Resultado do análise da Farbar Recovery Scan Tool (FRST) (x64) Versão: 11-09-2023 Executado por Uusuario (administrador) em USUARIO (12-09-2023 18:09:29) Executando a partir de C:\Users\Uusuario\Desktop\FRST64.exe Perfis Carregados: Uusuario Plataforma: Microsoft Windows 8.1 Pro (Update) (X64) Idioma: Português (Brasil) Navegador padrão: IE Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (CERTIF_NICOLAS_COOLMAN -> Nicolas Coolman) [Arquivo não assinado] C:\Users\Uusuario\Desktop\ZHPCleaner.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <20> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <6> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (explorer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe (services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe (services.exe ->) (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe (services.exe ->) (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) C:\Program Files\Topaz OFD\Warsaw\core.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIC.exe <2> ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9228800 2017-06-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" (Nenhum Arquivo) HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3955608 2023-06-20] (Opera Norway AS -> Opera Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [748624 2023-06-14] (Oracle America, Inc. -> Oracle Corporation) HKLM\Software\Policies\...\system: [EnableSmartScreen] 0 HKU\S-1-5-21-354422575-759729991-2597353769-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [41584544 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) HKU\S-1-5-21-354422575-759729991-2597353769-1002\...\Run: [MicrosoftEdgeAutoLaunch_B5A270BCC5523E46E4D836BF154509BD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4188608 2023-06-10] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Windows x64\Print Processors\hpcpp140: C:\Windows\System32\spool\prtprocs\x64\hpcpp140.DLL [559616 2012-09-28] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\HP 8711 Status Monitor: C:\Windows\system32\hpinksts8711LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.) HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [117248 2018-09-05] (pdfforge GmbH) [Arquivo não assinado] HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.149\Installer\chrmstp.exe [2023-06-16] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.98\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings Startup: C:\Users\Uusuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Enviar para o OneNote.lnk [2020-09-01] ShortcutTarget: Enviar para o OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) GroupPolicy: Restrição ? <==== ATENÇÃO Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO ==================== Tarefas Agendadas (Whitelisted) ================= (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {637F2BF4-0B8A-48D8-8530-8F38EBB916D7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-08-02] (Adobe Inc. -> Adobe Inc.) Task: {E940FD57-A981-40D8-AE8D-761948F57460} - System32\Tasks\BlueStacksHelper_nxt => C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe [274912 2023-02-06] (Bluestack Systems, Inc -> BlueStack Systems, Inc.) Task: {42B173CC-DDFC-4367-A58F-637C5200D9A6} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {9B54816C-FD77-48B5-B41C-3C54BC133D71} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "efe98752-2994-4c62-875f-2582e3aca07d" --version "6.15.10623" --silent Task: {EBDB2ABE-CFBF-4242-9637-54F993CE05F3} - System32\Tasks\CCleanerSkipUAC - Uusuario => C:\Program Files\CCleaner\CCleaner.exe [34687904 2023-08-11] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) Task: {1BBCB634-B0E7-4CD6-A397-7D1590256717} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-11-22] (Google Inc -> Google Inc.) Task: {625BD8FA-C291-4840-B9C3-A69F013F9E39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-11-22] (Google Inc -> Google Inc.) Task: {CBF7719B-C362-4EB4-98AD-4EAFCC59D4A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23817072 2020-07-18] (Microsoft Corporation -> Microsoft Corporation) Task: {C43748C4-D345-4FEC-B2BC-B64FE7DC60BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23817072 2020-07-18] (Microsoft Corporation -> Microsoft Corporation) Task: {6F3C6A06-9DFC-4B60-BBBD-3640EC7D9763} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155480 2020-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {6E46B80E-1C91-4542-B922-E5B44328A8A7} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [155480 2020-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {F86FE907-8829-42DD-A2AC-A285CAE7F023} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5725080 2020-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {4F2E3C06-6BE6-4460-9060-B9CBA4B65028} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5725080 2020-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {73CD6994-6748-467D-9DA5-22C3A837937C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [724384 2023-09-12] (Mozilla Corporation -> Mozilla Foundation) Task: {014410CA-27A6-4437-A502-AC9FCD388A04} - System32\Tasks\Opera scheduled assistant Autoupdate 1582738530 => C:\Program Files\Opera\launcher.exe [2635160 2023-04-27] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files\Opera\assistant" $(Arg0) Task: {A83F7C26-2979-4ECC-9A4C-74759F9C1BB5} - System32\Tasks\Opera scheduled Autoupdate 1511565161 => C:\Program Files\Opera\launcher.exe [2635160 2023-04-27] (Opera Norway AS -> Opera Software) Task: {09C3DC1F-B191-4A06-8E4B-D41E4F52BEFA} - System32\Tasks\R@1n-KMS\Office16ProPlus => C:\Windows\System32\Wbem\wmic.exe [516096 2014-10-28] (Microsoft Windows -> Microsoft Corporation) -> path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate Task: {15C467B7-F31D-4E45-8540-C3792A3EB9FA} - System32\Tasks\R@1n-KMS\Windows63Professional => C:\Windows\System32\Wbem\wmic.exe [516096 2014-10-28] (Microsoft Windows -> Microsoft Corporation) -> path SoftwareLicensingProduct where (ID="c06b6981-d7fd-4a35-b7b4-054742b7af67") call Activate Task: {D80CEA8E-84FC-478F-ABEB-F25CEA2B5E3D} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\Windows\TEMP\is-G100P.tmp\corefixer.exe /norerun (Nenhum Arquivo) <==== ATENÇÃO (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) Task: C:\Windows\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.15.1 Tcpip\..\Interfaces\{6FB50B75-A595-4EAB-96D9-D242C6231F45}: [NameServer] 1.1.1.1,8.8.8.8 Tcpip\..\Interfaces\{6FB50B75-A595-4EAB-96D9-D242C6231F45}: [DhcpNameServer] 192.168.15.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\Uusuario\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-12] Edge Notifications: Default -> hxxps://yitcmu.com Edge HomePage: Default -> hxxps://www.msn.com/?OCID=IE11FREDHP&PC=UF01 Edge Extension: (Edge relevant text changes) - C:\Users\Uusuario\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-09] Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn] FireFox: ======== FF DefaultProfile: fnvx38hz.default FF ProfilePath: C:\Users\Uusuario\AppData\Roaming\Mozilla\Firefox\Profiles\6j51z90s.default-release [2023-09-12] FF Homepage: Mozilla\Firefox\Profiles\6j51z90s.default-release -> hxxps://www.youtube.com/ FF Notifications: Mozilla\Firefox\Profiles\6j51z90s.default-release -> hxxps://mail.google.com; hxxps://www.smiles.com.br; hxxps://www.santander.com.br FF Extension: (Language: Português (BR)) - C:\Users\Uusuario\AppData\Roaming\Mozilla\Firefox\Profiles\6j51z90s.default-release\Extensions\langpack-pt-BR@firefox.mozilla.org.xpi [2023-07-27] FF Extension: (Brazilian Portuguese Checker (New Spelling)) - C:\Users\Uusuario\AppData\Roaming\Mozilla\Firefox\Profiles\6j51z90s.default-release\Extensions\pt-BR@dictionaries.addons.mozilla.org.xpi [2020-08-28] FF Extension: (Malwarebytes Browser Guard) - C:\Users\Uusuario\AppData\Roaming\Mozilla\Firefox\Profiles\6j51z90s.