Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) VersÃ£o: 19-10-2020
Executado por Usuario (administrador) em DESKTOP-N9V0MDH (Hewlett-Packard 18-5200br) (24-10-2020 02:52:02)
Executando a partir de D:\Ãrea de Trabalho
Perfis Carregados: Usuario
Platform: Windows 10 Pro VersÃ£o 1809 17763.805 (X64) Idioma: PortuguÃªs (Brasil)
Navegador padrÃ£o: Chrome
Modo da InicializaÃ§Ã£o: Normal
Tutorial da Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processos (Whitelisted) =================

(Se uma entrada for incluÃ­da na fixlist, o processo serÃ¡ fechado. O arquivo nÃ£o serÃ¡ movido.)

(Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <14>
(Igloo systems Inc. -> Toolwiz) C:\Program Files\Toolwiz Time Freeze 2017\ToolwizTimeFreeze.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\NisSrv.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe
(Tonec Inc. -> Tonec Inc.) [Arquivo nÃ£o assinado] C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Vivaldi Technologies AS -> Vivaldi Technologies AS) C:\Users\Usuario\AppData\Local\Vivaldi\Application\update_notifier.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, o Ã­tem no Registro serÃ¡ restaurado para o padrÃ£o ou removido. O arquivo nÃ£o serÃ¡ movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1416440 2016-03-29] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [DAEMON Tools Lite] => C:\Portables\DaemonTools\Daemon Tools\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd -> Disc Soft Ltd)
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [48737752 2020-09-09] (Google LLC -> )
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [ToolwizTimeFreeze] => C:\Program Files\Toolwiz Time Freeze 2017\ToolwizTimeFreeze.exe [1623384 2020-09-03] (Igloo systems Inc. -> Toolwiz)
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [Vivaldi Update Notifier] => C:\Users\Usuario\AppData\Local\Vivaldi\Application\update_notifier.exe [1883208 2020-10-22] (Vivaldi Technologies AS -> Vivaldi Technologies AS)
HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [5466424 2020-10-17] (Tonec Inc. -> Tonec Inc.) [Arquivo nÃ£o assinado]
HKLM\...\Print\Monitors\CutePDF Writer Monitor v3.2: C:\WINDOWS\system32\cpwmon64_v32.dll [90096 2017-05-26] (Acro Software Inc -> )
HKLM\...\Print\Monitors\EPSON L355 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMI4E.DLL [120320 2014-07-29] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\WINDOWS\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-21] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk [2019-11-24]
ShortcutAndArgument: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 2050 J510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=BR11BFP1ZW05D1;CONNECTION=USB;MONITOR=1;
BootExecute: 
GroupPolicy: RestriÃ§Ã£o ? <==== ATENÃÃO

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

Task: {0C734553-55E4-4B12-9CD4-56E08BB3855F} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [4119656 2012-10-02] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {1A26415E-30FA-446B-971D-631D7F769942} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-15] (Google Inc -> Google LLC)
Task: {1EFB328B-8AA9-49F3-A0A0-DFF30A01FA41} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
Task: {215DFB51-EBCD-4F42-AFBC-32803E7F5AE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {25E58DDC-C06D-4DFA-B6C3-E6F3809DF1A9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {29EB213B-EE04-49F5-9F63-BB8DBD77B08A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-13] (Adobe Inc. -> Adobe)
Task: {37FDF7C0-501F-4966-9053-C93DA26B93F5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe
Task: {4AF21A0F-6704-43EE-B0B2-2788532C3C22} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {613B32B3-603D-4D2C-9CEA-2B20EDE09354} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MpCmdRun.exe [473544 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66688886-AD61-428E-9346-59A766625E0B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe
Task: {8AEC4579-0EC6-4173-8BFB-C6F4FB6D0EDE} - System32\Tasks\EOSv3 Scheduler onTime => D:\Ãrea de Trabalho\esetonlinescanner.exe
Task: {8D169D0E-1EA2-4169-85F2-7CCED2859BCC} - System32\Tasks\eM Client Database Backup (S-1-5-21-881091786-1930074019-3152223156-1001) => C:\Program Files (x86)\eM Client\DbBackup.exe [139752 2020-02-11] (eM Client, s.r.o. -> )
Task: {9A8B54FA-736A-4CE6-BA81-020B09F4F4AA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-10-15] (Google Inc -> Google LLC)
Task: {A3EF1220-BD3C-4B28-9B6B-8E3042192096} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8798BE1-6DCA-4C19-A5C7-2C0BA8A9D6C0} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_pepper.exe [1497656 2020-10-13] (Adobe Inc. -> Adobe)
Task: {ADC5834D-312A-429E-8441-B561B1113B47} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4163AB6-8557-40A8-8597-71CE03405E41} - System32\Tasks\EOSv3 Scheduler onLogOn => D:\Ãrea de Trabalho\esetonlinescanner.exe
Task: {DD056075-30EF-47B5-B8AC-8875FB372BBC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe
Task: {E1AE4DE9-2187-4ECB-9A24-8CC47A92A2F4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA625267-66E0-464A-AE95-8754007E78AD} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe

(Se uma entrada for incluÃ­da na fixlist, o arquivo da tarefa (.job) serÃ¡ movido. O arquivo que estÃ¡ sendo executado pela tarefa nÃ£o serÃ¡ movido.)


==================== Internet (Whitelisted) ====================

(Se um Ã­tem for incluÃ­do na fixlist, sendo um Ã­tem do Registro, serÃ¡ removido ou restaurado para o padrÃ£o.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{d72cbefa-3471-4474-b386-90bb15f1b5f0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{d72cbefa-3471-4474-b386-90bb15f1b5f0}: [DhcpNameServer] 200.189.80.108 200.189.80.122
Tcpip\..\Interfaces\{f04629c2-91ab-46d0-9fbd-11d885ea0fc0}: [NameServer] 8.8.8.8,1.1.1.1
Tcpip\..\Interfaces\{f9bee67b-749e-4b55-b393-7d42ebbc0e1d}: [NameServer] 200.221.11.100,200.221.11.101
Tcpip\..\Interfaces\{f9bee67b-749e-4b55-b393-7d42ebbc0e1d}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{fd05069b-ca4c-4ae7-9392-128e50200c8b}: [NameServer] 8.8.8.8,1.1.1.1

FireFox:
========
FF DefaultProfile: vniid6p0.default
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default [2020-10-24]
FF DownloadDir: D:\Ãrea de Trabalho
FF Homepage: Mozilla\Firefox\Profiles\vniid6p0.default -> chrome://speeddial/content/speeddial.xul
FF Notifications: Mozilla\Firefox\Profiles\vniid6p0.default -> hxxps://www.tecmundo.com.br; hxxps://nogueiradas.letreach.com; hxxp://www.linhadefensiva.org; hxxps://forum.baboo.com.br; hxxps://playfulbet.onesignal.com; hxxps://conquistadigital.com.br; hxxps://geradordeconteudos.onesignal.com; hxxps://playfulbet.os.tc; hxxps://mail.one.com; hxxps://www.voxel.com.br; hxxps://www.youtube.com; hxxps://www.areah.com.br; hxxps://www.facebook.com; hxxps://negocioonlinebrasil.egoiapp2.com
FF Extension: (Disable youtube html5 player) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\@disableyoutubehtml5player.xpi [2018-10-03] []
FF Extension: (QuickFox Notes) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\amin.eft_bmnotes@gmail.com [2019-10-29] []
FF Extension: (Classic Theme Restorer) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2019-05-12] []
FF Extension: (Add-on Compatibility Reporter) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\compatibility@addons.mozilla.org.xpi [2018-10-15] []
FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\hotfix-update-xpi-intermediate@mozilla.com.xpi [2019-05-16]
FF Extension: (IDM Integration Module) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\idmmzcc-webextension.xpi [2018-10-02] [UpdateUrl:hxxps://data.internetdownloadmanager.com/idmmzcc3/update.json]
FF Extension: (YouTube mp3) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\info@youtube-mp3.org.xpi [2018-10-01] []
FF Extension: (PortuguÃªs (pt-BR) Language Pack) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\langpack-pt-BR@firefox.mozilla.org.xpi [2018-10-02] []
FF Extension: (IDM Integration Module) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\mozilla_cc3@internetdownloadmanager.com.xpi [2020-10-17]
FF Extension: (Profile Folder Button) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\ProfileFolderButton@schuzak.jp.xpi [2018-10-15] []
FF Extension: (PortuguÃªs Brasileiro (Nova Ortografia)) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\pt-BR@dictionaries.addons.mozilla.org [2019-10-29] []
FF Extension: (Tab Mix Plus) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\tab_mix_plus-0.5.0.4-fx.xpi [2019-05-12] []
FF Extension: (Google Translator for Firefox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\translator@zoli.bod.xpi [2018-10-01] []
FF Extension: (Flagfox) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2018-10-16] []
FF Extension: (Speed Dial) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2018-10-01] []
FF Extension: (Notepad) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{81231243-7deb-4d81-bc8a-4a7f3eb62144}.xpi [2018-10-15]
FF Extension: (Video DownloadHelper) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-04-09]
FF Extension: (Tab Mix Plus) - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\vniid6p0.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2019-05-12] []
FF HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Usuario\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Usuario\AppData\Roaming\IDM\idmmzcc5 [2020-10-22] [] [nÃ£o assinado]
FF HKU\S-1-5-21-881091786-1930074019-3152223156-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-12-20] []
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-13] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-08-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-08-01] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll [2010-02-15] (RealNetworks, Inc. -> RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll [2010-02-15] (RealNetworks, Inc.) [Arquivo nÃ£o assinado]

Chrome: 
=======
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default [2020-10-24]
CHR DownloadDir: D:\Ãrea de Trabalho
CHR Notifications: Default -> hxxps://pt.savefrom.net; hxxps://surveytime.io; hxxps://www.facebook.com
CHR HomePage: Default -> file:///D:/%C3%81rea%20de%20Trabalho/GOOGLE%20CHROME/favoritos_21_10_2020.html
CHR NewTab: Default ->  Active:"chrome-extension://ejbjamhkdedinncaeiackcdehpccoejm/pages/newtab.html"
CHR Extension: (Google Tradutor) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2020-10-19]
CHR Extension: (ApresentaÃ§Ãµes) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-19]
CHR Extension: (Documentos) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-19]
CHR Extension: (Google Drive) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-19]
CHR Extension: (HLS Downloader) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apomkbibleomoihlhhdbeghnfioffbej [2020-10-19]
CHR Extension: (MEGA) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2020-10-19]
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-19]
CHR Extension: (Speed Dial) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbjamhkdedinncaeiackcdehpccoejm [2020-10-19]
CHR Extension: (Planilhas) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-19]
CHR Extension: (Documentos Google off-line) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-19]
CHR Extension: (AdBlock â o melhor bloqueador de anÃºncios) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-20]
CHR Extension: (HP Smart Print) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmpaiomihcebnclahoknbodeiaiohcdi [2020-10-19]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-10-22]
CHR Extension: (MÃ©liuz: Cashback e cupons em suas compras) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcfmebflppkljibgpdlboifpcaalolg [2020-10-22]
CHR Extension: (Video Downloader Plus by Skyload) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjbpandnkpoaeaemedhhpaibjkcoblh [2020-10-19]
CHR Extension: (Ghostery â Bloqueador de anÃºncios para privacidade) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2020-10-19]
CHR Extension: (IDM Integration Module) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2020-10-22]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-10-19]
CHR Extension: (Downloader for Instagram) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkpikmlhoaojbbmmpejnimiglejmboe [2020-10-23]
CHR Extension: (Comparador EscolhaSegura) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbichgopagjidnkeaablhiediibgbmec [2020-10-19]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-19]
CHR Profile: C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\System Profile [2020-10-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-10-16]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2020-10-16]

