Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 11-12-2021 Executado por yago_ (administrador) em DESKTOP-ABPT85V (Gigabyte Technology Co., Ltd. AB350M-DS3H V2) (17-12-2021 12:33:26) Executando a partir de C:\Users\yago_\OneDrive\Área de Trabalho Perfis Carregados: yago_ Plataforma: Microsoft Windows 10 Pro Versão 20H2 19042.1415 (X64) Idioma: Português (Brasil) Navegador padrão: Chrome Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe (Advanced Micro Devices Inc. -> AMD) C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0370882.inf_amd64_16efd232c9cc1313\B370998\atieclxx.exe (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0370882.inf_amd64_16efd232c9cc1313\B370998\atiesrxx.exe (Advanced Micro Devices, Inc.) [Arquivo não assinado] C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe (Even Balance, Inc. -> ) C:\Windows\System32\PnkBstrA.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <24> (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Users\yago_\AppData\Local\Microsoft\Teams\current\Teams.exe <10> (Microsoft Corporation) [Arquivo não assinado] C:\Users\yago_\AppData\Local\Temp\Reg70707070.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe (Realtek Semiconductor Corp) C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.175.0_x64__dt26b99r8h8gj\RtkUWP.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe (Swift Media Entertainment, Inc. -> Blitz, Inc.) C:\Users\yago_\AppData\Local\Programs\Blitz\Blitz.exe <7> (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7> (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\RtkAudUService64.exe [856288 2019-10-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3183328 2021-11-29] (Riot Games, Inc. -> Riot Games, Inc.) HKU\S-1-5-21-1801482918-3813425490-1695444078-1001\...\Run: [70707070] => C:\Users\yago_\AppData\Local\Temp\Reg70707070.exe [8704 2009-07-13] (Microsoft Corporation) [Arquivo não assinado] <==== ATENÇÃO HKU\S-1-5-21-1801482918-3813425490-1695444078-1001\...\Run: [com.blitz.app] => C:\Users\yago_\AppData\Local\Programs\Blitz\Blitz.exe [121842952 2021-12-15] (Swift Media Entertainment, Inc. -> Blitz, Inc.) HKU\S-1-5-21-1801482918-3813425490-1695444078-1001\...\Run: [Spotify] => C:\Users\yago_\AppData\Roaming\Spotify\Spotify.exe [19065272 2021-12-13] (Spotify AB -> Spotify Ltd) HKU\S-1-5-21-1801482918-3813425490-1695444078-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4267432 2021-11-22] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-1801482918-3813425490-1695444078-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\yago_\AppData\Local\Microsoft\Teams\Update.exe [2459344 2021-12-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-1801482918-3813425490-1695444078-1001\...\Run: [Salad] => "C:\Program Files\Salad\Salad.exe" (Nenhum Arquivo) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-15] (Google LLC -> Google LLC) Startup: C:\Users\yago_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2021-08-28] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {0527DAB7-F44A-409E-9206-EC72E7E93740} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [63960 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {06C9376F-B48F-49F7-9FBB-3EEBD7BB852F} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [63960 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {157BF748-4EC0-4876-A0D2-8F792AEE8FCD} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\yago_\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-12-16] (ESET, spol. s r.o. -> ESET) Task: {1A042C2F-4455-46D0-8323-AC6EF3E8FC40} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8386448 2021-12-14] (Microsoft Corporation -> Microsoft Corporation) Task: {1D2B20C1-D236-4F56-88A1-C25F8B80B539} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1715672 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {268953B5-3FA4-4316-A986-42D57FBDD4D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {3365A775-D762-4ECC-888A-FAB7A3ECEBFE} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320 2021-12-02] (Microsoft Corporation -> Microsoft Corporation) Task: {3FF6CFED-9421-4084-9CF6-FDA8DFC80471} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22799320 2021-12-02] (Microsoft