×
Ir ao conteúdo
  • Cadastre-se

Malware que está deixando o PC lento


Luiz Agripino

Posts recomendados

  • Analista de Segurança

@Luiz Agripino

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito;
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • IMPORTANTE: Caso tenha programas de ativação do windows ou de compartilhamento p2p/to44ent, sugiro desinstalar. Só irei dar procedimento na analise após a remoção. Regras do forum;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas;
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Siga os passos abaixo:

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

 

ETAPA 1

 

Faça o download do AdwCleaner de um dos links abaixo e salve no desktop.

https://toolslib.net/downloads/viewdownload/1-adwcleaner/

http://www.bleepingcomputer.com/download/adwcleaner/

Clique em DOWNLOAD NOW para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista, 7, 8/8.1 e windows 10 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em image.png

Clique em VERIFICAR AGORA/SCAN NOW. Após o termino clique em LIMPAR/CLEAN e aguarde.

Será aberto o bloco de notas com o resultado.

 

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

 

ETAPA 2

 

Faça o download do ZHPCleaner no link abaixo e salve em sua Área de trabalho (Desktop)

https://www.majorgeeks.com/files/details/zhpcleaner.html

Execute o arquivo ZHPCleaner.exe Como Administrador

  • Clique no botão Scanner.
  • A ferramenta começara o exame do seu sistema.
  • Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.
  • Em seguida clique no botão Reparar.
  • Será gerado um log chamado ZHPCleaner.txt

ATENÇÃO: Selecione, copie e cole o seu conteúdo na próxima resposta.

Link para o comentário
Compartilhar em outros sites

ZHPCleaner v2020.12.10.261 by Nicolas Coolman (2020/12/10)

~ Run by INSS (Administrator) (13/12/2020 21:06:32) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Type : Repair ~ Report : C:\Users\INSS\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\INSS\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) FOUND PARAMS: ProxyServer [10.70.220.3:8080] (User.Validation) ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (6) MOVED file: C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences =>Préférences Chromium MOVED file: C:\Windows\Temp\GUR117D.exe =>Heuristic.Suspect MOVED file: C:\Windows\Temp\GUR6E3C.exe =>Heuristic.Suspect MOVED file: C:\Users\INSS\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi =>.SUP.Temporary.Firefox MOVED folder^: C:\Program Files (x86)\Skillbrains =>SUP.Optional.Skillbrains ---\\ Registry ( Key, Value, Data) (7) DELETED key*: HKEY_USERS\S-1-5-21-530474809-1679542572-2355305007-1000\SOFTWARE\SkillBrains [] =>SUP.Optional.Skillbrains DELETED key**: HKCU\Software\SkillBrains [] =>SUP.Optional.Skillbrains DELETED key*: [X64] HKLM\SOFTWARE\Classes\PixIP2.StdPictureImage [StdPictureImage Class] =>SUP.Optional.ReimageRepair DELETED key*: [X64] HKLM\SOFTWARE\Classes\PixIP2.StdPictureImage.1 [StdPictureImage Class] =>SUP.Optional.ReimageRepair DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF49DEF3365DFF47ADA85AEA2EC71E9 [C:\Program Files (x86)\Atwin71\PICKBP\SUIBP\TERMDEF.VIEWPOINT] =>PUP.Optional.MetaStream DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Skillbrains [] =>SUP.Optional.Skillbrains DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains] =>SUP.Optional.Skillbrains ---\\ Summary of the elements found (6) https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/forum/Topic/logiciels-potentiellement-superflus-lps/ =>.SUP.Temporary.Firefox https://nicolascoolman.eu/2019/01/sup-skillbrains =>SUP.Optional.Skillbrains https://nicolascoolman.eu/2017/01/27/superfluous-reimagerepair/ =>SUP.Optional.ReimageRepair https://nicolascoolman.eu/forum/Topic/metastream-logiciel-publicitaire-adware/ =>PUP.Optional.MetaStream ---\\ Other deletions. (31) ~ Registry Keys Tracing deleted (31) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1625 ~ Items found : 1 ~ Items cancelled : 0 ~ Space saving (bytes) : 15434797 ~ Items options : 9/16 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ End of clean in 00h00mn38s ---\\ Reports (6) ZHPCleaner-[R]-13122020-16_11_11.txt ZHPCleaner-[S]-13122020-16_02_58.txt ZHPCleaner-[S]-13122020-16_07_47.txt ZHPCleaner-[S]-13122020-16_29_10.txt ZHPCleaner-[S]-13122020-21_05_46.txt ZHPCleaner-[R]-13122020-21_07_10.txt

