Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 03-05-2020
Executado por Usuario (administrador) em DESKTOP-N9V0MDH (Hewlett-Packard 18-5200br) (07-05-2020 17:09:38)
Executando a partir de D:\Área de Trabalho
Perfis Carregados: Usuario (Perfis Disponíveis: Usuario)
Platform: Windows 10 Pro Versão 1809 17763.805 (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Tonec Inc.) [Arquivo não assinado] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
==================== Registro (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [DAEMON Tools Lite] => C:\Portables\DaemonTools\Daemon Tools\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [48214752 2020-04-06] (Google LLC -> )
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4141112 2020-01-01] (Tonec Inc.) [Arquivo não assinado]
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Policies\Explorer: [NoDrives] 3
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-05] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk [2019-11-24]
ShortcutAndArgument: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=BR11BFP1ZW05D1;CONNECTION=USB;MONITOR=1;
BootExecute:
GroupPolicy: Restrição ? <==== ATENÇÃO
GroupPolicy\User: Restrição ? <==== ATENÇÃO
==================== Tarefas Agendadas (Whitelisted) ============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {0C734553-55E4-4B12-9CD4-56E08BB3855F} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [4119656 2012-10-02] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {1A26415E-30FA-446B-971D-631D7F769942} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-15] (Google Inc -> Google LLC)
Task: {1EFB328B-8AA9-49F3-A0A0-DFF30A01FA41} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-15] (Adobe Inc. -> Adobe)
Task: {215DFB51-EBCD-4F42-AFBC-32803E7F5AE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25E58DDC-C06D-4DFA-B6C3-E6F3809DF1A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {29AA4715-59F1-4AD0-A6FB-A148CD13EACA} - System32\Tasks\eM Client Database Backup => C:\Program Files (x86)\eM Client\DbBackup.exe [139752 2020-02-11] (eM Client, s.r.o. -> )
Task: {37FDF7C0-501F-4966-9053-C93DA26B93F5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe
Task: {4AF21A0F-6704-43EE-B0B2-2788532C3C22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4C16630F-E3F8-4C3F-8BBE-F4B29FA9FF05} - System32\Tasks\Opera scheduled Autoupdate 1572379839 => C:\Users\Usuario\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-04-29] (Opera Software AS -> Opera Software)
Task: {613B32B3-603D-4D2C-9CEA-2B20EDE09354} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66688886-AD61-428E-9346-59A766625E0B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe
Task: {8AEC4579-0EC6-4173-8BFB-C6F4FB6D0EDE} - System32\Tasks\EOSv3 Scheduler onTime => D:\Área de Trabalho\esetonlinescanner.exe
Task: {9A8B54FA-736A-4CE6-BA81-020B09F4F4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-15] (Google Inc -> Google LLC)
Task: {A3EF1220-BD3C-4B28-9B6B-8E3042192096} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8798BE1-6DCA-4C19-A5C7-2C0BA8A9D6C0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-15] (Adobe Inc. -> Adobe)
Task: {ADC5834D-312A-429E-8441-B561B1113B47} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4163AB6-8557-40A8-8597-71CE03405E41} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Área de Trabalho\esetonlinescanner.exe
Task: {DD056075-30EF-47B5-B8AC-8875FB372BBC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe
Task: {E1AE4DE9-2187-4ECB-9A24-8CC47A92A2F4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA625267-66E0-464A-AE95-8754007E78AD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d72cbefa-3471-4474-b386-90bb15f1b5f0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{d72cbefa-3471-4474-b386-90bb15f1b5f0}: [DhcpNameServer] 200.189.80.108 200.189.80.122
Tcpip\..\Interfaces\{f04629c2-91ab-46d0-9fbd-11d885ea0fc0}: [NameServer] 8.8.8.8,1.1.1.1
Tcpip\..\Interfaces\{f9bee67b-749e-4b55-b393-7d42ebbc0e1d}: [NameServer] 200.221.11.100,200.221.11.101
Tcpip\..\Interfaces\{f9bee67b-749e-4b55-b393-7d42ebbc0e1d}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{fd05069b-ca4c-4ae7-9392-128e50200c8b}: [NameServer] 8.8.8.8,1.1.1.1
Internet Explorer:
==================
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2019-11-28] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2019-11-28] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-03-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-03-02] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: vniid6p0.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default [2020-05-06]
FF DownloadDir: D:\Área de Trabalho
FF Homepage: Mozilla\Firefox\Profiles\vniid6p0.default -> chrome://speeddial/content/speeddial.xul
