Resultado da análise adicional Farbar Recovery Scan Tool (x64) Versão: 04-07-2022 Executado por USUARIO (04-07-2022 12:32:16) Executando a partir de C:\Users\USUARIO\OneDrive\Área de Trabalho Microsoft Windows 10 Pro Versão 21H2 19044.1806 (X64) (2022-04-24 18:28:13) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= (Se uma entrada for incluída na fixlist, será removida.) Administrador (S-1-5-21-91627358-3904473298-1015656328-500 - Administrator - Disabled) aguia (S-1-5-21-91627358-3904473298-1015656328-1002 - Limited - Disabled) Convidado (S-1-5-21-91627358-3904473298-1015656328-501 - Limited - Disabled) DefaultAccount (S-1-5-21-91627358-3904473298-1015656328-503 - Limited - Disabled) leand (S-1-5-21-91627358-3904473298-1015656328-1003 - Limited - Disabled) USUARIO (S-1-5-21-91627358-3904473298-1015656328-1001 - Administrator - Enabled) => C:\Users\USUARIO WDAGUtilityAccount (S-1-5-21-91627358-3904473298-1015656328-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avira Security (Enabled - Up to date) {76C0BF9F-9FD3-D249-DE2F-7A33A59B9258} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1046-1033-7760-BC15014EA700}) (Version: 22.001.20142 - Adobe) Adobe Photoshop 2021 (HKLM-x32\...\PHSP_22_5) (Version: 22.5.0.384 - Adobe Systems Incorporated) Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-001824458876}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 6.2.6 - philandro Software GmbH) Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.41.1.25731 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.69.29688 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG) Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.19.0.11413 - Avira Operations GmbH & Co. KG) Hidden CCleaner (HKLM\...\CCleaner) (Version: 6.01 - Piriform) Dell SupportAssist (HKLM\...\{4F8A3BC3-641C-4B0D-AF46-EA3354016EA7}) (Version: 3.11.4.29 - Dell Inc.) Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{08E7C8D5-F2B5-4F09-B0EA-F28913BEFDB0}) (Version: 5.5.1.16143 - Dell Inc.) Hidden Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{2a8bafd6-22ae-4d0e-87a4-686b2a4a2ab0}) (Version: 5.5.1.16143 - Dell Inc.) Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated) Dropbox (HKLM-x32\...\Dropbox) (Version: 151.4.4304 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.583.1 - Dropbox, Inc.) Hidden Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2206.2990 - Avira Operations GmbH & Co. KG) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 103.0.5060.66 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.22.1760 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{DB4DA836-82EC-4A96-A6A1-52B39AD19C14}) (Version: 13.0.0.1098 - Intel Corporation) Hidden Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{DACD83A1-8E8B-4DD3-B7D2-22B42E462F6C}) (Version: 17.1.1518.0988 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{27833D55-FD60-4C16-9794-8715028E1783}) (Version: 20.10.1.1190 - Intel Corporation) Hidden Intel® Trusted Connect Service Client (HKLM\...\{B5E06417-A4AC-4225-B36E-7E34C91616E7}) (Version: 1.31.8.1 - Intel Corporation) Hidden Microsoft .NET Host - 5.0.17 (x64) (HKLM\...\{E663ED1E-899C-40E8-91D0-8D37B95E3C69}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 5.0.17 (x64) (HKLM\...\{8BA25391-0BE6-443A-8EBF-86A29BAFC479}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.17 (x64) (HKLM\...\{5A66E598-37BD-4C8A-A7CB-A71C32ABCD78}) (Version: 40.68.31213 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 5.0.17 (x64) (HKLM-x32\...\{a699b48e-5748-4980-ad92-0b61b1d9d718}) (Version: 5.0.17.31213 - Microsoft Corporation) Microsoft 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.15225.20288 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 103.0.1264.44 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 103.0.1264.44 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 22.121.0605.0002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation) Microsoft Visual C++ 2017 x64 Additional Runtime - 14.15.26706 (HKLM\...\{F106B700-BFF8-3065-B305-14D36AD40539}) (Version: 14.15.26706 - Microsoft Corporation) Hidden Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.15.26706 (HKLM\...\{C77195A4-CEB8-38EE-BDD6-C46CB459EF6E}) (Version: 14.15.26706 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20150 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15225.20288 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.15128.20178 - Microsoft Corporation) Hidden Skype versão 8.83 (HKLM-x32\...\Skype_is1) (Version: 8.83 - Skype Technologies S.A.) Software Intel® PROSet/Wireless (HKLM-x32\...\{2f5f8f8e-11d9-4c64-b002-b60607ac3a29}) (Version: 20.10.1 - Intel Corporation) Verificação de integridade do PC Windows (HKLM\...