Corporation -> Microsoft Corporation) Task: {4F12AFD9-B2D7-43B1-A39F-5640BEC50F2F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\yago_\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [19989464 2021-12-16] (ESET, spol. s r.o. -> ESET) Task: {62D02CE4-C40E-446D-8CF2-C57C23EA1F88} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-13] (Google LLC -> Google LLC) Task: {6C3A7A69-D936-4633-9434-5C8FA98557C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {90290A59-ECBB-4369-9819-352DB3CE10CB} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139656 2021-12-14] (Microsoft Corporation -> Microsoft Corporation) Task: {A3E5BCB9-E831-4E8B-85AB-9EE834ADE2A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-13] (Google LLC -> Google LLC) Task: {BFBF4B01-3F52-430D-A553-10D6F60613EA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C96BE8B6-F8E8-469C-AA29-C95B5B78E3D1} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> ) Task: {C9A9841B-C7D4-49ED-A134-633A938ECC9C} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [47104 2021-08-24] (Advanced Micro Devices, Inc.) [Arquivo não assinado] Task: {CCB16CAC-71B0-47C8-B11E-B9AFEFC3341B} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1715672 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {D5CD1769-20B2-40CC-8EE4-361577198E70} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DA229E48-9F94-4A1C-8F61-2709CA39059D} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [275136 2021-09-21] (Bluestack Systems, Inc -> BlueStack Systems, Inc.) Task: {DB9B35E8-8A8D-4271-B460-2BE89EDFB81D} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [269272 2021-08-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) Task: {E36DA700-68A7-4083-9688-270F37F5032E} - System32\Tasks\StartAUEP => C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe [619992 2021-08-24] (Advanced Micro Devices Inc. -> AMD) Task: {E4AEF667-B34A-48DB-A55A-571E863EF340} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8386448 2021-12-14] (Microsoft Corporation -> Microsoft Corporation) Task: {FDC2DE19-9356-4791-8955-C1208F6D7630} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139656 2021-12-14] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Tcpip\Parameters: [DhcpNameServer] 181.213.132.4 181.213.132.5 Tcpip\..\Interfaces\{2530db44-fcb2-45d8-b561-16be6fb00278}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{2530db44-fcb2-45d8-b561-16be6fb00278}: [DhcpNameServer] 181.213.132.4 181.213.132.5 Edge: ======= Edge Profile: C:\Users\yago_\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-29] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-04] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [Arquivo não assinado] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-04] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default [2021-12-17] CHR HomePage: Default -> hxxp://www.google.com.br/ CHR StartupUrls: Default -> "hxxps://www.google.com.br/?gws_rd=ssl" CHR Extension: (Apresentações) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-13] CHR Extension: (Documentos) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-13] CHR Extension: (Google Drive) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-13] CHR Extension: (YouTube) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-13] CHR Extension: (Adblock Plus - bloqueador de anúncios grátis) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-11-24] CHR Extension: (Planilhas) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-13] CHR Extension: (Documentos Google off-line) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-03] CHR Extension: (LastPass: Free Password Manager) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2021-12-14] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-13] CHR Extension: (Gmail) - C:\Users\yago_\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-13] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AUEPLauncher; C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe [510936 2021-08-24] (Advanced Micro Devices Inc. -> AMD) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129160 2021-12-02] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-15] (Malwarebytes Inc -> Malwarebytes) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts) R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-07-15] (Electronic Arts, Inc. -> Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2021-06-04] (Even Balance, Inc. -> ) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6138112 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation) S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10429808 2021-11-29] (Riot Games, Inc. -> Riot Games, Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-15] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [41536 2021-07-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_8e2568524f674315\amdsafd.sys [100768 2021-03-29] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices) R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0370882.inf_amd64_16efd232c9cc1313\B370998\amdkmdag.sys [81609032 2021-09-09] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [65168 2021-08-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [320728 2021-09-20] (Bluestack Systems, Inc -> Bluestack System Inc.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Arquivo não assinado] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Arquivo não assinado] R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [160176 2021-12-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 gFilterMouUsb; C:\Windows\System32\drivers\gFilterMouUsb.sys [30568 2021-05-31] (KYE SYSTEMS CORP. -> KYE Systems Corp.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210352 2021-12-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-05-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [193448 2021-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [69040 2021-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-06-25] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [149424 2021-12-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8480608 2021-11-29] (Riot Games, Inc. -> Riot Games, Inc.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2021-12-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [435432 2021-12-15] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-15] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-12-17 12:30 - 2021-12-17 12:30 - 000001412 _____ C:\Users\yago_\Downloads\cavalo (1).txt 2021-12-17 12:28 - 2021-12-17 12:31 - 000603414 _____ C:\TDSSKiller.3.1.0.28_17.12.2021_12.28.07_log.txt 2021-12-17 12:28 - 2021-12-17 12:28 - 000001412 _____ C:\Users\yago_\Downloads\cavalo.txt 2021-12-17 12:27 - 2021-12-17 12:27 - 005054744 _____ (AO Kaspersky Lab) C:\Users\yago_\Downloads\tdsskiller.exe 2021-12-17 00:24 - 2021-12-17 00:24 - 000753800 _____ C:\Users\yago_\Downloads\CORREÇÃO DA TA2 - CONTAB GERAL.pdf 2021-12-16 22:14 - 2021-12-16 22:14 - 000003858 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn 2021-12-16 22:14 - 2021-12-16 22:14 - 000003416 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime 2021-12-16 19:21 - 2021-12-17 12:01 - 000000000 ____D C:\Users\yago_\AppData\LocalLow\IGDump 2021-12-16 19:18 - 2021-12-16 19:18 - 000001382 _____ C:\Users\yago_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-12-16 19:18 - 2021-12-16 19:18 - 000000000 ____D C:\Users\yago_\AppData\Local\ESET 2021-12-16 19:17 - 2021-12-16 19:17 - 013311448 _____ (ESET) C:\Users\yago_\Downloads\esetonlinescanner.exe 2021-12-16 19:15 - 2021-12-16 19:15 - 000193448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2021-12-16 19:15 - 2021-12-16 19:15 - 000149424 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2021-12-16 19:15 - 2021-12-16 19:15 - 000069040 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2021-12-15 20:01 - 2021-12-17 12:33 - 000000000 ____D C:\FRST 2021-12-15 20:01 - 2021-12-15 20:01 - 002311168 _____ (Farbar) C:\Users\yago_\Downloads\FRST64 (1).exe 2021-12-15 19:50 - 2021-12-15 19:50 - 002311168 _____ (Farbar) C:\Users\yago_\Downloads\FRST64.exe 2021-12-15 10:18 - 2021-12-15 10:18 - 000012500 _____ C:\Users\yago_\Downloads\excel trab.xlsx 2021-12-15 09:20 - 2021-12-15 09:20 - 000000000 ____D C:\Windows\SystemTemp 2021-12-15 09:07 - 2021-12-15 09:07 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe 2021-12-15 09:07 - 2021-12-15 09:07 - 000011979 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-12-15 