04-07 10:30 - 2021-12-12 19:41 - 000003576 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-313246963-3037881445-1802910-10012022-04-07 10:30 - 2020-08-10 22:19 - 000003370 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-313246963-3037881445-1802910-10012022-04-07 10: 30 - 2020-08-10 19:48 - 000002379 _____ C:\Users\cope\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2022-04-05 13:55 - 2017-05-25 08 :08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office2022-04-04 14:02 - 2018-01-17 15:48 - 000000000 ____D C:\Users\cope\AppData\Roaming\vlc2022-03- 23 21:13 - 2021-01-24 14:05 - 000601432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll2022-03-23 ​​21:12 - 2021-01-24 14:05 - 000483664 _____ ( Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll2022-03-22 18:43 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports ============ ========== Arquivos na raiz de alguns diretórios ======== 2022-04-13 20:09 - 2022-04-13 20:09 - 000387211 _____ () C:\Users\ cope\AppData\Local\ars.cache2022-04-13 20:11 - 2022-04-13 20:11 - 000870562 _____ () C:\Users\cope\AppData\Local\census.cache2022-04-13 19: 58 - 2022-04-13 20:40 - 000000036 _____ () C:\Users\cope\AppData\Local\housecall.guid.cache2019-01-29 05:28 - 2019-01-29 05:28 - 000066717 _____ () C:\Users\cope\AppData\Local\logo.jpg2019-06-13 16:04 - 2019-06-13 16:04 - 000000410 _____ () C:\Users\cope\AppData\Local\oobelibMkey. log2018-01-18 20:41 - 2018-01-18 22:11 - 000000600 _____ () C:\Users\cope\AppData\Local\PUTTY.RND2022-04-14 12:37 - 2022-04-14 12 :37 - 000127653 _____ () C:\Users\cope\AppData\Local\usados ​​recentemente.xbel2019-07-29 20:42 - 2019-07-29 20:52 - 000007605 _____ () C:\Users\cope \AppData\Local\resmon.resmoncfg ====================== SigCheck =================== ======= (Não há correção automática para arquivos que não passam na verificação.) ====================== Fim do FRST.txt === ===================== E aqui está Addition.txt Resultado da verificação adicional da Farbar Recovery Scan Tool (x64) Versão: 13-04-2022 01Ran by cope (14 -04-2022 21:06:21)Executando de C:\Users\cope\DownloadsMicrosoft Windows 10 Home Version 21H2 19044.1645 (X64) (2020-08-11 02:19:48)Modo de inicialização: Normal===== ==================================================== ======================= Contas: ========================= ====(Se uma entrada for incluída na fixlist, ela será removida.) Administrador (S-1-5-21-313246963-3037881445-1802910-500 - Administrador - Desativado)cope (S-1-5- 21-313246963-3037881445-1802910-1001 - Administrador - Habilitado) => C:\Users\copeDefaultAccount (S-1-5-21-313246963-3037881445-1802910-503 - Limitado - Desativado)Convidado (S-1-5-21-313246963-3037881445-1802910-501 - Limitado - Desativado)WDAGUtilityAccount (S-1-5-21-313246963-3037881445-1802910-504 - Limitado - Desativado) ==================== Central de Segurança ======= ================= (Se uma entrada for incluída na fixlist, ela será removida.) AV: Windows Defender (Habilitado - Atualizado) {D68DDC3A-831F-4fae -9E44-DA132C1ACF46}AS: Windows Defender (Habilitado - Atualizado) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados = ===================== (Somente os programas de adware com o sinalizador "Oculto" podem ser adicionados à lista de correções para exibi-los. Os programas de adware devem ser desinstalados manualmente.) 7-Zip 18.05 (x64) (HKLM\...\7-Zip) (Versão: 18.05 - Igor Pavlov)Adobe Acrobat DC (64 bits) (HKLM\...\{AC76BA86-1033-1033-7760- BC15014EA700}) (Versão: 22.001.20117 - Adobe)Adobe Animate 2019 (HKLM-x32\...\FLPR_19_2_1) (Versão: 19.2.1 - Adobe Systems Incorporated)Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Versão: 5.0.0.354 - Adobe Systems Incorporated)Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Versão: 7.6.0.52 - Adobe Inc.)Adobe Media Encoder 2019 (HKLM-x32\.. .\AME_13_1) (Versão: 13.1 - Adobe Systems Incorporated)Angry Birds (HKLM-x32\...\{01509AB1-84BB-4AB9-A142-38AFA0BBDA25}) (Versão: 4.0.0 - Rovio Entertainment Ltd.)balenaEtcher 1.5 .114 (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\d2f3b6c7-6f49-59e2-b8a5-f72e33900c2b) (Versão: 1.5.114 - Balena Inc.)Bonjour (HKLM\ ...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Versão: 3.1.0.1 - Apple Inc.)CanoScan Toolbox Ver4.6 (HKLM-x32\...