==================== ServiÃ§os (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-10-13] (Adobe Inc. -> Adobe)
R2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [115648 2016-03-29] (Andrea Electronics -> Andrea Electronics Corporation)
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (Shanghai Comet Network Technology -> www.BitComet.com)
R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5378320 2020-02-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\NisSrv.exe [3284840 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.7-0\MsMpEng.exe [103168 2020-02-04] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [X]

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2013-11-29] (ChengDu AoMei Tech Co., Ltd -> ) [Arquivo nÃ£o assinado]
R3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2019-10-22] (Disc Soft Ltd -> Disc Soft Ltd)
S4 IObitUnlocker; C:\Program Files (x86)\Outlook Express\IO\IObitUnlocker.sys [36568 2013-09-30] (IObit Information Technology -> IObit)
R2 LdBoxDrv; C:\Program Files\dnplayerext2\LdBoxDrv.sys [312496 2019-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Oracle Corporation)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [319192 2019-09-21] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [337920 2017-03-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R0 TWZDISK; C:\WINDOWS\System32\Drivers\TWZDISK.sys [73360 2020-09-03] (XII CNC Inc. -> Toolwiz.com)
R1 TWZFILE; C:\WINDOWS\System32\Drivers\TWZFILE.sys [43152 2020-09-03] (XII CNC Inc. -> Toolwiz.com)
S3 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [237376 2019-10-11] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-02-04] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [376032 2020-02-04] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [53984 2020-02-04] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluÃ­da na fixlist, serÃ¡ removida do Registro. O arquivo nÃ£o serÃ¡ movido, a menos que seja colocado separadamente.)