Link para o comentário
Compartilhar em outros sites

~ ZHPCleaner v2020.12.10.261 by Nicolas Coolman (2020/12/10) ~ Run by INSS (Administrator) (14/12/2020 13:44:22) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\INSS\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\INSS\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) ---\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. (ADS) ---\ Services (0) ~ No malicious or unnecessary items found. (Service) ---\ Browser internet (1) FOUND PARAMS: ProxyServer [10.70.220.3:8080] (User.Validation) ---\ Hosts file (1) ~ The hosts file is legitimate (21) ---\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. (Task) ---\ Explorer ( File, Folder) (3) MOVED file: C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Preferences =>Préférences Chromium MOVED file: C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences =>Préférences Chromium MOVED folder: C:\Program Files (x86)\Skillbrains =>SUP.Optional.Skillbrains ---\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. (Register) ---\ Summary of the elements found (2) https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/ =>Préférences Chromium https://nicolascoolman.eu/2019/01/sup-skillbrains =>SUP.Optional.Skillbrains ---\ Other deletions. (15) ~ Registry Keys Tracing deleted (15) ~ Remove the old reports ZHPCleaner. (0) ---\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Mozilla Firefox OK ~ Internet Explorer OK ---\ Statistics ~ Items scanned : 1603 ~ Items found : 1 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 9/16 ---\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ End of clean in 00h00mn22s ---\ Reports (8) ZHPCleaner-[R]-13122020-16_11_11.txt ZHPCleaner-[R]-13122020-21_07_10.txt ZHPCleaner-[S]-13122020-16_02_58.txt ZHPCleaner-[S]-13122020-16_07_47.txt ZHPCleaner-[S]-13122020-16_29_10.txt ZHPCleaner-[S]-13122020-21_05_46.txt ZHPCleaner-[S]-14122020-13_41_35.txt ZHPCleaner-[R]-14122020-13_44_44.txt

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@Luiz Agripino

 

Faça o download do RogueKiller by Tigzy, e salve na sua área de trabalho (Desktop)

roguekiller.exe (x64) << link

  • Feche todos os programas
  • Execute o RogueKiller.exe.
    ** Usuários do Windows Vista, Windows 7, 8, 8.1 e Windows 10:Clique com o direito sobre o arquivo rogueKiller.exe, depois clique em image.png
  • Clique em SCAN
  • Clique no primeiro START "Standard Scan (recommended)" e aguarde o scan...
  • Clique no botão RESULTS
  • Clique na opção REPORT e em EXPORT e selecione a opção Text file...
  • Salve o arquivo na area de trabalho com o nome roguekiller_report

Atente para abrir o arquivo, copiar e colar todo o conteúdo na sua próxima resposta