\{088A077A-8028-408C-AE7B-4512AE2A65A0}) (Versão:- )CCleaner (HKLM\...\CCleaner) (Versão: 5.91 - Piriform)CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Versão: 4.5.8.6795 - CDBurnerXP)Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4 -B20B-D21C7DE56EF0}) (Versão: 0.8.8.88 - Dolby Laboratories, Inc.)Dolby Audio X2 Windows APP (HKLM\...\{DBC4388A-9417-41DB-85CF-DF4993B84D5A}) (Versão: 0.7.5.67 - Dolby Laboratories, Inc.)EZ Vinyl/Tape Converter da Ion Audio 11.7.0 (HKLM-x32\...\EZ Vinyl/Tape Converter da Ion Audio_is1) (Versão: 11.7.0 - Ion Audio LLC)GIMP 2.8.22 (HKLM\...\GIMP-2_is1) (Versão: 2.8.22 - The GIMP Team)Glary Undelete 5.0.1.19 (HKLM-x32\...\Glary Undelete) (Versão: 5.0.1.19 - Glarysoft Ltd)Google Chrome (HKLM-x32\...\Google Chrome) (Versão: 100.0.4896.88 - Google LLC)Google Earth Pro (HKLM\...\{9BFB06CD-3925-49E2-BAB7-EA695821CE4C}) (Versão: 7.3. 4.8248 - Google)Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Versão: 10.1.1.38 - Intel® Corporation) HiddenIntel® Management Engine Components (HKLM\. ..\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Versão: 11.6.0.1039 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Versão: 23.20.16.4973 - Intel Corporation) HiddenIntel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Versão: 15.9.6.1044 - Intel Corporation)IrfanView 4.51 (64 bits ) (HKLM\...\IrfanView64) (Versão: 4.51 - Irfan Skiljan)Jaxx Liberty 2.5.0 (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\5947781c-9863- 579f-b9db-91554a22cc65) (Versão: 2.5.0 - decentral.ca)LenovoUtility (HKLM-x32\...\{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Versão: 3.0.0.4 - Lenovo) HiddenLenovoUtility ( HKLM-x32\...\InstallShield_{6ADA7E88-8D16-4D0D-BC90-2B93AC5E56DA}) (Versão: 3.0.0.4 - Lenovo)Malwarebytes versão 4.5.7.186 (HKLM\...\{35065F43-4BB2-439A-BFF7 -0F1014F2E0CD}_is1) (Versão: 4.5.7.186 - Malwarebytes)Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Versão: 100.0.1185.39 - Microsoft Corporation)Microsoft Office Home and Student 2016 - pt-br (HKLM \...\HomeStudentRetail - en-us) (Versão: 16.0.15028.20160 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\OneDriveSetup.exe) (Versão: 22.055.0313.0001 - Microsoft Corporation)Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Versão: 3.67.0.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM -x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Versão: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistribuível (x64) (HKLM\...\{071c9b48-7c32-4621 -a0ac-3f809523288f}) (Versão: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Versão: 9.0. 30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistribuível - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Versão: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistribuível - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Versão: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistribuível - x86 9.0.30729.6161 (HKLM-x32\ ...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Versão: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010x64 Redistribuível - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441 -6616F567A0F7}) (Versão: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010x86 Redistribuível - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Versão: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistribuível (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Versão: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistribuível (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Versão: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistribuível (x64) - 12.0 .30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Versão: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistribuível (x64) - 12.0.40660 (HKLM-x32\ ...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Versão: 12.0.40660.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistribuível (x86) - 12.0.30501 (HKLM-x32\...\{f65db027- aff3-4070-886a-0d87064aabb1}) (Versão: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistribuível (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36 }) (Versão: 12.0.40660.0 - Microsoft Corporation)Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Versão: 14.15. 