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-09-11] FF ProfilePath: C:\Users\Uusuario\AppData\Roaming\Mozilla\Firefox\Profiles\fnvx38hz.default [2023-09-12] FF Homepage: Mozilla\Firefox\Profiles\fnvx38hz.default -> hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=13&ct=1564518386&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%3a%2f%2foutlook.live.com%2fowa%2f%3fnlp%3d1%26RpsCsrfState%3de148deb0-7372-bcc6-4319-0172722a6dce&id=292841&aadredir=1&CBCXT=out&lw=1&fl=dob%2cflname%2cwld&cobrandid=90015 FF Notifications: Mozilla\Firefox\Profiles\fnvx38hz.default -> hxxps://www.bol.uol.com.br FF Extension: (ETP Search Volume Study) - C:\Users\Uusuario\AppData\Roaming\Mozilla\Firefox\Profiles\fnvx38hz.default\Extensions\etp-search-volume-study@shield.mozilla.org.xpi [2019-06-27] FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2019-04-13] [] FF HKLM-x32\...\Firefox\Extensions: [FireFoxNew-WebExtensions@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FireFoxNew-WebExtensions@foxitsoftware.com.xpi [2019-04-13] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: PDF Architect 6 -> C:\Program Files\PDF Architect 6\np-previewer.dll [2018-06-27] (pdfforge GmbH -> pdfforge GmbH) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2019-04-13] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2022-06-01] (FOXIT SOFTWARE INC. -> Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.381.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.381.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-06-14] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-01] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA CORPORATION -> NVIDIA Corporation) [Arquivo não assinado] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA CORPORATION -> NVIDIA Corporation) [Arquivo não assinado] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [Nenhum Arquivo] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2023-09-02] Chrome: ======= CHR Profile: C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default [2023-09-12] CHR StartupUrls: Default -> "hxxps://www.google.com.br/" CHR Session Restore: Default -> está habilitado. CHR Extension: (Torrent Scanner) - C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2023-03-01] CHR Extension: (Adminer Extractor - Capturar anúncios grátis) - C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\amolhiihcpdbkjimhlffamgieibhfapi [2023-08-02] CHR Extension: (ShowPassword) - C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbiclfnbhommljbjcoelobnnnibemabl [2022-02-23] CHR Extension: (Foxit PDF Creator) - C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2023-09-12] CHR Extension: (Documentos Google off-line) - C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-29] CHR Extension: (AdBlock — o melhor bloqueador de anúncios) - C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2023-09-07] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-09-12] CHR Extension: (Absolute Enable Right Click & Copy) - C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdocbkpgdakpekjlhemmfcncgdjeiika [2021-10-12] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Uusuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-03] CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-04-13] CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2019-04-13] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR Profile: C:\Users\Uusuario\AppData\Roaming\Opera Software\Opera Stable [2023-09-12] OPR Notifications: Opera Stable -> hxxps://www.facebook.com OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Rich Hints Agent) - C:\Users\Uusuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-07-05] OPR Extension: (Opera Wallet) - C:\Users\Uusuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-08-29] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Uusuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-13] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-08-02] (Adobe Inc. -> Adobe Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10566528 2020-07-18] (Microsoft Corporation -> Microsoft Corporation) R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-06-06] (Digital Wave Ltd -> Digital Wave Ltd.) R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2358800 2022-05-19] (FOXIT SOFTWARE INC. -> Foxit Software Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-09-12] (Malwarebytes Inc. -> Malwarebytes) S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [Arquivo não assinado] S3 