Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 11-01-2023 Executado por Ubaga (15-01-2023 01:38:26) Executando a partir de C:\Users\Ubaga\OneDrive\Área de Trabalho Microsoft Windows 11 Pro Versão 22H2 22621.525 (X64) (2023-01-14 03:14:39) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-50318889-1276833974-3216753305-500 - Administrator - Disabled) Convidado (S-1-5-21-50318889-1276833974-3216753305-501 - Limited - Disabled) DefaultAccount (S-1-5-21-50318889-1276833974-3216753305-503 - Limited - Disabled) Ubaga (S-1-5-21-50318889-1276833974-3216753305-1001 - Administrator - Enabled) => C:\Users\Ubaga WDAGUtilityAccount (S-1-5-21-50318889-1276833974-3216753305-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) CrystalDiskInfo 8.17.13 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.17.13 - Crystal Dew World) Discord (HKU\S-1-5-21-50318889-1276833974-3216753305-1001\...\Discord) (Version: 1.0.9008 - Discord Inc.) Driver Booster 10 (HKLM-x32\...\Driver Booster_is1) (Version: 10.2.0 - IObit) Fortrek G Headphone H1 H3 Plus (HKLM-x32\...\SSS16xxAudioExt) (Version: 3.1.2016.617 - Sharkoon) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 109.0.5414.75 - Google LLC) League of Legends (HKU\S-1-5-21-50318889-1276833974-3216753305-1001\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc) Lightshot-5.5.0.7 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.5.0.7 - Skillbrains) Malwarebytes version 4.5.20.230 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.20.230 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 109.0.1518.52 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 109.0.1518.52 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{6BBE9278-659F-FA16-E4B8-C2D60DE0DCC7}) (Version: 10.1.22621.1863 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29914 (HKLM-x32\...\{1b5476d9-ab8e-4b0d-b004-059a1bd5568b}) (Version: 14.28.29914.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931 (HKLM-x32\...\{d4cecf3b-b68f-4995-8840-52ea0fab646e}) (Version: 14.34.31931.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29914 (HKLM-x32\...\{BD8C6100-7C7D-48DD-93BA-69F6828213FE}) (Version: 14.28.29914 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29914 (HKLM-x32\...\{42365A3A-622A-4EED-A727-FE192A794AFD}) (Version: 14.28.29914 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931 (HKLM\...\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}) (Version: 14.34.31931 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931 (HKLM\...\{CF4C347D-954E-4543-88D2-EC17F07F466F}) (Version: 14.34.31931 - Microsoft Corporation) Hidden NVIDIA Driver de áudio HD 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation) NVIDIA Driver de gráficos 528.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 528.02 - NVIDIA Corporation) NVIDIA Software do sistema PhysX 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation) NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation) PreMiD (HKU\S-1-5-21-50318889-1276833974-3216753305-1001\...\PreMiD latest) (Version: latest - Timeraa) Razer Synapse (HKLM-x32\...\Razer Synapse) (Version: 3.7.1209.121307 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9205.1 - Realtek Semiconductor Corp.) Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.) Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Streamlabs Desktop 1.12.5 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.12.5 - General Workings, Inc.) Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 73.0 - Ubisoft) VALORANT (HKU\S-1-5-21-50318889-1276833974-3216753305-1001\...\Riot Game valorant.live) (Version: - Riot Games, Inc) WinRAR 6.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.11.0 - win.rar GmbH) Packages: ========= Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.2.8.0_neutral__yxz26nhyzhsrt [2023-01-14] (Microsoft Corp.) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.12.3171.0_x64__8wekyb3d8bbwe [2023-01-14] (Microsoft Studios) [MS Ad] Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_1.1.28.0_x64__8wekyb3d8bbwe [2023-01-14] (Microsoft Studios) ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.5.0_x64__8wekyb3d8bbwe [2023-01-14] (Microsoft Corp.) ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.30391.0_x64__8wekyb3d8bbwe [2023-01-14] (Microsoft Corporation) ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2023-01-14] (Microsoft Corporation) NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2023-01-14] (NVIDIA Corp.) Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2023-01-14] (Realtek Semiconductor Corp) Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0 [2023-01-14] (Spotify AB) [Startup Task] Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-01-14] (Microsoft Windows) WinRAR -> C:\Program Files\WinRAR [2023-01-14] (0) ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-14] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispig.inf_amd64_f840d03a202f8a32\nvshext.dll [2022-12-28] (Nvidia Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-01-14] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442] AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3442] ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2022-05-07 02:24 - 2022-05-07 02:22 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-50318889-1276833974-3216753305-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ubaga\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 181.213.132.2 - 181.213.132.3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{E0BD9737-0D57-4C99-8107-78FA3FF34C4A}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\109.0.1518.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C503019C-F17C-4585-A393-C68CE93DB4C6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22336.907.1742.9730_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CD1E2210-ECFE-4820-BB45-9FA4AFD17461}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22336.907.1742.9730_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B6D8CFFB-272A-4B00-964F-71A459C23492}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{A34EEFA4-0BEB-4427-8BCD-8503C10E0B81}C:\users\ubaga\appdata\local\discord\app-1.0.9008\discord.exe] => (Allow) C:\users\ubaga\appdata\local\discord\app-1.0.9008\discord.exe (Discord Inc. -> Discord Inc.) FirewallRules: [UDP Query User{D807738A-CF0A-4C90-9660-8B4B8454635D}C:\users\ubaga\appdata\local\discord\app-1.0.9008\discord.exe] => (Allow) C:\users\ubaga\appdata\local\discord\app-1.0.9008\discord.exe (Discord Inc. -> Discord Inc.) FirewallRules: [TCP Query User{DBDED52F-F8C3-499D-BE1C-7886CE08AEB2}C:\users\ubaga\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ubaga\appdata\roaming\spotify\spotify.exe => Nenhum Arquivo FirewallRules: [UDP Query User{6C121FAB-425A-402A-86E2-FBD1D58E52B5}C:\users\ubaga\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ubaga\appdata\roaming\spotify\spotify.exe => Nenhum Arquivo FirewallRules: [TCP Query User{C6599800-DD23-4FD6-A833-DBC85609A23B}C:\users\ubaga\appdata\roaming\premid\premid.exe] => (Allow) C:\users\ubaga\appdata\roaming\premid\premid.exe (GitHub, Inc.) [Arquivo não assinado] FirewallRules: [UDP Query User{A024A67A-E318-4AA1-8534-0A9917800C9B}C:\users\ubaga\appdata\roaming\premid\premid.exe] => (Allow) C:\users\ubaga\appdata\roaming\premid\premid.exe (GitHub, Inc.) [Arquivo não assinado] FirewallRules: [{3A2D2E15-A2A3-4AA1-950B-72751FA888E9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CB2B8F7C-DD1B-4004-849A-7D1476401441}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{334D54E0-B92F-44EE-AFA5-167A2A14A28A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{DC7567F7-3E68-4B1C-B859-3A30F8089EC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4A4F060E-EF97-4606-B277-5052855768A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{42D59F56-F7D6-480E-AD10-EDF34C13321A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{96A81EC6-6DDF-4141-ABEC-85F4BC436443}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{F28E9760-1C09-44FD-9BF6-9D6B4FED9E72}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.200.1165.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{3AD281F8-A97E-43DD-94DA-016179C4C2F0}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CAD848A6-D792-4B0D-B59C-BA536B5377EC}] => (Allow) D:\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{A5484E2B-14BF-4143-933D-71461D44F80E}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{3AAAD685-9265-49A3-A9CD-77F999996D10}] => (Allow) D:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [TCP Query User{58C2595C-9308-40B8-87D2-229B30E75687}C:\users\ubaga\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\ubaga\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [UDP Query User{86B7C6CD-7F2E-4CE3-9CAF-CDAA2D03C9CC}C:\users\ubaga\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\ubaga\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe FirewallRules: [{18F13D19-E490-4273-B995-40A6A7B45EE6}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{5D071143-7DF3-44B1-B2AD-7CAB5487277C}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{39F6082C-C633-49C7-88FF-5EDD0D4A79C2}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{5F6E102D-1207-4DB0-8E5F-BA4938E9545B}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_Vulkan.