\{2403B2D2-1FDC-497D-B181-F53D079FEAAA}) (Version: 3.6.2204.08001 - Microsoft Corporation) Warsaw 2.30.0.11 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.30.0.11 - Topaz) WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-91627358-3904473298-1015656328-1001\...\ZoomUMX) (Version: 5.10.4 (5035) - Zoom Video Communications, Inc.) Packages: ========= Dell SupportAssist for Home PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.11.20.0_x64__htrsf667h5kn2 [2022-07-01] (Dell Inc) Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.13.5310.0_x64__8wekyb3d8bbwe [2022-06-07] (Microsoft Studios) [MS Ad] ==================== Análise Personalizada CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) CustomCLSID: HKU\S-1-5-21-91627358-3904473298-1015656328-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\USUARIO\Dropbox [2022-04-25 13:27] ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2022-05-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2022-05-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\22.121.0605.0002\FileSyncShell64.dll [2022-06-29] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.52.0.dll [2022-04-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-02-24] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2022-05-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== ==================== Módulos Carregados (Whitelisted) ============= 2021-04-26 13:12 - 2021-04-26 13:12 - 000192000 _____ (Andrew Arnott) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files\Dell\SupportAssistAgent\bin\Nerdbank.Streams.dll 2022-06-21 15:40 - 2022-06-21 15:40 - 000129024 _____ (Dell Inc.) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files\Dell\SupportAssistAgent\bin\Dell.SupportAssist.Client.DiagsHelper.dll 2022-06-21 15:41 - 2022-06-21 15:41 - 000031744 _____ (Dell Inc.) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\Dell.SupportAssist.Client.AutoUpdateUtilities.dll 2022-06-21 15:40 - 2022-06-21 15:40 - 000012288 _____ (Dell Inc.) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\Dell.SupportAssist.Client.DownloadManager.dll 2022-06-21 15:41 - 2022-06-21 15:41 - 000012800 _____ (Dell Inc.) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\Dell.SupportAssist.Client.DriverProcessor.dll 2022-06-21 15:43 - 2022-06-21 15:43 - 000012288 _____ (Dell Inc.) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\Dell.SupportAssist.Client.WebServiceInfrastructure.dll 2014-02-26 09:11 - 2014-02-26 09:11 - 000297984 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll 2014-02-26 09:11 - 2014-02-26 09:11 - 000523264 _____ (Intel Corporation) [Arquivo não assinado] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll 2022-04-25 13:15 - 2022-04-25 13:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2022-04-25 13:15 - 2022-04-25 13:15 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2018-03-08 07:18 - 2018-03-08 07:18 - 000015360 _____ (NHibernate community) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\Iesi.Collections.dll 2020-11-11 20:57 - 2020-11-11 20:57 - 000537088 _____ (NHibernate.info) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\FluentNHibernate.dll 2022-02-20 06:42 - 2022-02-20 06:42 - 004451328 _____ (NHibernate.info) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\NHibernate.dll 2018-02-06 17:25 - 2018-02-06 17:25 - 000176640 _____ (rubicon IT GmbH) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.dll 2018-03-23 12:10 - 2018-03-23 12:10 - 000028160 _____ (rubicon IT GmbH) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\Remotion.Linq.EagerFetching.dll 2021-02-17 04:19 - 2021-02-17 04:19 - 000124928 _____ (Stateless Contributors) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files\Dell\SupportAssistAgent\bin\stateless.dll 2021-12-17 05:45 - 2021-12-17 05:45 - 000258048 _____ (The Apache Software Foundation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files\Dell\SupportAssistAgent\bin\log4net.dll 2016-12-18 08:55 - 2016-12-18 08:55 - 000097280 _____ (Tunnel Vision Laboratories, LLC) [Arquivo não assinado] C:\Program Files\Dell\SupportAssistAgent\bin\Antlr3.Runtime.dll ==================== Alternate Data Streams (Whitelisted) ======== (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274] AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [4434] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aDXs4 [2614] AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274] AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [4434] AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274] AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [4434] AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274] AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [4434] ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-04-25] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-05-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-05-30] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2019-12-07 06:14 - 2022-07-04 11:50 - 000000832 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT HKU\S-1-5-21-91627358-3904473298-1015656328-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\USUARIO\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\18-emory-1960-porsche-356-roadster.jpg DNS Servers: 192.168.15.