PDF Architect 6; C:\Program Files\PDF Architect 6\ws.exe [2837168 2018-06-27] (pdfforge GmbH -> pdfforge GmbH) S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [Arquivo não assinado] R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-10-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-10-04] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) R2 Warsaw Technology; C:\Program Files\Topaz OFD\Warsaw\core.exe [1012024 2023-01-13] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [112144 2021-05-18] (Microsoft Corporation -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R2 BlueStacksDrv_nxt; C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys [322304 2023-02-06] (Bluestack Systems, Inc -> Bluestack System Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222672 2023-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S3 MEmuDrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [320360 2021-01-04] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation) R3 MpKsl4cfbbe3c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D2B6BAC-FFA9-451F-8D46-C06EAE23D664}\MpKslDrv.sys [54528 2023-09-12] (Microsoft Windows -> Microsoft Corporation) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2022-01-07] (Apple, Inc.) [Arquivo não assinado] S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [235832 2019-01-28] (Oracle Corporation -> Oracle Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [39488 2023-09-02] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) R1 wsddntf; C:\Windows\system32\DRIVERS\wsddntf.sys [51160 2021-02-11] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [25512 2023-06-22] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [33728 2023-06-22] (TPZ SOLUCOES DIGITAIS LTDA -> Topaz OFD) U3 aswbdisk; não ImagePath ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-09-12 18:09 - 2023-09-12 18:13 - 000027866 _____ C:\Users\Uusuario\Desktop\FRST.txt 2023-09-12 18:07 - 2023-09-12 18:11 - 000000000 ____D C:\FRST 2023-09-12 18:06 - 2023-09-12 18:07 - 002382848 _____ (Farbar) C:\Users\Uusuario\Desktop\FRST64.exe 2023-09-12 17:50 - 2023-09-12 17:50 - 000022281 _____ C:\Users\Uusuario\Desktop\ZHPCleaner (R).html 2023-09-12 17:50 - 2023-09-12 17:50 - 000012362 _____ C:\Users\Uusuario\Desktop\ZHPCleaner (R).txt 2023-09-12 17:45 - 2023-09-12 17:45 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2023-09-12 17:43 - 2023-09-12 18:03 - 000010212 _____ C:\Users\Uusuario\Desktop\ZHPCleaner (S).html 2023-09-12 17:43 - 2023-09-12 18:03 - 000003085 _____ C:\Users\Uusuario\Desktop\ZHPCleaner (S).txt 2023-09-12 17:26 - 2023-09-12 17:26 - 000000841 _____ C:\Users\Uusuario\Desktop\ZHPCleaner.lnk 2023-09-12 17:25 - 2023-09-12 18:03 - 000000000 ____D C:\Users\Uusuario\AppData\Roaming\ZHP 2023-09-12 17:25 - 2023-09-12 17:25 - 000000000 ____D C:\Users\Uusuario\AppData\Local\ZHP 2023-09-12 17:24 - 2023-09-12 17:24 - 003343008 _____ (Nicolas Coolman) C:\Users\Uusuario\Desktop\ZHPCleaner.exe 2023-09-12 17:10 - 2023-09-12 17:11 - 008791352 _____ (Malwarebytes) C:\Users\Uusuario\Desktop\adwcleaner.exe 2023-09-12 14:35 - 2023-09-12 14:35 - 000354765 _____ C:\Users\Uusuario\Downloads\2via_set.2023.pdf 2023-09-11 18:32 - 2023-09-11 18:32 - 000076468 _____ C:\Users\Uusuario\Downloads\comprovante_pix_enviado.pdf 2023-09-01 11:10 - 2023-09-02 20:31 - 000039488 _____ (Topaz OFD) C:\Windows\system32\Drivers\wsddfac.sys 2023-09-01 11:10 - 2023-09-01 11:10 - 000000000 ___HD C:\Program Files (x86)\Topaz OFD 2023-09-01 11:10 - 2023-09-01 11:10 - 000000000 ____D C:\Program Files\Topaz OFD 2023-09-01 11:10 - 2023-06-22 12:14 - 000033728 ____N (Topaz OFD) C:\Windows\system32\Drivers\wsddprm.sys 2023-09-01 11:10 - 2023-06-22 12:14 - 000025512 ____N (Topaz OFD) C:\Windows\system32\Drivers\wsddpp.sys 2023-09-01 11:10 - 2021-02-11 16:37 - 000051160 _____ (Topaz OFD) C:\Windows\system32\Drivers\wsddntf.sys 2023-09-01 11:10 - 2021-02-11 16:37 - 000009121 _____ C:\Windows\system32\Drivers\wsddntf.cat 2023-08-30 18:28 - 2023-08-30 18:29 - 000000000 ____D C:\b4a9c711de67a37f89e2bce361 2023-08-30 18:08 - 2023-08-30 18:08 - 000000000 ____D C:\Program Files\Samsung 