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [{81050EEF-F2A0-42DF-B5CE-ABC4B4DA6F89}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [{9F2E8417-968F-44D4-84EA-B34F4DF111E3}] => (Allow) D:\Steam\steamapps\common\Tom Clancy's Rainbow Six Siege\RainbowSix_BE.exe (BattlEye Innovations e.K. -> BattlEye Innovations) FirewallRules: [TCP Query User{D2AD7622-3499-497E-AC42-F49AE9B39578}C:\users\ubaga\appdata\local\ubisoft\r6siege\y7s4.1_c7296873_d1550531_s49485_48690975\4213410431\rainbowsix.exe] => (Allow) C:\users\ubaga\appdata\local\ubisoft\r6siege\y7s4.1_c7296873_d1550531_s49485_48690975\4213410431\rainbowsix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [UDP Query User{774987BA-2BEE-46A5-A3A2-9EE764B6FFBA}C:\users\ubaga\appdata\local\ubisoft\r6siege\y7s4.1_c7296873_d1550531_s49485_48690975\4213410431\rainbowsix.exe] => (Allow) C:\users\ubaga\appdata\local\ubisoft\r6siege\y7s4.1_c7296873_d1550531_s49485_48690975\4213410431\rainbowsix.exe (UBISOFT ENTERTAINMENT INC. -> Ubisoft) FirewallRules: [TCP Query User{32F0F7D4-5B12-4531-AD75-D2BF9938BE60}D:\riot games\riot client\riotclientservices.exe] => (Allow) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [UDP Query User{54D430FA-0CC1-4A87-B433-B5BA0C0D5301}D:\riot games\riot client\riotclientservices.exe] => (Allow) D:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.) FirewallRules: [{8852F68C-5AC4-4F28-ABAE-5C55709976AE}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) FirewallRules: [{45A92088-356B-4562-A809-9F3366FE57AB}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> ) ==================== Pontos de Restauração ========================= 14-01-2023 00:42:12 Driver Booster : Realtek(R) Audio ==================== Dispositivos Apresentando Falhas No Gerenciador ============ Name: Timer de eventos de alta precisão Description: Timer de eventos de alta precisão Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Dispositivos padrão do sistema) Service: Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (01/14/2023 05:19:59 PM) (Source: Application) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/14/2023 05:19:53 PM) (Source: Application) (EventID: 0) (User: ) Description: Event-ID 0 Error: (01/14/2023 12:18:44 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Erro ao atualizar o status Windows Defender para SECURITY_PRODUCT_STATE_ON. Erros de Sistema: ============= Error: (01/15/2023 01:39:17 AM) (Source: DCOM) (EventID: 10010) (User: RENAN) Description: O servidor {8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19} não se registrou no DCOM dentro do tempo limite necessário. Error: (01/15/2023 01:34:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Razer Synapse Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Executar o programa de recuperação configurado. Error: (01/15/2023 01:34:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Razer Game Manager foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/15/2023 01:34:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Razer Central Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/15/2023 01:34:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço AudioDeviceService foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/15/2023 01:34:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço GameInput Service foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 1000 milissegundos: Reiniciar o serviço. Error: (01/15/2023 01:34:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Steam Client Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (01/15/2023 01:34:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço NVIDIA Display Container LS foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 6000 milissegundos: Reiniciar o serviço. Windows Defender: ================ Date: 2023-01-14 01:14:32 Description: Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado). Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Nome: PUA:Win32/Keygen Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: containerfile:_E:\programas\WinXP keyChanger.exe; file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:officekey.exe#2); file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:xpkey.exe#1) Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: Renan\Ubaga Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.321.69.0, AS: 1.321.69.0, NIS: 1.321.69.0 Versão do Mecanismo: AM: 1.1.17300.4, NIS: 1.1.17300.4 Date: 2023-01-14 01:14:30 Description: Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado). Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Nome: PUA:Win32/Keygen Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: containerfile:_E:\programas\WinXP keyChanger.exe; file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:officekey.exe#2); file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:xpkey.exe#1) Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: Renan\Ubaga Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.321.69.0, AS: 1.321.69.0, NIS: 1.321.69.0 Versão do Mecanismo: AM: 1.1.17300.4, NIS: 1.1.17300.4 Date: 2023-01-14 01:14:29 Description: Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado). Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Nome: PUA:Win32/Keygen Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: containerfile:_E:\programas\WinXP keyChanger.exe; file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:officekey.exe#2); file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:xpkey.exe#1) Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: Renan\Ubaga Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.321.69.0, AS: 1.321.69.0, NIS: 1.321.69.0 Versão do Mecanismo: AM: 1.1.17300.4, NIS: 1.1.17300.4 Date: 2023-01-14 01:14:27 Description: Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado). Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Nome: PUA:Win32/Keygen Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: containerfile:_E:\programas\WinXP keyChanger.exe; file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:officekey.exe#2); file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:xpkey.exe#1) Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: Renan\Ubaga Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.321.69.0, AS: 1.321.69.0, NIS: 1.321.69.0 Versão do Mecanismo: AM: 1.1.17300.4, NIS: 1.1.17300.4 Date: 2023-01-14 01:14:26 Description: Microsoft Defender Antivírus detectou PUA (aplicativo potencialmente indesejado). Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Keygen&threatid=225063&enterprise=0 Nome: PUA:Win32/Keygen Gravidade: Baixo Categoria: Software Potencialmente Indesejado Caminho: containerfile:_E:\programas\WinXP keyChanger.exe; file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:officekey.exe#2); file:_E:\programas\WinXP keyChanger.exe->(UPX)->(VFS:xpkey.exe#1) Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Proteção em Tempo Real Usuário: Renan\Ubaga Nome do Processo: C:\Windows\explorer.exe Versão da Inteligência de Segurança: AV: 1.321.69.0, AS: 1.321.69.0, NIS: 1.321.69.0 Versão do Mecanismo: AM: 1.1.17300.4, NIS: 1.1.17300.4  CodeIntegrity: =============== Date: 2023-01-15 01:28:25 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements. ==================== Informações da Memória =========================== BIOS: American Megatrends Inc. F9 10/15/2019 placa-mãe: Gigabyte Technology Co., Ltd. Z390 GAMING X-CF Processador: Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz Percentagem de memória em uso: 29% RAM física total: 16318.29 MB RAM física disponível: 11530.28 MB Virtual Total: 19262.29 MB Virtual disponível: 12810.59 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:109.89 GB) (Free:65.27 GB) (Model: KINGSTON SA400S37120G) NTFS Drive d: () (Fixed) (Total:931.5 GB) (Free:797.64 GB) (Model: ST1000DM010-2EP102) NTFS \\?\Volume{3bdc7580-5a6a-4cbe-bb30-34d361748e79}\ () (Fixed) (Total:0.61 GB) (Free:0.08 GB) NTFS \\?\Volume{aa868d5a-dcc9-45d7-8aac-85e411270520}\ () (Fixed) (Total:0.61 GB) (Free:0.08 GB) NTFS \\?\Volume{0c04929f-fca2-424d-ad18-1f6ab77650b4}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000) Partition: GPT. ========================================================== Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== Fim de Addition.txt =======================