Link para o comentário
Compartilhar em outros sites

RogueKiller Anti-Malware V14.8.0.0 (x64) [Nov 17 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : INSS [Administrator]
Started from : C:\Users\INSS\Desktop\RogueKiller64.exe
Signatures : 20201210_103309, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/12/14 20:09:43 (Duration : 02:05:17)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-H9DHS.tmp\corefixer.exe [/norerun] -> Found
[Suspicious.Path (Potentially Malicious)] \{F967AC8F-7DAC-4EF7-8008-F7CCBF830D83} -- C:\Windows\system32\pcalua.exe [-a "C:\Users\INSS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FMRZOQ0\Atendimento100203.exe" -d C:\Users\INSS\Desktop] -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
>>>>>> O23 - Services
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CacicSustainService -- C:\Windows\cacicservice.exe -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CacicSustainService -- C:\Windows\cacicservice.exe -> Found
>>>>>> R5 - Proxy
  [PUM.Proxy (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-530474809-1679542572-2355305007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- 10.70.220.3:8080 -> Found
>>>>>> O87 - Firewall
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKCACIC-Out-TCP -- v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\\chkcacic.exe|Name=chkCACIC|Desc=Módulo Verificador de Integridade e Instalador do Sistema CACIC|Edge=FALSE| (C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\\chkcacic.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKCACIC-Out-UDP -- v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\\chkcacic.exe|Name=chkCACIC|Desc=Módulo Verificador de Integridade e Instalador do Sistema CACIC|Edge=FALSE| (C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\\chkcacic.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKSIS-Out-TCP -- v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=C:\Windows\chksis.exe|Name=chkSIS|Desc=Módulo Verificador de Integridade do Sistema CACIC|Edge=FALSE| (C:\Windows\chksis.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKSIS-Out-UDP -- v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=C:\Windows\chksis.exe|Name=chkSIS|Desc=Módulo Verificador de Integridade do Sistema CACIC|Edge=FALSE| (C:\Windows\chksis.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DB21CE2E-C6B0-426E-919A-AB3DB2DADB71} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\chksis.exe|Name=chkSIS - Módulo Verificador de Integridade do Sistema CACIC| (C:\Windows\chksis.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{61164CE7-3EF9-4658-AA5A-2936D320FA03} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\chksis.exe|Name=chkSIS - Módulo Verificador de Integridade do Sistema CACIC| (C:\Windows\chksis.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKCACIC-Out-UDP -- v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\\chkcacic.exe|Name=chkCACIC|Desc=Módulo Verificador de Integridade e Instalador do Sistema CACIC|Edge=FALSE| (C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\\chkcacic.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKCACIC-Out-TCP -- v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\\chkcacic.exe|Name=chkCACIC|Desc=Módulo Verificador de Integridade e Instalador do Sistema CACIC|Edge=FALSE| (C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\\chkcacic.exe) (missing) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKSIS-Out-UDP -- v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|App=C:\Windows\chksis.exe|Name=chkSIS|Desc=Módulo Verificador de Integridade do Sistema CACIC|Edge=FALSE| (C:\Windows\chksis.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKSIS-Out-TCP -- v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|App=C:\Windows\chksis.exe|Name=chkSIS|Desc=Módulo Verificador de Integridade do Sistema CACIC|Edge=FALSE| (C:\Windows\chksis.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DB21CE2E-C6B0-426E-919A-AB3DB2DADB71} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Windows\chksis.exe|Name=chkSIS - Módulo Verificador de Integridade do Sistema CACIC| (C:\Windows\chksis.exe) -> Found
  [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{61164CE7-3EF9-4658-AA5A-2936D320FA03} -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Windows\chksis.exe|Name=chkSIS - Módulo Verificador de Integridade do Sistema CACIC| (C:\Windows\chksis.exe) -> Found
>>>>>> XX - System Policies
  [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Tr.Gen0 (Malicious)] (file) 0.txt -- C:\Users\INSS\AppData\Local\Temp\0.txt -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

Link para o comentário
Compartilhar em outros sites

RogueKiller Anti-Malware V14.8.1.0 (x64) [Dec 14 2020] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : INSS [Administrator]
Started from : C:\Users\INSS\Desktop\RogueKiller64.exe
Signatures : 20201215_112755, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2020/12/15 13:19:27 (Duration : 00:36:04)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\Windows\TEMP\is-H9DHS.tmp\corefixer.exe (/norerun) -> Deleted
[Suspicious.Path (Potentially Malicious)] \{F967AC8F-7DAC-4EF7-8008-F7CCBF830D83} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\INSS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FMRZOQ0\Atendimento100203.exe" -d C:\Users\INSS\Desktop) -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CacicSustainService -- [%SystemRoot%\cacicservice.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CacicSustainService -- [%SystemRoot%\cacicservice.exe] -> Deleted
[PUM.Proxy (Potentially Malicious)] HKEY_USERS\S-1-5-21-530474809-1679542572-2355305007-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer --  -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKCACIC-Out-TCP -- [%SystemDrive%\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\chkcacic.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKCACIC-Out-UDP -- [%SystemDrive%\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\chkcacic.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKSIS-Out-TCP -- [%SystemRoot%\chksis.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKSIS-Out-UDP -- [%SystemRoot%\chksis.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{61164CE7-3EF9-4658-AA5A-2936D320FA03} -- [%SystemRoot%\chksis.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DB21CE2E-C6B0-426E-919A-AB3DB2DADB71} -- [%SystemRoot%\chksis.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKCACIC-Out-TCP -- [%SystemDrive%\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\chkcacic.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKCACIC-Out-UDP -- [%SystemDrive%\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BS160T2B\chkcacic.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKSIS-Out-TCP -- [%SystemRoot%\chksis.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{61164CE7-3EF9-4658-AA5A-2936D320FA03} -- [%SystemRoot%\chksis.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DB21CE2E-C6B0-426E-919A-AB3DB2DADB71} -- [%SystemRoot%\chksis.exe] -> Deleted
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|CACIC-CHKSIS-Out-UDP -- [%SystemRoot%\chksis.exe] -> Deleted
[PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin --  -> Replaced (2)
[Tr.Gen0 (Malicious)] 0.txt -- %localappdata%\Temp\0.txt -> Deleted
 