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Firewall do Windows está habilitado. Network Binding: ============= Wi-Fi: Topaz OFD Network Monitor -> nt_wsddntf (enabled) Ethernet: Topaz OFD Network Monitor -> nt_wsddntf (enabled) ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) HKLM\...\StartupApproved\Run32: => "Dropbox" HKU\S-1-5-21-91627358-3904473298-1015656328-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_657D13B79E546278A54182F01334410B" HKU\S-1-5-21-91627358-3904473298-1015656328-1001\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-91627358-3904473298-1015656328-1001\...\StartupApproved\Run: => "Skype for Desktop" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{D7C13CA5-00A0-4B77-91F2-8433BA2A5B31}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{E1FB9548-2CD4-4396-93BD-F55488969FB1}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{EC647AF3-DE0F-4464-B89D-536895D4E352}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{9B26676B-428A-41E6-A9DB-FEEA5B05CBFE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{215E46FD-7874-4591-87FF-14B562F397F6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{1B4ECD03-B918-43B1-81C4-AB542D0A17A7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) ==================== Pontos de Restauração ========================= 26-06-2022 20:31:20 Dell SupportAssist OS Recovery Plugin for Dell Update 29-06-2022 16:12:06 Instalador de Módulos do Windows 01-07-2022 17:44:29 AdwCleaner_BeforeCleaning_01/07/2022_17:44:28 ==================== Dispositivos Apresentando Falhas No Gerenciador ============ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Controlador de barramento SM Description: Controlador de barramento SM Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: USB2.0-CRW Description: USB2.0-CRW Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (07/04/2022 12:00:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (07/04/2022 11:59:52 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Error: (07/04/2022 11:58:49 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Error: (07/04/2022 11:58:49 AM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado. ] Error: (07/04/2022 11:58:49 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Error: (07/04/2022 11:58:49 AM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado. ] Error: (07/04/2022 11:55:55 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=NetworkAvailable Error: (07/04/2022 11:55:35 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: Falha na Ativação de Licença (slui.exe). Código de erro: hr=0xC004F074 Argumento de linha de comando: RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=2de67392-b7a7-462a-b1ca-108dd189f588;NotificationInterval=1440;Trigger=UserLogon;SessionId=1 Erros de Sistema: ============= Error: (07/04/2022 11:54:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT) Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\System32\IWMSSvc.dll Error: (07/04/2022 11:54:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT) Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\System32\IWMSSvc.dll Error: (07/04/2022 11:54:17 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORIDADE NT) Description: Módulo de Extensibilidade de WLAN interrompido inesperadamente. Caminho do Módulo: C:\Windows\System32\IWMSSvc.dll Error: (07/04/2022 11:52:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Windows Search foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 30000 milissegundos: Reiniciar o serviço. Error: (07/04/2022 11:52:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Avira Optimizer Host foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (07/04/2022 11:52:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Dell Client Management Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (07/04/2022 11:52:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Intel(R) Rapid Storage Technology foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Error: (07/04/2022 11:52:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: O serviço Intel(R) Management and Security Application Local Management Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es). Windows Defender: ================ Date: 2022-06-27 11:15:08 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {DCD22ED5-3310-4940-ADED-0BC1F06E9BF3} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2022-06-27 10:27:12 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:BAT/Delf.LX&threatid=2147638992&enterprise=0 Nome: TrojanDownloader:BAT/Delf.LX Gravidade: Grave Categoria: Trojan Downloader Caminho: containerfile:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\MulheresNoTransito_pps[561].zip; file:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\MulheresNoTransito_pps[561].zip->MulheresNoTransito_pps.exe->(RarSfx)->MlhrVlnt.bat Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Sistema Usuário: AUTORIDADE NT\SISTEMA Nome do Processo: Unknown Versão da Inteligência de Segurança: AV: 1.369.295.0, AS: 1.369.295.0, NIS: 1.369.295.0 Versão do Mecanismo: AM: 1.1.19300.2, NIS: 1.1.19300.2 Date: 2022-06-27 10:25:51 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:BAT/Delf.LX&threatid=2147638992&enterprise=0 Nome: TrojanDownloader:BAT/Delf.LX Gravidade: Grave Categoria: Trojan Downloader Caminho: containerfile:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\MulheresNoTransito_pps[561].zip; file:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\MulheresNoTransito_pps[561].zip->MulheresNoTransito_pps.exe->(RarSfx)->MlhrVlnt.bat Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Usuário Usuário: LEANDRO\USUARIO Nome do Processo: Unknown Versão da Inteligência de Segurança: AV: 1.369.295.0, AS: 1.369.295.0, NIS: 1.369.295.0 Versão do Mecanismo: AM: 1.1.19300.2, NIS: 1.1.19300.2 Date: 2022-06-27 10:25:51 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:Win32/Banload.AAX&threatid=2147648226&enterprise=0 Nome: TrojanDownloader:Win32/Banload.AAX Gravidade: Grave Categoria: Trojan Downloader Caminho: containerfile:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\MulheresNoTransito_pps[561].zip; containerfile:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\MulherNoTransito[466].zip; containerfile:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\MulherNoTransito[467].zip; containerfile:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\SatisfazerMulherHomen[319].zip; file:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\MulheresNoTransito_pps[561].zip->MulheresNoTransito_pps.exe->(RarSfx)->MlhrVlnt.exe; file:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\Mul Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Usuário Usuário: LEANDRO\USUARIO Nome do Processo: Unknown Versão da Inteligência de Segurança: AV: 1.369.295.0, AS: 1.369.295.0, NIS: 1.369.295.0 Versão do Mecanismo: AM: 1.1.19300.2, NIS: 1.1.19300.2 Date: 2022-06-27 10:25:51 Description: Microsoft Defender Antivírus detectou malware ou outro software potencialmente indesejado. Para obter mais informações, veja a seguir: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:BAT/Killav.AU&threatid=159870&enterprise=0 Nome: Trojan:BAT/Killav.AU Gravidade: Grave Categoria: Cavalo de Tróia Caminho: containerfile:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\SatisfazerMulherHomen[319].zip; file:_C:\Users\USUARIO\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\Attachments\SatisfazerMulherHomen[319].zip->SatisfazerMulherHomen.exe->(RarSfx)->Satrios.bat Origem da Detecção: Computador local Tipo da Detecção: Concreto Fonte da Detecção: Usuário Usuário: LEANDRO\USUARIO Nome do Processo: Unknown Versão da Inteligência de Segurança: AV: 1.369.295.0, AS: 1.369.295.0, NIS: 1.369.295.0 Versão do Mecanismo: AM: 1.1.19300.2, NIS: 1.1.19300.2 Event[0]: Date: 2022-06-17 14:48:31 Description: O recurso de Proteção em Tempo Real do Microsoft Defender Antivírus encontrou um erro e falhou. Recurso: Em Tempo de Acesso Código do Erro: 0x80004005 Descrição do erro: Erro não especificado Motivo: O driver de filtro ignorou o exame de itens e está no modo de passagem. Isso pode ter acontecido por causa de condições de poucos recursos. CodeIntegrity: =============== Date: 2022-07-04 12:03:30 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2022-07-04 11:59:37 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Topaz OFD\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2022-07-04 11:59:37 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Topaz OFD\Warsaw\wslbscr64.dll that did not meet the Microsoft signing level requirements. ==================== Informações da Memória =========================== BIOS: Dell Inc. A13 05/27/2019 placa-mãe: Dell Inc. 05MD4V Processador: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz Percentagem de memória em uso: 46% RAM física total: 8072.96 MB RAM física disponível: 4333.82 MB Virtual Total: 9352.96 MB Virtual disponível: 5277.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.51 GB) (Free:375.25 GB) (Model: KINGSTON SA400S37480G) NTFS \\?\Volume{f6bc3534-662f-43e5-942a-4aa7d1298308}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS \\?\Volume{294b633f-9396-4ef1-9faf-7257abb83c91}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 447.1 GB) (Disk ID: 00000000) Partition: GPT. ==================== Fim de Addition.txt =======================