26706.0 - Microsoft Corporation)Microsoft Visual C++ 2017 Redistribuível (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Versão: 14.15.26706.0 - Microsoft Corporation)Mozilla Firefox 87.0 (x64 en-US) (HKLM\...\Mozilla Firefox 87.0 (x64 en-US)) (Versão: 87.0 - Mozilla)Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Versão: 81.0.1 - Mozilla)Mozilla Thunderbird (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 100.0 (x86 en-US)) (Versão: 100.0 - Mozilla)MultiDoge 0.1.7 (HKLM-x32\...\MultiDoge 0.1.7) (Versão: 0.1.7 - )Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Versão: 16.0.15028.20050 - Microsoft Corporation) HiddenOffice 16 Click-to-Run Extensibility Component Registro de 64 bits (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Versão: 16.0.15028.20094 - Microsoft Corporation) HiddenOffice 16 Click-to- Executar o componente de licenciamento (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (versão: 16.0.15028.20160 - Microsoft Corporation) HiddenOffice 16 Clique para executar o componente de localização (HKLM-x32\...\ {90160000-008C-0409-0000-0000000FF1CE}) (Versão: 16.0.14131.20278 - Microsoft Corporation) HiddenOpenOffice 4.1.5 (HKLM-x32\...\{ABCAD346-4F4B-49E9-9AA1-28EF8C26059D}) (Versão: 4.15.9789 - Apache Software Foundation)Puran File Recovery 1.2.1 (HKLM\...\Puran File Recovery_is1) (Versão:- Puran Software)PuTTY versão 0.70 (64 bits) (HKLM\...\{45B3032F- 22CC-40CD-9E97-4DA7095FA5A2}) (Versão: 0.70.0.0 - Simon Tatham)Recuva (HKLM\...\Recuva) (Versão: 1.53 - Piriforme)Shotcut (HKLM-x32\...\Shotcut) (Versão :- )Spotify (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\Spotify) (Versão: 1.1.62.583.gdac868ed - Spotify AB)Undelete 360 ​​(HKLM-x32\.. .\Undelete 360_is1) (Versão:- File Recovery Ltd.) Atualização para Windows 10 para sistemas baseados em x64 (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Versão: 2.63. 0.0 - Microsoft Corporation) HiddenVdhCoApp 1.5.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Versão:- DownloadHelper)VeraCrypt (HKLM-x32\...\VeraCrypt) (Versão: 1.24-Hotfix1 - IDRIX)VLC media player (HKLM-x32\...\VLC media player) (Versão: 2.2.8 - VideoLAN)VNC Viewer 6.17.1113 (HKLM\...\{26DEBF7F-3876-43C3-8365-5A2B4C604DFA }) (Versão: 6.17.1113.31799 - RealVNC Ltd)Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Versão: 1.0.33.0 - LunarG, Inc.) HiddenVulkan Run Time Libraries 1.0. 33.0 (HKLM\...\VulkanRT1.0.33.0-4) (Versão: 1.0.33.0 - LunarG, Inc.)Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Versão : 1.0.65.1 - LunarG, Inc.) HiddenVulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Versão: 1.0.65.1 - LunarG, Inc.) HiddenVulkan Run Time Libraries 1.0. 65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Versão: 1.0.65.1 - LunarG, Inc.) Jogos ocultos do Windows 7 para Windows 10 e 8 (HKLM\...\Win7Games) (Versão: 2.0 - hxxp://winaero.com)Windows Migration Assistant (HKLM-x32\...\{96EAB2F7-9D1F-4426-BA58-9D9D101FDC2C}) (Versão: 2.2.0.1 - Apple Inc.)Windows PC Health Check (HKLM\ ...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Versão: 3.2.2110.14001 - Microsoft Corporation)Zoom (HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\ ZoomUMX) (Versão: 5.4.6 (59296.1207) - Zoom Video Communications, Inc.) Pacotes:=========Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-07-22] (Adobe Systems Incorporated)Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)Candy Crush Soda Saga -> C:\Arquivos de Programas\WindowsApps\king.com.CandyCrushSodaSaga_1.215.400.0_x64__kgqvnymyfvs32 [2022-04-07] (king.com)Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2018-01-16] (LENOVO INCORPORATED.)Microsoft Advertising SDK para XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-08-10] (Microsoft Corporation) [MS Ad]Microsoft Advertising SDK para XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]Microsoft Advertising SDK para XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-28] (Microsoft Corporation) [MS Ad]Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2022-03-25] (Microsoft Studios) [MS Ad]Minecraft for Windows 10 -> C:\Arquivos de programas\WindowsApps\Microsoft.MinecraftUWP_1.18.1201.0_x64__8wekyb3d8bbwe [2022-02-17] (Microsoft Studios)Complemento de fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-14] (Microsoft