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@Luiz Agripino

 

Baixe o Farbar Recovery Scan do link abaixo e salve na sua área de trabalho.
https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:
Clique com o direito sobre o arquivo FRST64.EXE, depois clique em http://i.imgur.com/VRIfczU.png .

Aceite o contrato e depois clique no botão Scan/Examinar.Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Abra cada arquivo em separado, copie seu conteúdo e cole na sua próxima resposta.

Link para o comentário
Compartilhar em outros sites

Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 14-12-2020
Executado por INSS (15-12-2020 15:32:59)
Executando a partir de C:\Users\INSS\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-05-29 15:26:38)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-530474809-1679542572-2355305007-500 - Administrator - Enabled)
Convidado (S-1-5-21-530474809-1679542572-2355305007-501 - Limited - Disabled)
INSS (S-1-5-21-530474809-1679542572-2355305007-1000 - Limited - Enabled) => C:\Users\INSS

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AccuTerm 7 (HKLM-x32\...\{E15E034A-57FE-4BAC-AD78-714268386CBF}) (Version: 7.1.1013.0 - Schellenbach & Assoc., Inc. dba AccuSoft Enterprises)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Alaris s2000 - Smart Touch (HKLM-x32\...\{962DD2CD-6929-4AD6-B0BE-A0D81A5C2BD6}) (Version: 1.8.80.794 - Kodak)
Alaris S2000 Scanners (HKLM-x32\...\Alaris S2000 Scanners) (Version: 2.6 - Kodak Alaris Inc.)
Atividade Especial versão 2.1 (HKLM-x32\...\{C59CC973-21C7-4AC5-A924-3EF7B33A6807}_is1) (Version: 2.1 - Geraldo Petersen Junior)
Atualizador (HKLM-x32\...\{9565AA90-03F0-11D5-B18E-0040C7A6BD4D}) (Version:  - )
CAT VERSÃO 4.0 (HKLM-x32\...\CAT 4.0_mp1) (Version:  - DATAPREV)
Catman (HKLM-x32\...\{F6110D55-7CCB-4749-99B0-510910E099E3}_is1) (Version:  - Dataprev)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.0.3552 - CDBurnerXP)
Common Desktop Agent (HKLM\...\{031A0E14-0413-4C97-9772-2639B782F46F}) (Version: 1.62.0 - OEM) Hidden
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Error Recovery Guide for fi-6130/fi-6230 (HKLM-x32\...\{4B99F903-230A-4E33-9A60-F58C1908D29E}) (Version: 2.0 - PFU)
Exibir Manual do Usuário (HKLM-x32\...\View User Guide) (Version: 3.60.34 - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.2.25013 - Foxit Software Inc.)
Fujitsu ISIS Driver Bundle Installer (HKLM-x32\...\{4B07E034-8AC7-4960-83A2-98EC96750CD6}) (Version: 1.0.10810.31003 - EMC Captiva)
Fujitsu ScandAll PRO (HKLM-x32\...\{B3F2D1C4-BAC6-4F2C-B51C-8610B3625510}) (Version: 1.07.0053.53 - PFU LIMITED) Hidden
Fujitsu ScandAll PRO V1.7 Update 3 (HKLM-x32\...\InstallShield_{B3F2D1C4-BAC6-4F2C-B51C-8610B3625510}) (Version: 1.07.0053.53 - PFU LIMITED)
GlobalProtect (HKLM\...\{58E4FEE3-E72B-4FB1-9071-DC35C87EC649}) (Version: 5.1.3 - Palo Alto Networks)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Infineon TPM Professional Package (HKLM\...\{127D5F95-D83A-40FC-AB4E-109A0B33F296}) (Version: 3.7.000 - Infineon Technologies AG)
Intel Driver && Support Assistant (HKLM-x32\...\{513BFF20-438E-4C8B-9C41-DE06B47D3148}) (Version: 20.11.50.9 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}) (Version: 2.4.04755 - Intel Corporation)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Driver Software (HKLM-x32\...\{11fd8837-78a3-461c-810a-8857f36bfa18}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.5129 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{7972bdc2-99e9-4a54-b071-e7f08bdf056d}) (Version: 20.11.50.9 - Intel)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
ISIS Driver - Alaris S2000 Series (HKLM-x32\...\{ED27AB51-AB8F-48E8-B6E2-D36CD9B7CDEA}) (Version: 1.1.5258 - OpenText Corporation)
Java(TM) 6 Update 34 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416034FF}) (Version: 6.0.340 - Oracle)