FF Notifications: Mozilla\Firefox\Profiles\vniid6p0.default -> hxxps://www.tecmundo.com.br; hxxps://nogueiradas.letreach.com; hxxp://www.linhadefensiva.org; hxxps://forum.baboo.com.br; hxxps://playfulbet.onesignal.com; hxxps://conquistadigital.com.br; hxxps://geradordeconteudos.onesignal.com; hxxps://playfulbet.os.tc; hxxps://mail.one.com; hxxps://www.voxel.com.br; hxxps://www.youtube.com; hxxps://www.areah.com.br; hxxps://www.facebook.com; hxxps://negocioonlinebrasil.egoiapp2.com
FF Extension: (Disable youtube html5 player) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\@disableyoutubehtml5player.xpi [2018-10-03] []
FF Extension: (QuickFox Notes) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\amin.eft_bmnotes@gmail.com [2019-10-29] []
FF Extension: (Classic Theme Restorer) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2019-05-12] []
FF Extension: (Add-on Compatibility Reporter) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\compatibility@addons.mozilla.org.xpi [2018-10-15] []
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-16]
FF Extension: (IDM Integration Module) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\idmmzcc-webextension.xpi [2018-10-02] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF Extension: (YouTube mp3) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\info@youtube-mp3.org.xpi [2018-10-01] []
FF Extension: (Português (pt-BR) Language Pack) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\langpack-pt-BR@firefox.mozilla.org.xpi [2018-10-02] []
FF Extension: (Profile Folder Button) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\ProfileFolderButton@schuzak.jp.xpi [2018-10-15] []
FF Extension: (Português Brasileiro (Nova Ortografia)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\pt-BR@dictionaries.addons.mozilla.org [2019-10-29] []
FF Extension: (Tab Mix Plus) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\tab_mix_plus-0.5.0.4-fx.xpi [2019-05-12] []
FF Extension: (Google Translator for Firefox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\translator@zoli.bod.xpi [2018-10-01] []
FF Extension: (Flagfox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2018-10-16] []
FF Extension: (Speed Dial) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2018-10-01] []
FF Extension: (Notepad) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{81231243-7deb-4d81-bc8a-4a7f3eb62144}.xpi [2018-10-15]
FF Extension: (Video DownloadHelper) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-04-09]
FF Extension: (Tab Mix Plus) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2019-05-12] []
FF HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2019-12-18] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Usuario\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Usuario\AppData\Roaming\IDM\idmmzcc5 [2020-01-02] [] [não assinado]
FF HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] []
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-03-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-03-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2020-05-07]
CHR DownloadDir: D:\Área de Trabalho
CHR Notifications: Default -> hxxps://app.meugrao.com.br; hxxps://br.pinterest.com; hxxps://contaazul.com; hxxps://cursotpia.club.hotmart.com; hxxps://fc.lc; hxxps://mail.google.com; hxxps://stfly.io; hxxps://surveytime.io; hxxps://vintepila.webpush.freshchat.com; hxxps://virnews.club; hxxps://www.apkonline.net; hxxps://www.flvto.biz; hxxps://www.instagram.com; hxxps://www.jornalcontabil.com.br; hxxps://www.psicologiaviva.com.br; hxxps://www.sorteonline.com.br; hxxps://www.workana.com; hxxps://www1p.samcunningham.pro
CHR HomePage: Default -> hxxps://drive.google.com/drive/folders/0By4JBoB0i7ViRHVGb1lsRVROUWM
CHR NewTab: Default -> Active:"chrome-extension://ejbjamhkdedinncaeiackcdehpccoejm/pages/newtab.html"
CHR Extension: (Google Tradutor) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-18]
CHR Extension: (MEGA) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-05-01]
CHR Extension: (Speed Dial) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbjamhkdedinncaeiackcdehpccoejm [2019-10-16]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2019-10-16]
CHR Extension: (Video Downloader PLUS) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2020-04-24]
CHR Extension: (AdBlock — o melhor bloqueador de anúncios) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-14]
CHR Extension: (HP Smart Print) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2019-10-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-05-01]
CHR Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2020-04-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-11-09]
CHR Extension: (Ghostery – Bloqueador de anúncios para privacidade) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-04-25]