09:06 - 2021-12-15 09:06 - 000272384 _____ C:\Windows\system32\TpmTool.exe 2021-12-15 09:06 - 2021-12-15 09:06 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe 2021-12-15 08:59 - 2021-12-15 08:59 - 000000000 ___HD C:\$WinREAgent 2021-12-15 01:27 - 2021-12-15 01:29 - 477888720 _____ (AMD Inc.) C:\Users\yago_\Downloads\non-whql-radeon-software-adrenalin-2020-21.11.3-win10-win11-64bit-nov17.exe 2021-12-15 01:15 - 2021-12-16 00:47 - 096731136 _____ C:\Windows\system32\config\SOFTWARE 2021-12-15 01:13 - 2021-12-15 01:15 - 000000000 ____D C:\Windows\Microsoft Antimalware 2021-12-14 23:46 - 2021-12-14 23:46 - 000252413 _____ C:\Users\yago_\Downloads\WhatsApp Image 2021-12-14 at 23.39.46.jpeg 2021-12-14 23:46 - 2021-12-14 23:46 - 000247061 _____ C:\Users\yago_\Downloads\WhatsApp Image 2021-12-14 at 23.39.46 (1).jpeg 2021-12-14 22:08 - 2021-12-14 22:08 - 001288465 _____ C:\Users\yago_\Downloads\WhatsApp Video 2021-12-14 at 22.08.38.mp4 2021-12-14 22:08 - 2021-12-14 22:08 - 001125300 _____ C:\Users\yago_\Downloads\WhatsApp Video 2021-12-14 at 22.08.28.mp4 2021-12-13 10:18 - 2021-12-13 10:18 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1801482918-3813425490-1695444078-1001 2021-12-07 16:57 - 2021-12-07 16:57 - 001273313 _____ C:\Users\yago_\Downloads\SLIDES DA AULA DE 30 DE NOVEMBRO.pdf 2021-12-06 16:36 - 2021-12-06 16:36 - 000601965 _____ C:\Users\yago_\Downloads\Documentos Escaneados.pdf 2021-12-06 00:04 - 2021-12-06 00:04 - 000150766 _____ C:\Users\yago_\Downloads\WhatsApp Image 2021-12-06 at 00.02.24.jpeg 2021-11-29 16:01 - 2021-11-29 16:01 - 001819903 _____ (GeorgieLabs ) C:\Users\yago_\Downloads\soundwire-server-2-5.exe 2021-11-26 20:22 - 2021-11-26 20:22 - 000104603 _____ C:\Users\yago_\Downloads\ingresso.pdf 2021-11-26 20:22 - 2021-11-26 20:22 - 000104603 _____ C:\Users\yago_\Downloads\ingresso (1).pdf 2021-11-26 17:21 - 2021-12-17 11:56 - 000000000 ____D C:\Users\yago_\AppData\Roaming\Blitz 2021-11-26 17:21 - 2021-11-26 17:21 - 000002217 _____ C:\Users\yago_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitz.lnk 2021-11-26 17:20 - 2021-12-02 10:56 - 000000000 ____D C:\Users\yago_\AppData\Local\blitz-updater 2021-11-26 17:20 - 2021-11-26 17:20 - 073061224 _____ (Blitz, Inc.) C:\Users\yago_\Downloads\Blitz-1.16.6.exe 2021-11-25 21:12 - 2021-11-25 21:12 - 000090436 _____ C:\Users\yago_\Downloads\Yago Augusto - Ciências Contábeis.pdf 2021-11-24 22:57 - 2021-11-24 22:57 - 000569690 _____ C:\Users\yago_\Downloads\WhatsApp Video 2021-11-24 at 22.32.03.mp4 2021-11-24 20:41 - 2021-11-24 20:41 - 000000000 ____D C:\Program Files\Rockstar Games 2021-11-23 10:22 - 2021-11-23 10:22 - 000183037 _____ C:\Users\yago_\Downloads\Curriculo - Yago Augusto Dezembro-convertido.pdf 2021-11-17 16:42 - 2021-11-17 16:42 - 000090337 _____ C:\Users\yago_\Downloads\Certificado_Nacional_de_Covid-19. (1).pdf ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-12-17 12:26 - 2021-06-03 22:44 - 000000000 ____D C:\Program Files (x86)\Steam 2021-12-17 12:24 - 2020-11-18 23:45 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-12-17 12:24 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-12-17 12:20 - 2021-05-13 13:47 - 000000000 ____D C:\Program Files (x86)\Google 2021-12-17 11:55 - 2021-06-03 00:34 - 000000000 ____D C:\Users\yago_\AppData\Local\Spotify 2021-12-17 11:55 - 2021-06-03 00:33 - 000000000 ____D C:\Users\yago_\AppData\Roaming\Spotify 2021-12-16 22:52 - 2021-05-12 22:58 - 001742268 _____ C:\Windows\system32\PerfStringBackup.INI 2021-12-16 22:52 - 2019-12-07 11:53 - 000752540 _____ C:\Windows\system32\prfh0416.dat 2021-12-16 22:52 - 2019-12-07 11:53 - 000148654 _____ C:\Windows\system32\prfc0416.dat 2021-12-16 22:52 - 2019-12-07 06:13 - 000000000 ____D C:\Windows\INF 2021-12-16 21:33 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-12-16 21:33 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\AppReadiness 2021-12-16 19:21 - 2020-11-18 23:48 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-12-16 19:18 - 2021-05-30 12:15 - 000000000 ____D C:\Users\yago_\AppData\Local\CrashDumps 2021-12-16 19:17 - 2021-06-05 15:28 - 000000001 _____ C:\Windows\vgkbootstatus.dat 2021-12-16 19:15 - 2021-05-30 11:16 - 000000032 _____ C:\Users\yago_\AppData\Roaming\.machineId 2021-12-16 19:15 - 2021-05-12 22:46 - 000008192 ___SH C:\DumpStack.log.tmp 2021-12-16 19:15 - 2020-11-18 23:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-12-16 00:47 - 2021-05-13 14:14 - 000000000 ____D C:\Users\yago_\AppData\Roaming\discord 2021-12-16 00:47 - 2021-05-12 23:05 - 000000000 ____D C:\Users\yago_ 2021-12-16 00:47 - 2021-05-12 23:04 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2021-12-16 00:47 - 2019-12-07 06:03 - 000524288 _____ C:\Windows\system32\config\BBI 2021-12-16 00:45 - 2021-05-13 14:14 - 000000000 ____D C:\Users\yago_\AppData\Local\Discord 2021-12-15 23:35 - 2021-05-13 14:53 - 000000000 ____D C:\ProgramData\Riot Games 2021-12-15 21:33 - 2020-11-18 23:45 - 000000000 ____D C:\Windows\system32\Drivers\wd 2021-12-15 19:52 - 2021-05-30 12:09 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-12-15 19:51 - 2021-10-23 11:18 - 000210352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-12-15 19:51 - 2021-05-30 12:09 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2021-12-15 19:50 - 2021-05-30 12:09 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-12-15 19:50 - 2021-05-30 12:08 - 000000000 ____D C:\Program Files\Malwarebytes 2021-12-15 19:21 - 2021-05-13 13:48 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-12-15 09:21 - 2020-11-18 23:45 - 000439808 _____ C:\Windows\system32\FNTCACHE.DAT 2021-12-15 09:20 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\SystemResources 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\setup 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\oobe 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lv-LV 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\lt-LT 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\et-EE 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\system32\es-MX 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\Provisioning 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2021-12-15 09:20 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\bcastdvr 2021-12-15 09:09 - 2019-12-07 06:03 - 000000000 ____D C:\Windows\CbsTemp 2021-12-15 08:58 - 2021-06-01 09:56 - 000000000 ____D C:\Windows\system32\MRT 2021-12-15 08:57 - 2021-06-01 09:56 - 137938848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-12-15 01:26 - 2021-05-13 14:10 - 000000000 ____D C:\Users\yago_\AppData\Roaming\ROSTPAY LTD 2021-12-15 01:25 - 2021-05-13 14:10 - 000000000 ____D C:\Users\yago_\AppData\Roaming\DriverHub 2021-12-15 00:47 - 2021-06-05 23:53 - 000000000 ____D C:\Users\yago_\AppData\Local\AMD_Common 2021-12-14 19:56 - 2021-05-13 14:08 - 000000000 ____D C:\Program Files\Microsoft Office 2021-12-13 11:00 - 2020-11-18 23:47 - 000003618 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2021-12-13 11:00 - 2020-11-18 23:47 - 000003494 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2021-12-13 10:18 - 2021-05-12 23:10 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1801482918-3813425490-1695444078-1001 2021-12-13 10:18 - 2021-05-12 23:05 - 000002389 _____ C:\Users\yago_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-12-05 14:52 - 2021-08-20 17:54 - 000002368 _____ C:\Users\yago_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk 2021-12-03 21:37 - 2021-06-05 13:17 - 000000000 ____D C:\Program Files\Riot Vanguard 2021-11-29 15:50 - 2021-05-13 14:29 - 000000000 ____D C:\Users\yago_\AppData\Local\ElevatedDiagnostics 2021-11-27 17:00 - 2021-04-30 04:42 - 000000000 ____D C:\Program Files (x86)\DriverHub 2021-11-24 20:42 - 2021-05-13 14:10 - 000000000 ____D C:\ProgramData\Package Cache 2021-11-21 03:52 - 2019-12-07 06:14 - 000000000 ____D C:\Windows\LiveKernelReports 2021-11-18 19:11 - 2020-11-18 23:49 - 000000000 ____D C:\ProgramData\Packages ==================== Arquivos na raiz de alguns diretórios ======== 2021-05-30 11:16 - 2021-12-16 19:15 - 000000032 _____ () C:\Users\yago_\AppData\Roaming\.machineId 2021-05-13 15:23 - 2021-05-13 15:39 - 000000015 _____ () C:\Users\yago_\AppData\Roaming\obs-virtualcam.txt 2021-05-30 13:20 - 2021-07-05 15:46 - 000000128 _____ () C:\Users\yago_\AppData\Local\PUTTY.RND ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ========================