==================== TrÃªs meses (criados) ===================

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2020-10-24 02:51 - 2020-10-24 02:53 - 000000000 ____D C:\FRST
2020-10-23 12:34 - 2020-10-23 12:38 - 000000000 ____D C:\AdwCleaner
2020-10-22 00:10 - 2020-10-22 00:11 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2020-10-22 00:10 - 2020-10-22 00:10 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2020-10-22 00:10 - 2020-10-22 00:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2020-10-19 11:17 - 2020-10-21 18:57 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-16 18:24 - 2018-12-20 08:05 - 000229296 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2020-10-14 17:44 - 2020-10-23 20:25 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\DMCache
2020-10-14 17:44 - 2020-10-22 12:15 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\IDM
2020-10-14 17:44 - 2020-10-14 17:44 - 000000000 ____D C:\Users\Todos os UsuÃ¡rios\IDM
2020-10-14 17:44 - 2020-10-14 17:44 - 000000000 ____D C:\ProgramData\IDM
2020-10-10 17:27 - 2020-10-12 11:07 - 000000000 ____D C:\WINDOWS\Minidump
2020-10-02 14:01 - 2020-10-02 14:01 - 000000000 ____D C:\Users\Usuario\AppData\Local\ElevatedDiagnostics
2020-09-29 01:54 - 2020-10-13 19:58 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\WATCHED
2020-09-29 01:54 - 2020-10-13 19:25 - 000000000 ____D C:\Users\Usuario\AppData\Local\watched-updater
2020-09-29 01:54 - 2020-09-29 01:54 - 000002332 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WATCHED.lnk
2020-09-23 17:21 - 2020-10-23 11:13 - 000002438 _____ C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2020-09-23 17:21 - 2020-10-23 02:27 - 000000374 _____ C:\Users\Usuario\.vivaldi_reporting_data
2020-09-23 17:20 - 2020-10-23 11:13 - 000000000 ____D C:\Users\Usuario\AppData\Local\Vivaldi
2020-09-23 16:49 - 2020-09-23 17:07 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Telegram Desktop
2020-09-23 16:49 - 2020-09-23 16:49 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2020-09-15 12:21 - 2020-09-15 12:21 - 000000000 ____D C:\Users\Usuario\AppData\LocalLow\Ookla
2020-09-15 12:21 - 2020-09-15 12:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speedtest By Ookla
2020-09-15 12:21 - 2020-09-15 12:21 - 000000000 ____D C:\Program Files\Speedtest
2020-09-04 01:36 - 2020-09-04 01:36 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\MPC-HC
2020-09-04 01:34 - 2020-09-04 01:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2020-09-04 01:34 - 2019-12-28 06:00 - 000784384 _____ C:\WINDOWS\system32\xvidcore.dll
2020-09-04 01:34 - 2019-12-28 06:00 - 000681984 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2020-09-04 01:34 - 2019-12-28 06:00 - 000310784 _____ C:\WINDOWS\system32\xvidvfw.dll
2020-09-04 01:34 - 2019-12-28 06:00 - 000284160 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2020-09-04 01:34 - 2017-07-30 07:50 - 003850240 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll
2020-09-04 01:34 - 2017-07-30 07:50 - 003799552 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll
2020-09-04 01:34 - 2015-10-24 13:00 - 000112128 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2020-09-04 01:34 - 2012-07-21 07:55 - 000180736 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2020-09-04 01:34 - 2012-07-21 07:54 - 000122880 _____ (fccHandler) C:\WINDOWS\SysWOW64\ac3acm.acm