CHR Extension: (IDM Integration Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-02-27]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-15]
CHR Extension: (Downloader for Instagram™ + Direct Message) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkpikmlhoaojbbmmpejnimiglejmboe [2020-04-14]
CHR Extension: (Media Download Manager by Skyload) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\phahkekekihoijbdgoiemfdjfdlbonlj [2019-12-11]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-14]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-12-25]
CHR HKU\S-1-5-21-881091786-1930074019-3152223156-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Usuario\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-11-09]
CHR HKU\S-1-5-21-881091786-1930074019-3152223156-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-12-25]
Opera:
=======
OPR DownloadDir: D:\Área de Trabalho
OPR Notifications: hxxps://web.telegram.org; hxxps://www.instagram.com
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2020-05-05]
OPR Extension: (Install Chrome Extensions) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-31]
OPR Extension: (Notepad) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\llgbipgilkoihimpjhkhbeinfchcbldh [2019-10-29]
OPR Extension: (IDM Integration Module) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-02-06]
==================== Serviços (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2020-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\NisSrv.exe [3284840 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MsMpEng.exe [103168 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [X]
===================== Drivers (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21639712 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [682528 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [91400 2015-08-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-11-29] (ChengDu AoMei Tech Co., Ltd -> ) [Arquivo não assinado]
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2020-02-11] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2019-10-22] (Disc Soft Ltd -> Disc Soft Ltd)
S4 IObitUnlocker; C:\Program Files (x86)\Outlook Express\IO\IObitUnlocker.sys [36568 2013-09-30] (IObit Information Technology -> IObit)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [312496 2019-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Oracle Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [337920 2017-03-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943864 2016-03-23] (Realtek Semiconductor Corp -> Realtek )
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [237376 2019-10-11] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [376032 2020-02-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um mês (criados) ===================
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2020-05-07 17:08 - 2020-05-07 17:11 - 000000000 ____D C:\FRST
2020-05-04 12:41 - 2020-05-04 12:41 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2020-05-04 12:37 - 2020-05-04 12:37 - 000000000 ____D C:\Users\Todos os Usuários\MB2Migration
2020-05-04 12:37 - 2020-05-04 12:37 - 000000000 ____D C:\ProgramData\MB2Migration
2020-04-18 19:01 - 2020-04-18 19:01 - 000000000 ____D C:\Users\Usuario\AppData\Local\BlueStacksSetup
2020-04-18 19:00 - 2020-04-18 19:01 - 000000000 ____D C:\Users\Usuario\AppData\Local\Bluestacks
2020-04-17 23:14 - 2020-04-26 02:28 - 000003844 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-04-17 23:14 - 2020-04-26 02:28 - 000003402 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-04-17 20:07 - 2020-04-17 20:07 - 000000000 ____D C:\Users\Usuario\AppData\Local\ESET
2020-04-14 19:05 - 2020-04-18 19:01 - 000000000 ____D C:\Users\Public\BlueStacks
2020-04-14 12:17 - 2020-04-16 19:19 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2020-04-14 12:17 - 2020-04-15 01:11 - 000000000 ____D C:\Users\Usuario\AppData\Local\ZHP
==================== Um mês (modificados) ==================
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2020-05-07 17:12 - 2018-09-15 04:33 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2020-05-07 17:12 - 2018-09-15 04:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-07 17:01 - 2019-10-16 12:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-07 13:11 - 2019-10-15 16:09 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-05-07 13:11 - 2018-09-15 03:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-05-07 13:10 - 2019-10-31 01:16 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\DMCache
2020-05-07 13:07 - 2019-10-29 13:47 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2020-05-07 13:07 - 2019-10-29 13:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-06 19:59 - 2019-11-13 18:46 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\eM Client