2023-08-30 18:07 - 2023-08-30 18:07 - 000000000 ____D C:\ProgramData\Samsung 2023-08-15 12:36 - 2023-08-15 12:36 - 000000000 ____D C:\Users\Uusuario\AppData\Local\mbam 2023-08-15 12:35 - 2023-09-12 16:18 - 000000000 ____D C:\Users\Uusuario\AppData\Local\Malwarebytes 2023-08-15 12:35 - 2023-08-15 12:35 - 000001976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-08-15 12:35 - 2023-08-15 12:35 - 000001964 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2023-08-15 12:31 - 2023-08-15 12:31 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-08-15 12:31 - 2023-08-15 12:31 - 000000000 ____D C:\Program Files\Malwarebytes ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2023-09-12 18:03 - 2022-02-08 11:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-09-12 17:50 - 2017-11-22 14:07 - 000003594 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-354422575-759729991-2597353769-1002 2023-09-12 17:45 - 2020-02-26 14:38 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-09-12 17:45 - 2017-11-22 18:34 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-09-12 17:45 - 2017-11-22 18:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-09-12 17:33 - 2017-11-22 14:18 - 000000000 ____D C:\Program Files (x86)\Google 2023-09-12 12:51 - 2022-03-23 16:41 - 000000000 ____D C:\Users\Uusuario\AppData\Local\CrashDumps 2023-09-12 08:11 - 2017-11-23 14:03 - 000000000 ____D C:\Program Files\CCleaner 2023-09-12 08:10 - 2017-11-22 18:18 - 000000000 __SHD C:\Users\Uusuario\IntelGraphicsProfiles 2023-09-10 11:07 - 2017-11-22 14:27 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2023-09-06 18:02 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf 2023-09-02 20:31 - 2017-11-22 14:18 - 000000000 ____D C:\ProgramData\NVIDIA 2023-09-02 20:31 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-09-02 09:04 - 2013-08-22 10:44 - 000488888 _____ C:\Windows\system32\FNTCACHE.DAT 2023-09-01 11:11 - 2018-11-09 12:36 - 000000000 ____D C:\ProgramData\Temp 2023-09-01 08:08 - 2023-05-05 08:08 - 000000760 _____ C:\Windows\Tasks\CCleanerCrashReporting.job 2023-08-30 18:12 - 2017-11-22 14:02 - 000000000 ____D C:\Users\Uusuario 2023-08-29 16:31 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2023-08-28 10:55 - 2017-11-22 14:24 - 000000000 ____D C:\Users\Uusuario\AppData\Roaming\Microsoft\Word 2023-08-28 10:54 - 2018-06-20 18:06 - 000000000 ____D C:\Users\Uusuario\AppData\Roaming\Microsoft\Excel 2023-08-27 20:55 - 2022-03-05 21:26 - 000000000 ____D C:\ProgramData\Avast Software 2023-08-22 19:27 - 2017-11-28 19:16 - 000000000 ____D C:\Users\Uusuario\AppData\Roaming\MPC-HC 2023-08-17 08:27 - 2023-05-05 08:08 - 000003336 _____ C:\Windows\system32\Tasks\CCleanerCrashReporting 2023-08-17 08:27 - 2017-11-23 14:03 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update 2023-08-15 21:33 - 2022-03-07 13:40 - 000000000 ____D C:\Users\Uusuario\AppData\Roaming\BitTorrent 2023-08-15 21:33 - 2018-09-05 13:07 - 000000000 ____D C:\Users\Uusuario\AppData\Local\PDFCreator 2023-08-15 21:33 - 2018-09-05 12:59 - 000000000 ____D C:\Program Files\PDFCreator 2023-08-15 18:29 - 2018-02-02 05:27 - 000000000 ____D C:\Windows\Minidump ==================== Arquivos na raiz de alguns diretórios ======== 2020-09-28 13:53 - 2020-09-28 13:53 - 000000068 _____ () C:\Users\Uusuario\AppData\Roaming\changzhi_leidian.data 2020-09-28 14:26 - 2020-09-28 14:26 - 000000068 _____ () C:\Users\Uusuario\AppData\Roaming\changzhi_mplayer.data 2020-12-15 13:41 - 2020-12-15 13:41 - 000000162 _____ () C:\Users\Uusuario\AppData\Roaming\default.rss 2018-05-14 19:46 - 2020-09-28 14:45 - 000002059 _____ () C:\Users\Uusuario\AppData\Roaming\droid4xinstaller.log 2023-05-24 12:00 - 2023-05-24 12:00 - 000001050 _____ () C:\Users\Uusuario\AppData\Local\recently-used.xbel 2020-09-28 16:21 - 2020-09-28 16:23 - 000000074 _____ () C:\Users\Uusuario\AppData\Local\update_progress.txt 2022-05-23 19:05 - 2022-05-23 19:05 - 000017408 _____ () C:\Users\Uusuario\AppData\Local\WebpageIcons.db ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) LastRegBack: 2023-09-12 08:21 ==================== Fim de FRST.txt ========================