2020-09-04 01:34 - 2011-12-07 14:37 - 000148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2020-09-04 01:34 - 2011-12-07 14:32 - 000216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll
2020-09-04 01:33 - 2020-09-04 01:34 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2020-09-04 01:17 - 2020-09-04 01:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
2020-09-04 01:17 - 2020-09-04 01:17 - 000000000 ____D C:\Program Files (x86)\Real Alternative
2020-09-04 01:17 - 2010-02-15 15:00 - 000278528 _____ (Real Networks, Inc) C:\WINDOWS\SysWOW64\pncrt.dll
2020-09-04 01:17 - 2010-02-15 15:00 - 000185920 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2020-09-04 01:17 - 2010-02-15 15:00 - 000006656 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5016.dll
2020-09-04 01:17 - 2010-02-15 15:00 - 000005632 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5032.dll
2020-09-04 01:17 - 2004-01-11 19:00 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2020-09-04 01:17 - 2003-03-19 00:14 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2020-09-04 01:16 - 2020-09-04 01:16 - 000000000 ____D C:\Users\Todos os UsuÃ¡rios\Apple Computer
2020-09-04 01:16 - 2020-09-04 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime Alternative
2020-09-04 01:16 - 2020-09-04 01:16 - 000000000 ____D C:\ProgramData\Apple Computer
2020-09-04 01:16 - 2020-09-04 01:16 - 000000000 ____D C:\Program Files (x86)\QuickTime Alternative
2020-09-04 01:16 - 2010-03-17 17:53 - 000180224 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QTCF.dll
2020-09-04 01:16 - 2010-03-17 17:53 - 000094208 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTimeVR.qtx
2020-09-04 01:16 - 2010-03-17 17:53 - 000069632 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\QuickTime.qts
2020-09-04 01:07 - 2020-10-13 18:45 - 000004622 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-09-03 12:19 - 2020-10-10 11:01 - 000000000 ___HD C:\TOOLWIZTIMEFREEZE
2020-09-03 12:19 - 2020-09-03 12:19 - 000073360 _____ (Toolwiz.com) C:\WINDOWS\system32\Drivers\TWZDISK.sys
2020-09-03 12:19 - 2020-09-03 12:19 - 000043152 _____ (Toolwiz.com) C:\WINDOWS\system32\Drivers\TWZFILE.sys
2020-09-03 12:19 - 2020-09-03 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Time Freeze 2017
2020-09-03 12:19 - 2020-09-03 12:19 - 000000000 ____D C:\Program Files\Toolwiz Time Freeze 2017
2020-09-03 12:16 - 2020-09-03 12:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloqueio do Sistema
2020-09-03 12:16 - 2020-09-03 12:16 - 000000000 ____D C:\Program Files (x86)\Suporte
2020-08-27 00:36 - 2020-08-27 00:36 - 000003168 _____ C:\WINDOWS\system32\Tasks\eM Client Database Backup (S-1-5-21-881091786-1930074019-3152223156-1001)
2020-08-04 12:49 - 2020-08-04 12:49 - 000000000 ____D C:\Users\Usuario\AppData\Local\Chromium
2020-08-04 02:01 - 2020-08-20 02:16 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\BitComet
2020-08-04 02:01 - 2020-08-04 02:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)
2020-08-04 02:01 - 2020-08-04 02:01 - 000000000 ____D C:\Program Files\BitComet
2020-07-29 02:02 - 2020-07-29 02:02 - 000000000 _____ C:\WINDOWS\diskptex.dat