LibreOffice 6.3.5.2 (HKLM\...\{9FEFBA80-8687-4AC1-83F7-3CD3E9BAF275}) (Version: 6.3.5.2 - The Document Foundation)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft .NET Framework 4.7.2 (Português (Brasil)) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 83.0 (x64 pt-BR) (HKLM\...\Mozilla Firefox 83.0 (x64 pt-BR)) (Version: 83.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 83.0.0.7621 - Mozilla)
Mozilla Thunderbird 24.1.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Thunderbird 24.1.0 (x86 pt-BR)) (Version: 24.1.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Otimizador de PDF - TRT14 versão 95 (HKLM-x32\...\{D65829C9-DA0B-43A2-BD5D-4E4F5956615F}_is1) (Version: 95 - TRT 14)
Pacote de Driver do Windows - FTDI CDM Driver Package - Bus/D2XX Driver (06/16/2016 2.12.18) (HKLM\...\DA1835CFE32A9AC83DB6E43B97BFA11B3370C6EF) (Version: 06/16/2016 2.12.18 - FTDI)
Pacote de Driver do Windows - FTDI CDM Driver Package - VCP Driver (06/16/2016 2.12.18) (HKLM\...\6EAA08A5E2AD00C7655B428E929CCC5DC3603600) (Version: 06/16/2016 2.12.18 - FTDI)
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
PDF24 Creator 9.2.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 9.2.1 - PDF24.org)
PDFsam Basic (HKLM-x32\...\{67DFA6CA-3FCA-46A3-8C78-8C668BCDE9AD}) (Version: 3.20.5.0 - Andrea Vacondio)
QuickScan 4.5.1 (HKLM-x32\...\{223F72BF-0DEB-4953-8D1F-870738804863}) (Version: 4.5.7768 - EMC Captiva)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.76.1028.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
RtkWin7DashClientInstaller (HKLM-x32\...\{530642CA-F35E-4112-B75B-85429F3C6014}) (Version: 2.0.11 - Realtek)
SABI (HKLM-x32\...\{5A136AFD-C931-11D5-AF19-0040C7A69266}) (Version: 2.0.00.00 - SABI)
SafeNet Authentication Client 9.0 (HKLM\...\{3B43CBCC-E353-4106-8409-937D9B728896}) (Version: 9.0.43.0 - SafeNet, Inc.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.74.00(04/10/2013) - Samsung Electronics Co., Ltd.)
Samsung ML-451x 501x Series (HKLM-x32\...\Samsung ML-451x 501x Series) (Version: 1.15 (17/12/2013) - Samsung Electronics Co., Ltd.)
Samsung ML-4550 Series (HKLM-x32\...\Samsung ML-4550 Series) (Version:  - Samsung Electronics CO.,LTD)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Scan to Microsoft SharePoint (HKLM-x32\...\{5E72F1EA-B77E-47EB-8639-CE6B7293ED67}) (Version: 3.3.4 - KnowledgeLake)
Scanner Central Admin Agent (HKLM-x32\...\CentralAdminAgent) (Version: 1.01.0010.07 - PFU LIMITED)
Scanner Central Admin Agent 1.1 (HKLM-x32\...\{0D8E9005-7311-4D3B-8956-4F2E01939D76}) (Version: 1.01.0010.07 - PFU LIMITED) Hidden
Scanner Utility for Microsoft Windows (HKLM-x32\...\{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}) (Version: 9.11.2.0 - FUJITSU)
Scanner Utility for Microsoft Windows V10L21 (HKLM-x32\...\{58D97B2A-2C1E-4828-8747-09E791B30A64}) (Version: 10.21.310.0 - PFU LIMITED)
SecureDoc Disk Encryption (x64) 6.1 SR1 (HKLM\...\{4B320ADE-3963-46F3-BAC5-D1594412E746}) (Version: 6.1.10001.26 - WinMagic Inc.)
Software Operation Panel (HKLM-x32\...\{28A0ED9D-73BF-4F9D-8CDC-A2FD3E96B6E8}) (Version: 3.5.20.0 - PFU LIMITED)
Software Operation Panel (HKLM-x32\...\Software Operation Panel) (Version:  - )
SPE_Escritorio_V3_0_1 (HKLM-x32\...\55CB565E-8156-4632-875E-C24F56F1397A_is1) (Version:  - Correios)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.4.4445 - TeamViewer)
Telegram Desktop versão 2.4.7 (HKU\S-1-5-21-530474809-1679542572-2355305007-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.4.7 - Telegram FZ-LLC)
UltraVNC 1.0.8.2 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.8.2 - 1.0.8.2)
Utilita (HKU\S-1-5-21-530474809-1679542572-2355305007-1000\...\Utilita) (Version:  - )
Warsaw 2.11.1.9 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.11.1.9 - GAS Tecnologia)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (04/10/2012 2.08.24) (HKLM\...\4C8545EEB6143B6AD3858B5D1E0AEE76040B1435) (Version: 04/10/2012 2.08.24 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (04/10/2012 2.08.24) (HKLM\...\C4116770887FD945A84EFCA964E9A3AB11A56894) (Version: 04/10/2012 2.08.24 - FTDI)