Corporation)Fotos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-01] (Microsoft Corporation) ==================== CLSID personalizado (Whitelisted): ============== (Se uma entrada for incluída na fixlist, ela será removida do registro. O arquivo não será movido a menos que listado separadamente.) CustomCLSID: HKU \S-1-5-21-313246963-3037881445-1802910-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-6DFA1F2F56A0} -> [Arquivos da Creative Cloud] => C:\Users\cope\Creative Cloud Files [2019-06-13 16:07]CustomCLSID: HKU\S-1-5-21-313246963-3037881445-1802910-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9 -ff0305797a13}\InprocServer32 -> C:\Arquivos de programas (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)ShellIconOverlayIdentifiers: [FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} =>-> Nenhum FileShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Arquivos de programas\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [Arquivo não assinado]ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Arquivos de Programas\7-Zip\7-zip.dll [30-04-2018] (Igor Pavlov) [Arquivo não assinado]ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd)ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>-> Não FileContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7948ecc1af5c27e1\igfxDTCM.dll [2018-03-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Arquivos de programas\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) [Arquivo não assinado]ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> )ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd -> Piriform Ltd) ==================== Codecs (Whitelisted ) ==================== ==================== Atalhos e atalhos. WMI ====================== ==================== Módulos carregados (lista branca) ============= 18-11-2018 15:29 - 30-04-2018 08:00 - 000075776 _____ (Igor Pavlov) [Arquivo não assinado] C:\Arquivos de Programas\7- Zip\7-zip.dll2020-04-20 16:15 - 2020-04-20 16:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems32.dll] C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll2020-04-20 16:15 - 2020-04-20 16:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Arquivos de Programas\Arquivos Comuns\Microsoft Shared\ClickToRun\C2R32.dll] C:\Arquivos de Programas (x86)\Microsoft Office\Root\Office16\c2r32.dll ============= ======= Fluxos de Dados Alternativos (Whitelisted) ======== (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\ProgramData\TEMP:260575F1 [246]AlternateDataStreams: C:\ProgramData\TEMP:55F44B88 [99]AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72 [98]AlternateDataStreams: C:\ProgramData\TEMP:C5DF04A9 [130]AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C [115] ==================== Modo de segurança (lista branca) ========= ========= (Se uma entrada for incluída na fixlist, ela será removida do registro. O "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService = > ""="Serviço"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Serviço" ==================== Associação (lista branca) ================= === ================= Internet Explorer (lista branca) ========== HKU\S-1-5-21-313246963-3037881445-1802910-1001\ Software\Microsoft\Internet Explorer\Principal,Página inicial = hxxp://lenovo17win10.msn.com/?pc=LCTEHKU\S-1-5-21-313246963-3037881445-1802910-1001\Software\Microsoft\Internet Explorer\ Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTEHKU\S-1-5-21-313246963-3037881445-1802910-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp: //mystart.lenovo.comSearchScopes: HKU\S-1-5-21-313246963-3037881445-1802910-1001 -> DefaultScope {2552A28A-33CC-4A93-99ED-6DD1722480C4} URL = SearchScopes: HKU\S-1-5-21-313246963-3037881445-1802910-1001 -> {2552A28A-33CC-4A93-99ED-6DD1722480C4} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)DPF: HKLM {8AD9C840-044E- 11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabDPF: HKLM {CAFEEFAC-0018-0000-00281-ABCDEFFEDCBA} hxxp://java. sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabDPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall- 1_8_0_281-windows-i586.cabDPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabDPF: HKLM- x32 {CAFEEFAC-0018-0000-00281-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabDPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF- ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_281-windows-i586.cabHandler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Arquivos de Programas (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2022-04-05 ] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB. DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation)Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root \Office16\MSOSB.DLL [2022-04-05] (Microsoft Corporation -> Microsoft Corporation) ==================== Conteúdo do host: ===== ==================== (Se necessário Hosts: diretiva pode ser incluída na fixlist para redefinir Hosts.) 2016-07-16 07:47 - 2016-07- 16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Outras Áreas ========= ================== (Atualmente não há correção automática para esta seção.) HKU\S-1-5-21-313246963-3037881445-1802910-1001\Painel de Controle \Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpgServidores DNS: 192.168.1.254HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) O Firewall do Windows está ativado. ==================== MSCONFIG/TASK MANAGER desabilitado itens == (Se uma entrada for incluída na fixlist, ela será removida.) HKLM\...\ InicializaçãoAprovada\Executar: => "LenovoUtility"HKLM\...\StartupApproved\Executar: => "IAStorIcon"HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\StartupApproved\Executar: => "CCXProcess"HKU\S-1-5-21-313246963-3037881445-1802910-1001\...\StartupApproved\Executar: => "CCleaner Smart Cleaning" ====================== FirewallRules (Whitelisted) ================ (Se uma entrada for incluído na fixlist, ele será removido do registro. O arquivo não será movido a menos que seja listado separadamente.) FirewallRules: [{0EE6D0C8-5FE9-46D0-BFA7-01E4908FACCE}] => (Permitir) C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)FirewallRules: [{3657F959-6729-4EE7-8353-A5BF881ABA64}] => (Permitir) C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation ->Mozilla Corporation) Regras de firewall: [{5587DD7A-DD3C-4D87-A496-669895187FD1}] => (Permitir) C:\Arquivos de programas\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)FirewallRules: [{CB1F87EF-CC4A-4C4A-9037-80E60BCC265D}] => (Permitir) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)FirewallRules: [{1A173FB9-1ED7-46D4-953B-4D8A52F4AB97}] => (Permitir) C:\Users\cope\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)FirewallRules: [{A7043DCB-CAD4-4FD5-AA87- D2B38D040A90}] => (Permitir) C:\Users\cope\AppData\Roaming\Zoom\bin\airhost.exe => Não FileFirewallRules: [{E7EFDF58-496A-4E00-B15B-F00235FE5D53}] => (Permitir) C:\Users\cope\AppData\Roaming\Zoom\bin\airhost.exe => Não FileFirewallRules: [TCP Query User{BAC8CBA3-1EB2-44DA-A8CE-0AFB3C7AD3F6}C:\users\cope\appdata\roaming\spotify\spotify.exe] => (Permitir) C:\users\cope\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [UDP Query User{D33A6DA1-156E-4125-8B05-A3D5C73B3F2F}C:\users\ cope\appdata\roaming\spotify\spotify.exe] => (Permitir) C:\users\cope\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)FirewallRules: [{1E681063-4801-4337-9508-650B76283440}] => (Permitir) C:\Arquivos de Programas\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{189DBEFC-7BA4-4F00-BE42-9A5AB4374394}] => (Permitir) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{78390EFF-61E5-48E6-87D3-CF0E2788A042}] => (Permitir) C:\Arquivos de Programas (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{B1C67094-F0BC-4EB2-8694-08615EA4C33F}] => (Permitir) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{2CBAEA16-BE84-4B3A-BB72-8C74FB8DF0C7}] => (Permitir) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{BC938E21-A3EA-40C8-99FC-7F02DB97AF9D}] => (Permitir) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe (Apple Inc. -> Apple Inc.)FirewallRules: [{3DD206E7-56FE-4C0E-8421-EF8B7A7989C9}] => (Permitir) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{75E75CBF-7B1A-4C25-9402-20D8C4D4AD20}] => (Permitir) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{AB3FF2BD-4046-49D7-B952-8D64A89412F1}] => (Permitir) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{7FEE010E-D9F4-48CA-BF22-1A7B4BB767BE}] => (Permitir) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)FirewallRules: [{12D4D4EB-3E6D-4271-B14C-8D646F}]40C5E0} => (Permitir) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Pontos de restauração ================================================ Gerenciador de dispositivos com falha Dispositivos ================================== Erros do log de eventos: ============= ============= Erros de aplicação:==================Erro: (14/04/2022 19:08:59) (Fonte: Serviço Bonjour) (EventID: 100) (Usuário: ) Descrição: Nome do host local LAPTOP-PV813QTR.local já em uso; tentará LAPTOP-PV813QTR-2.local em vez disso Erro: (14/04/2022 07:08:59 PM) (Fonte: Bonjour Service) (EventID: 100) (Usuário:) Descrição: mDNSCoreReceiveResponse: ProbeCount 2; cancelará o registro4 LAPTOP-PV813QTR.local. Addr 192.168.1.88 Error: (04/14/2022 07:08:59 PM) (Fonte: Bonjour Service) (EventID: 100) (User: ) Descrição: mDNSCoreReceiveResponse: Recebido de 192.168.1.88:5353 16 LAPTOP-PV813QTR. local. AAAA 2600:1700:EFF0:1BD0:0000:0000:0000:0047 Erro: (14/04/2022 05:21:44 PM) (Fonte: Bonjour Service) (EventID: 100) (Usuário:) Descrição: Nome do host local LAPTOP-PV813QTR.local já em uso; tentará LAPTOP-PV813QTR-2.local em vez disso Erro: (14/04/2022 05:21:44 PM) (Fonte: Bonjour Service) (EventID: 100) (Usuário:) Descrição: mDNSCoreReceiveResponse: ProbeCount 2; cancelará o registro4 LAPTOP-PV813QTR.local. Addr 192.168.1.88 Error: (04/14/2022 05:21:44 PM) (Fonte: Bonjour Service) (EventID: 100) (User: ) Descrição: mDNSCoreReceiveResponse: Recebido de 192.168.1.88:5353 16 LAPTOP-PV813QTR. local. AAAA 2600:1700:EFF0:1BD0:0000:0000:0000:0047 Erro: (13/04/2022 07:33:21 PM) (Fonte: Bonjour Service) (EventID: 100) (Usuário:) Descrição: Nome do host local LAPTOP-PV813QTR.local já em uso; tentará LAPTOP-PV813QTR-2.local em vez disso Erro: (13/04/2022 19:33:21) (Fonte: Bonjour Service) (EventID: 100) (Usuário:) Descrição: mDNSCoreReceiveResponse: ProbeCount 2; cancelará o registro4 LAPTOP-PV813QTR.local. Endereço 192.168.1.88 Erros do sistema:============= Erro: (13/04/2022 20:39:51) (Fonte: Service Control Manager) (EventID: 7011) (Usuário: )Descrição: Um tempo limite (30.000 milissegundos) foi atingido durante a espera por uma resposta de transação do serviço Platinum Host Service. Erro: (13/04/2022 08:39:01) (Fonte: Service Control Manager) (EventID: 7000) (Usuário:) Descrição: O serviço TMUMH falhou ao iniciar devido ao seguinte erro: O nível de revisão é desconhecido . Erro: (13/04/2022 08:39:01) (Fonte: Service Control Manager) (EventID: 7000) (Usuário:) Descrição: O serviço TMUMH falhou ao iniciar devido ao seguinte erro: O nível de revisão é desconhecido . Erro: (13/04/2022 07:28:39 PM) (Fonte: DCOM) (EventID: 10010) (Usuário: LAPTOP-PV813QTR) Descrição: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não foi registrado com DCOM dentro do tempo limite necessário. Erro: (13/04/2022 07:28:39 PM) (Fonte: DCOM) (EventID: 10010) (Usuário: LAPTOP-PV813QTR) Descrição: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não foi registrado com DCOM dentro do tempo limite necessário. Erro: (13/04/2022 07:28:39 PM) (Fonte: DCOM) (EventID: 10010) (Usuário: LAPTOP-PV813QTR) Descrição: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não foi registrado com DCOM dentro do tempo limite necessário. Erro: (13/04/2022 07:28:39 PM) (Fonte: DCOM) (EventID: 10010) (Usuário: LAPTOP-PV813QTR) Descrição: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não foi registrado com DCOM dentro do tempo limite necessário. Erro: (13/04/2022 07:28:39 PM) (Fonte: DCOM) (EventID: 10010) (Usuário: LAPTOP-PV813QTR) Descrição: O servidor {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} não foi registrado com DCOM dentro do tempo limite necessário.Windows Defender:================Data: 2022-04-13 21:48:59Descrição: A verificação do Microsoft Defender Antivirus foi interrompida antes da conclusão.Verificação Tipo: AntimalwareScan Parameters: Quick Scan Data: 2022-04-13 19:26:13 Descrição: O Microsoft Defender Antivirus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, consulte o seguinte: https://go.microsoft.com/ fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354&enterprise=0Name: Trojan:HTML/Phish.RA!MTBSeverity: SevereCategory: TrojanPath: file:_C:\Users\cope\ Documents\Frequent Backup\Thunderbird\xdm7wbge.default\Mail\incoming.gwi.net\TrashDetection Origem: Local machineDetection Tipo: ConcreteDetection Fonte: Real-Time ProtectionProcess Name: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeSecurity Intelligence Versão: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0 Versão do motor: AM: 1.1.19100.5, NIS: 1.1.19100.5 Data: 2022-04-13 19:26:04 Descrição: Microsoft Defender Antivirus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, consulte o seguinte: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354& enterprise=0Name: Trojan:HTML/Phish.RA!MTBSeverity: SevereCategory: TrojanPath: file:_C:\Users\cope\Documents\Frequent Backup\Thunderbird\xdm7wbge.default\Mail\incoming.gwi.net\InboxDetection Origem: Local machineDetection Tipo: ConcreteDetection Fonte: Real-Time ProtectionProcess Name: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeSecurity intelligence Version: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0Engine Version: AM: 1.1.19100.5, NIS: 1.1.19100.5 Data: 2022-04-13 18:34:46 Descrição: o Microsoft Defender Antivirus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, consulte o seguinte: https://go. microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/PiriformBundler&threatid=311950&enterprise=0Name: PUABundler:Win32/PiriformBundlerSeverity: LowCategory: Potentially Unwanted SoftwarePath: containerfile:_C:\downloads\scanners\ccsetup566. exe; containerfile:_C:\Users\cope\Documents\Frequent Backup\document files\RGC\VR\Shanahan\shanahan\ccsetup405.exe; arquivo:_C:\downloads\scanners\ccsetup566.exe->(nsis-instdata); file:_C:\Users\cope\Documents\Frequent Backup\document files\RGC\VR\Shanahan\shanahan\ccsetup405.exe->(nsis-instdata)Detection Origin: Local machineDetection Type: ConcreteDetection Source: UserProcess Name: UnknownSecurity Intelligence Versão: AV: 1.363.336.0, AS: 1.363.336.0, NIS: 1.363.336.0 Versão do motor: AM: 1.1.19100.5, NIS: 1.1.19100.5 Data: 2022-04-13 15:11:37 Descrição: Microsoft Defender Antivirus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, consulte o seguinte: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish.RA!MTB&threatid=2147756354& enterprise=0Nome: Trojan:HTML/Phish.RA!MTBSeverity: SevereCategory: TrojanPath: file:_C:\Users\cope\Documents\Frequent Backup\Thunderbird\xdm7wbge.default\Mail\incoming.gwi.net\TrashDetection Origem: Local machineDetection Type: ConcreteDetection Source: Real-Time ProtectionProcess Nome: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exeSecurity intelligence Version: AV: 1.363.323.0, AS: 1.363.323.0, NIS: 1.363.323.0Engine Version: AM: 1.1.19100.5, NIS: 1.1. 19100.5CodeIntegrity:===============Data: 2022-04-14 20:54:01Descrição: Code Integrity determinou que um processo (\Device\HarddiskVolume3\Windows\System32\svchost. exe) tentou carregar \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll que não atendeu aos requisitos de nível de assinatura da Microsoft. Data: 2022-04-14 20:51:02Descrição: a integridade do código determinou que um processo (\Device\HarddiskVolume3\Windows\System32\svchost.exe) tentou carregar \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll que não atendeu aos requisitos de nível de assinatura do Windows. ==================== Informações de memória ================= ========BIOS: LENOVO 4QCN23WW(V1.04) 13/04/2017Motherboard: LENOVO Lenovo ideapad 320S-14IKBProcessador: Intel® Core i5-7200U CPU @ 2.50GHzPorcentagem de memória em uso: 64%Total físico RAM: 8050,39 MBA RAM física disponível: 2891,09 MB Virtual total: 13426,39 MBA Virtual disponível: 7512,41 MB ==================== Drives ========== ==================== Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:26.75 GB) NTFSDrive d: (LENOVO) (Fixed) (Total:25 GB) (Grátis:23,47 GB) NTFS \\?\Volume{ac8a2942-1e08-4e42-ba35-57f084b86e93}\ (WINRE_DRV) (Fixo) (Total:0,98 GB) (Grátis:0,49 GB) NTFS\ \?\Volume{1a4ec879-1c42-4b67-89f6-c2d3c35972bd}\ (SYSTEM_DRV) (Fixo) (Total:0,25 GB) (Livre:0,22 GB) FAT32 =============== ======= MBR & Tabela de partição ==================== ============================ ==============================Disco: 0 (Tamanho: 238,5 GB) (ID do disco: 973C58E1) Partição: GPT. ==================== Fim da Adição.


Artigos populares