2020-05-05 17:48 - 2020-02-05 17:56 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-05 13:37 - 2019-10-16 11:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-01 03:15 - 2019-10-23 11:31 - 000000000 ____D C:\Users\Usuario\AppData\Local\CutePDF Writer
2020-04-30 11:52 - 2019-10-29 17:10 - 000004232 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1572379839
2020-04-30 11:52 - 2019-10-29 17:10 - 000001450 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2020-04-27 00:53 - 2019-10-20 02:04 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC
2020-04-20 17:21 - 2019-10-15 15:42 - 000000000 ____D C:\Users\Usuario\AppData\Local\Packages
2020-04-17 00:49 - 2019-11-09 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-04-15 12:48 - 2019-10-31 01:16 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\IDM
2020-04-15 12:48 - 2018-09-15 04:31 - 000000000 ____D C:\WINDOWS\INF
2020-04-15 02:49 - 2020-03-02 18:50 - 000004634 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-15 02:48 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-15 02:47 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-15 00:55 - 2018-09-15 03:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-04-14 00:50 - 2019-10-22 12:28 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Samsung
==================== Arquivos na raiz de alguns diretórios ========
2019-11-21 02:05 - 2019-11-21 02:05 - 000000068 _____ () C:\Users\Usuario\AppData\Roaming\changzhi_leidian.data
2019-11-18 18:10 - 2019-11-18 18:29 - 000000504 _____ () C:\Users\Usuario\AppData\Local\Nox_crash.log
2019-11-18 18:25 - 2019-11-18 18:28 - 000000071 _____ () C:\Users\Usuario\AppData\Local\update_progress.txt
==================== SigCheck ============================
(Não há correção automática para arquivos que não passaram na verificação.)
==================== Fim de FRST.txt ========================
Executado por Usuario (administrador) em DESKTOP-N9V0MDH (Hewlett-Packard 18-5200br) (07-05-2020 17:09:38)
Executando a partir de D:\Área de Trabalho
Perfis Carregados: Usuario (Perfis Disponíveis: Usuario)
Platform: Windows 10 Pro Versão 1809 17763.805 (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Tonec Inc. -> Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Tonec Inc.) [Arquivo não assinado] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
==================== Registro (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [DAEMON Tools Lite] => C:\Portables\DaemonTools\Daemon Tools\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [48214752 2020-04-06] (Google LLC -> )
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4141112 2020-01-01] (Tonec Inc.) [Arquivo não assinado]
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Policies\Explorer: [NoDrives] 3
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-05] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk [2019-11-24]
ShortcutAndArgument: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=BR11BFP1ZW05D1;CONNECTION=USB;MONITOR=1;
BootExecute:
GroupPolicy: Restrição ? <==== ATENÇÃO
GroupPolicy\User: Restrição ? <==== ATENÇÃO
==================== Tarefas Agendadas (Whitelisted) ============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {0C734553-55E4-4B12-9CD4-56E08BB3855F} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [4119656 2012-10-02] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {1A26415E-30FA-446B-971D-631D7F769942} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-15] (Google Inc -> Google LLC)
Task: {1EFB328B-8AA9-49F3-A0A0-DFF30A01FA41} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-04-15] (Adobe Inc. -> Adobe)
Task: {215DFB51-EBCD-4F42-AFBC-32803E7F5AE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25E58DDC-C06D-4DFA-B6C3-E6F3809DF1A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {29AA4715-59F1-4AD0-A6FB-A148CD13EACA} - System32\Tasks\eM Client Database Backup => C:\Program Files (x86)\eM Client\DbBackup.exe [139752 2020-02-11] (eM Client, s.r.o. -> )
Task: {37FDF7C0-501F-4966-9053-C93DA26B93F5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe
Task: {4AF21A0F-6704-43EE-B0B2-2788532C3C22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4C16630F-E3F8-4C3F-8BBE-F4B29FA9FF05} - System32\Tasks\Opera scheduled Autoupdate 1572379839 => C:\Users\Usuario\AppData\Local\Programs\Opera\launcher.exe [1517592 2020-04-29] (Opera Software AS -> Opera Software)
Task: {613B32B3-603D-4D2C-9CEA-2B20EDE09354} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66688886-AD61-428E-9346-59A766625E0B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe
Task: {8AEC4579-0EC6-4173-8BFB-C6F4FB6D0EDE} - System32\Tasks\EOSv3 Scheduler onTime => D:\Área de Trabalho\esetonlinescanner.exe
Task: {9A8B54FA-736A-4CE6-BA81-020B09F4F4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-15] (Google Inc -> Google LLC)