==================== Exame Personalizado CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

ShellIconOverlayIdentifiers: [WMAllKey] -> {5028CECA-A6C3-4D9C-BA25-6C04D8C3ED80} => C:\Program Files\WinMagic\SecureDoc-NT\SDContext.dll [2013-01-25] (WinMagic Inc. -> WinMagic Inc)
ShellIconOverlayIdentifiers: [WMNoKey] -> {2659CB3D-3D6E-42CE-AD9D-FE41C3617CC1} => C:\Program Files\WinMagic\SecureDoc-NT\SDContext.dll [2013-01-25] (WinMagic Inc. -> WinMagic Inc)
ShellIconOverlayIdentifiers: [WMNotTransformed] -> {01DBDE7E-2D13-4495-BE04-12AA56CC2751} => C:\Program Files\WinMagic\SecureDoc-NT\SDContext.dll [2013-01-25] (WinMagic Inc. -> WinMagic Inc)
ShellIconOverlayIdentifiers: [WMPartialKey] -> {5133E633-CFED-4043-9971-38936512E6D4} => C:\Program Files\WinMagic\SecureDoc-NT\SDContext.dll [2013-01-25] (WinMagic Inc. -> WinMagic Inc)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers1: [APSDShExt] -> {E08BF9C5-191E-4B15-8F67-2622B4DB5580} => C:\Program Files (x86)\Infineon\Security Platform Software\x64\PSDShExt.dll [2010-02-23] (Infineon Technologies AG -> Infineon Technologies AG)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll -> Nenhum Arquivo
ContextMenuHandlers2: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll -> Nenhum Arquivo
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-11] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers4: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> Nenhum Arquivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2020-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Arquivo não assinado]
ContextMenuHandlers6: [APSDShExt] -> {E08BF9C5-191E-4B15-8F67-2622B4DB5580} => C:\Program Files (x86)\Infineon\Security Platform Software\x64\PSDShExt.dll [2010-02-23] (Infineon Technologies AG -> Infineon Technologies AG)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-11] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\INSS\Desktop\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\INSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\apps do Chrome\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod
ShortcutWithArgument: C:\Users\INSS\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\YouTube Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=cinhimbnkkaeohfgghhklpknlkffjgod