==================== TrÃªs meses (modificados) ==================

(Se uma entrada for incluÃ­da na fixlist, o arquivo/pasta serÃ¡ movido.)

2020-10-24 02:49 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2020-10-24 01:15 - 2018-09-15 04:33 - 000000000 ____D C:\Users\Todos os UsuÃ¡rios\regid.1991-06.com.microsoft
2020-10-24 01:15 - 2018-09-15 04:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-24 00:42 - 2019-10-16 12:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-23 20:25 - 2019-10-15 16:09 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2020-10-23 20:25 - 2018-09-15 03:09 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-10-23 20:08 - 2019-10-23 11:31 - 000000000 ____D C:\Users\Usuario\AppData\Local\CutePDF Writer
2020-10-22 20:40 - 2019-10-16 12:06 - 000000000 ____D C:\Users\Usuario
2020-10-22 13:16 - 2019-10-16 11:52 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-20 17:55 - 2019-11-13 18:46 - 000000000 ____D C:\Users\Usuario\AppData\Roaming\eM Client
2020-10-19 11:18 - 2019-10-15 15:49 - 000000000 ____D C:\Users\Usuario\AppData\Local\Google
2020-10-19 11:17 - 2019-11-09 01:42 - 000000000 ____D C:\Program Files\Google
2020-10-15 11:40 - 2019-10-15 15:45 - 001660278 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-15 11:40 - 2018-09-15 13:43 - 000718692 _____ C:\WINDOWS\system32\prfh0416.dat
2020-10-15 11:40 - 2018-09-15 13:43 - 000141690 _____ C:\WINDOWS\system32\prfc0416.dat
2020-10-15 11:40 - 2018-09-15 04:31 - 000000000 ____D C:\WINDOWS\INF
2020-10-14 01:29 - 2019-10-16 12:16 - 000003588 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-14 01:29 - 2019-10-16 12:16 - 000003464 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-13 19:46 - 2020-03-02 18:50 - 000004634 _____ C:\WINDOWS\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-10-13 19:46 - 2018-09-15 04:36 - 000842296 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-10-13 19:46 - 2018-09-15 04:36 - 000175160 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2020-10-13 19:46 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2020-10-10 10:35 - 2018-09-15 04:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-10 10:27 - 2018-09-15 04:33 - 000000000 ____D C:\WINDOWS\registration
2020-09-30 11:25 - 2019-10-15 15:42 - 000000000 ____D C:\Users\Usuario\AppData\Local\Packages
2020-09-28 03:04 - 2019-10-18 02:07 - 000000428 __RSH C:\Users\Todos os UsuÃ¡rios\ntuser.pol
2020-09-28 03:04 - 2019-10-18 02:07 - 000000428 __RSH C:\ProgramData\ntuser.pol
2020-09-25 00:52 - 2019-11-09 01:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google

==================== SigCheck ============================

(NÃ£o hÃ¡ correÃ§Ã£o automÃ¡tica para arquivos que nÃ£o passaram na verificaÃ§Ã£o.)

==================== Fim de FRST.txt ========================