Task: {A3EF1220-BD3C-4B28-9B6B-8E3042192096} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8798BE1-6DCA-4C19-A5C7-2C0BA8A9D6C0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_363_pepper.exe [1454136 2020-04-15] (Adobe Inc. -> Adobe)
Task: {ADC5834D-312A-429E-8441-B561B1113B47} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4163AB6-8557-40A8-8597-71CE03405E41} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Área de Trabalho\esetonlinescanner.exe
Task: {DD056075-30EF-47B5-B8AC-8875FB372BBC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe
Task: {E1AE4DE9-2187-4ECB-9A24-8CC47A92A2F4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA625267-66E0-464A-AE95-8754007E78AD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
==================== Internet (Whitelisted) ====================
(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d72cbefa-3471-4474-b386-90bb15f1b5f0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{d72cbefa-3471-4474-b386-90bb15f1b5f0}: [DhcpNameServer] 200.189.80.108 200.189.80.122
Tcpip\..\Interfaces\{f04629c2-91ab-46d0-9fbd-11d885ea0fc0}: [NameServer] 8.8.8.8,1.1.1.1
Tcpip\..\Interfaces\{f9bee67b-749e-4b55-b393-7d42ebbc0e1d}: [NameServer] 200.221.11.100,200.221.11.101
Tcpip\..\Interfaces\{f9bee67b-749e-4b55-b393-7d42ebbc0e1d}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{fd05069b-ca4c-4ae7-9392-128e50200c8b}: [NameServer] 8.8.8.8,1.1.1.1
Internet Explorer:
==================
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2019-11-28] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2019-11-28] (Tonec Inc. -> Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-03-02] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-03-02] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: vniid6p0.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default [2020-05-06]
FF DownloadDir: D:\Área de Trabalho
FF Homepage: Mozilla\Firefox\Profiles\vniid6p0.default -> chrome://speeddial/content/speeddial.xul
FF Notifications: Mozilla\Firefox\Profiles\vniid6p0.default -> hxxps://www.tecmundo.com.br; hxxps://nogueiradas.letreach.com; hxxp://www.linhadefensiva.org; hxxps://forum.baboo.com.br; hxxps://playfulbet.onesignal.com; hxxps://conquistadigital.com.br; hxxps://geradordeconteudos.onesignal.com; hxxps://playfulbet.os.tc; hxxps://mail.one.com; hxxps://www.voxel.com.br; hxxps://www.youtube.com; hxxps://www.areah.com.br; hxxps://www.facebook.com; hxxps://negocioonlinebrasil.egoiapp2.com
FF Extension: (Disable youtube html5 player) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\@disableyoutubehtml5player.xpi [2018-10-03] []
FF Extension: (QuickFox Notes) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\amin.eft_bmnotes@gmail.com [2019-10-29] []
FF Extension: (Classic Theme Restorer) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2019-05-12] []
FF Extension: (Add-on Compatibility Reporter) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\compatibility@addons.mozilla.org.xpi [2018-10-15] []
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-16]
FF Extension: (IDM Integration Module) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\idmmzcc-webextension.xpi [2018-10-02] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF Extension: (YouTube mp3) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\info@youtube-mp3.org.xpi [2018-10-01] []
FF Extension: (Português (pt-BR) Language Pack) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\langpack-pt-BR@firefox.mozilla.org.xpi [2018-10-02] []
FF Extension: (Profile Folder Button) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\ProfileFolderButton@schuzak.jp.xpi [2018-10-15] []
FF Extension: (Português Brasileiro (Nova Ortografia)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\pt-BR@dictionaries.addons.mozilla.org [2019-10-29] []
FF Extension: (Tab Mix Plus) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\tab_mix_plus-0.5.0.4-fx.xpi [2019-05-12] []
FF Extension: (Google Translator for Firefox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\translator@zoli.bod.xpi [2018-10-01] []
FF Extension: (Flagfox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2018-10-16] []
FF Extension: (Speed Dial) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2018-10-01] []
FF Extension: (Notepad) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{81231243-7deb-4d81-bc8a-4a7f3eb62144}.xpi [2018-10-15]
FF Extension: (Video DownloadHelper) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-04-09]
FF Extension: (Tab Mix Plus) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2019-05-12] []
FF HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Firefox\Extensions: [mozilla_cc3@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (IDM Integration Module) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2019-12-18] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Usuario\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Usuario\AppData\Roaming\IDM\idmmzcc5 [2020-01-02] [] [não assinado]
FF HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] []
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-03-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-03-02] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2020-05-07]
CHR DownloadDir: D:\Área de Trabalho
CHR Notifications: Default -> hxxps://app.meugrao.com.br; hxxps://br.pinterest.com; hxxps://contaazul.com; hxxps://cursotpia.club.hotmart.com; hxxps://fc.lc; hxxps://mail.google.com; hxxps://stfly.io; hxxps://surveytime.io; hxxps://vintepila.webpush.freshchat.com; hxxps://virnews.club; hxxps://www.apkonline.net; hxxps://www.flvto.biz; hxxps://www.instagram.com; hxxps://www.jornalcontabil.com.br; hxxps://www.psicologiaviva.com.br; hxxps://www.sorteonline.com.br; hxxps://www.workana.com; hxxps://www1p.samcunningham.pro
CHR HomePage: Default -> hxxps://drive.google.com/drive/folders/0By4JBoB0i7ViRHVGb1lsRVROUWM
CHR NewTab: Default -> Active:"chrome-extension://ejbjamhkdedinncaeiackcdehpccoejm/pages/newtab.html"
CHR Extension: (Google Tradutor) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-03-18]
CHR Extension: (MEGA) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-05-01]
CHR Extension: (Speed Dial) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbjamhkdedinncaeiackcdehpccoejm [2019-10-16]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2019-10-16]
CHR Extension: (Video Downloader PLUS) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhplmmllnpjjlncfjpbbpjadoeijkogc [2020-04-24]
CHR Extension: (AdBlock — o melhor bloqueador de anúncios) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-04-14]
CHR Extension: (HP Smart Print) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2019-10-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-05-01]
CHR Extension: (Méliuz: Cashback e cupons em suas compras) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2020-04-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-11-09]
CHR Extension: (Ghostery – Bloqueador de anúncios para privacidade) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-04-25]
CHR Extension: (IDM Integration Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-02-27]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-15]
CHR Extension: (Downloader for Instagram™ + Direct Message) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkpikmlhoaojbbmmpejnimiglejmboe [2020-04-14]
CHR Extension: (Media Download Manager by Skyload) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\phahkekekihoijbdgoiemfdjfdlbonlj [2019-12-11]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-14]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-12-25]
CHR HKU\S-1-5-21-881091786-1930074019-3152223156-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Usuario\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-11-09]
CHR HKU\S-1-5-21-881091786-1930074019-3152223156-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2019-12-25]
Opera:
=======
OPR DownloadDir: D:\Área de Trabalho
OPR Notifications: hxxps://web.telegram.org; hxxps://www.instagram.com
OPR Extension: (LastPass: Free Password Manager) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2020-05-05]
OPR Extension: (Install Chrome Extensions) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-31]
OPR Extension: (Notepad) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\llgbipgilkoihimpjhkhbeinfchcbldh [2019-10-29]
OPR Extension: (IDM Integration Module) - C:\Users\Usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-02-06]
==================== Serviços (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
R2 AMD External Events Utility; C:\WINDOWS\system32\atiesrxx.exe [264224 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2020-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\NisSrv.exe [3284840 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MsMpEng.exe [103168 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [X]
===================== Drivers (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
R3 amdkmdag; C:\WINDOWS\system32\DRIVERS\atikmdag.sys [21639712 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\system32\DRIVERS\atikmpag.sys [682528 2015-08-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [91400 2015-08-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243056 2017-06-12] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc. )
S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-11-29] (ChengDu AoMei Tech Co., Ltd -> ) [Arquivo não assinado]
R3 athr; C:\WINDOWS\System32\drivers\athw8x.sys [4233728 2020-02-11] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2019-10-22] (Disc Soft Ltd -> Disc Soft Ltd)
S4 IObitUnlocker; C:\Program Files (x86)\Outlook Express\IO\IObitUnlocker.sys [36568 2013-09-30] (IObit Information Technology -> IObit)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [312496 2019-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Oracle Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [337920 2017-03-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943864 2016-03-23] (Realtek Semiconductor Corp -> Realtek )
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [237376 2019-10-11] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [376032 2020-02-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-04] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
==================== Um mês (criados) ===================
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2020-05-07 17:08 - 2020-05-07 17:11 - 000000000 ____D C:\FRST
2020-05-04 12:41 - 2020-05-04 12:41 - 000000000 ____D C:\Users\Usuario\AppData\Local\mbamtray
2020-05-04 12:37 - 2020-05-04 12:37 - 000000000 ____D C:\Users\Todos os Usuários\MB2Migration
2020-05-04 12:37 - 2020-05-04 12:37 - 000000000 ____D C:\ProgramData\MB2Migration
2020-04-18 19:01 - 2020-04-18 19:01 - 000000000 ____D C:\Users\Usuario\AppData\Local\BlueStacksSetup
2020-04-18 19:00 - 2020-04-18 19:01 - 000000000 ____D C:\Users\Usuario\AppData\Local\Bluestacks
2020-04-17 23:14 - 2020-04-26 02:28 - 000003844 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-04-17 23:14 - 2020-04-26 02:28 - 000003402 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-04-17 20:07 - 2020-04-17 20:07 - 000000000 ____D C:\Users\Usuario\AppData\Local\ESET
2020-04-14 19:05 - 2020-04-18 19:01 - 000000000 ____D C:\Users\Public\BlueStacks
2020-04-14 12:17 - 2020-04-16 19:19 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\ZHP
2020-04-14 12:17 - 2020-04-15 01:11 - 000000000 ____D C:\Users\Usuario\AppData\Local\ZHP
==================== Um mês (modificados) ==================
(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)
2020-05-07 17:12 - 2018-09-15 04:33 - 000000000 ____D C:\Users\Todos os Usuários\regid.1991-06.com.microsoft
2020-05-07 17:12 - 2018-09-15 04:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-05-07 17:01 - 2019-10-16 12:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-05-07 13:11 - 2019-10-15 16:09 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-05-07 13:11 - 2018-09-15 03:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-05-07 13:10 - 2019-10-31 01:16 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\DMCache
2020-05-07 13:07 - 2019-10-29 13:47 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2020-05-07 13:07 - 2019-10-29 13:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-05-06 19:59 - 2019-11-13 18:46 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\eM Client
2020-05-05 17:48 - 2020-02-05 17:56 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-05-05 13:37 - 2019-10-16 11:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-05-01 03:15 - 2019-10-23 11:31 - 000000000 ____D C:\Users\Usuario\AppData\Local\CutePDF Writer
2020-04-30 11:52 - 2019-10-29 17:10 - 000004232 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1572379839
2020-04-30 11:52 - 2019-10-29 17:10 - 000001450 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navegador Opera.lnk
2020-04-27 00:53 - 2019-10-20 02:04 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC
2020-04-20 17:21 - 2019-10-15 15:42 - 000000000 ____D C:\Users\Usuario\AppData\Local\Packages
2020-04-17 00:49 - 2019-11-09 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2020-04-15 12:48 - 2019-10-31 01:16 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\IDM
2020-04-15 12:48 - 2018-09-15 04:31 - 000000000 ____D C:\WINDOWS\INF
2020-04-15 02:49 - 2020-03-02 18:50 - 000004634 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-04-15 02:48 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-04-15 02:47 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-04-15 00:55 - 2018-09-15 03:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-04-14 00:50 - 2019-10-22 12:28 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Samsung
==================== Arquivos na raiz de alguns diretórios ========
2019-11-21 02:05 - 2019-11-21 02:05 - 000000068 _____ () C:\Users\Usuario\AppData\Roaming\changzhi_leidian.data
2019-11-18 18:10 - 2019-11-18 18:29 - 000000504 _____ () C:\Users\Usuario\AppData\Local\Nox_crash.log
2019-11-18 18:25 - 2019-11-18 18:28 - 000000071 _____ () C:\Users\Usuario\AppData\Local\update_progress.txt
==================== SigCheck ============================
(Não há correção automática para arquivos que não passaram na verificação.)
==================== Fim de FRST.txt ========================