==================== Módulos Carregados (Whitelisted) =============

2020-12-07 11:31 - 2020-12-07 11:31 - 000126464 _____ () [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Driver and Support Assistant\DSASsdInterop.dll
2013-11-12 14:44 - 2009-09-22 20:04 - 000022016 _____ () [Arquivo não assinado] C:\Windows\System32\ml4550l6.dll
2019-04-04 09:47 - 2012-06-21 07:25 - 000113152 _____ () [Arquivo não assinado] C:\Windows\System32\redmon64.dll
2014-06-06 10:44 - 2015-07-20 06:28 - 001604096 _____ () [Arquivo não assinado] C:\Windows\system32\spool\DRIVERS\x64\3\sse2mdu.dll
2015-07-20 04:28 - 2015-07-20 06:28 - 000022528 _____ () [Arquivo não assinado] C:\Windows\System32\sse2mlm.dll
2018-03-20 10:17 - 2018-03-20 10:17 - 000080896 _____ (Eastman Kodak Company) [Arquivo não assinado] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\UsbMonitor.dll
2010-11-18 20:08 - 2019-02-21 13:00 - 000078336 _____ (Igor Pavlov) [Arquivo não assinado] C:\Program Files\7-Zip\7-zip.dll
2010-02-12 10:06 - 2010-02-12 10:06 - 000664864 _____ (Infineon Technologies AG -> Infineon Technologies AG) [Arquivo não assinado] C:\Program Files (x86)\Infineon\Security Platform Software\ifxtpmcp.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000311296 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\ar-SA\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\cs-CZ\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000303104 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\da-DK\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\de-DE\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000327680 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\el-GR\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\es-ES\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000303104 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\fi-FI\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\fr-FR\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\he-IL\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\hu-HU\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000303104 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\it-IT\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000311296 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\ja-JP\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\ko-KR\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000303104 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\nb-NO\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000303104 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\nl-NL\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\pl-PL\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000303104 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\pt-BR\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\pt-PT\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000319488 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\ru-RU\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000307200 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\sk-SK\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000303104 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\sl-SI\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000303104 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\sv-SE\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000331776 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\th-TH\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000303104 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\tr-TR\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000299008 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\zh-CN\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-02-07 22:38 - 000299008 _____ (Intel Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\zh-TW\PrivacyIconClient.resources.dll
2013-10-08 15:13 - 2012-01-05 08:57 - 000073728 _____ (Intel Corporation) [Arquivo não assinado] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2018-03-20 10:38 - 2018-03-20 10:38 - 000062976 _____ (Kodak Alaris Inc.) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KSSCloudManagerDLL.dll
2018-03-20 10:42 - 2018-03-20 10:42 - 000307712 _____ (Kodak Alaris Inc.) [Arquivo não assinado] [O arquivo está em uso] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KSSNuance.dll
2018-03-20 10:17 - 2018-03-20 10:17 - 000101888 _____ (Kodak Alaris Inc.) [Arquivo não assinado] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\DeviceEventPlus.dll
2018-03-20 10:32 - 2018-03-20 10:32 - 001942528 _____ (Kodak Alaris Inc.) [Arquivo não assinado] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KCKERNEL.dll
2018-03-20 10:24 - 2018-03-20 10:24 - 000045568 _____ (Kodak Alaris Inc.) [Arquivo não assinado] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KCSDK.dll
2018-03-20 10:41 - 2018-03-20 10:41 - 010796032 _____ (Kodak Alaris Inc.) [Arquivo não assinado] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KSSKIT.dll
2018-03-20 10:42 - 2018-03-20 10:42 - 000118272 _____ (Kodak Alaris Inc.) [Arquivo não assinado] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KSSOCR.dll
2013-10-08 15:16 - 2013-10-08 15:16 - 000113664 _____ (Microsoft Corporation) [Arquivo não assinado] C:\Windows\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8a1a02152edb659b\ATL80.DLL
2013-10-08 15:16 - 2013-10-08 15:16 - 001655296 _____ (Microsoft Corporation) [Arquivo não assinado] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL
2014-10-20 10:01 - 2014-10-20 10:01 - 000097280 _____ (Microsoft Corporation) [Arquivo não assinado] C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
2014-10-20 10:01 - 2014-10-20 10:01 - 001093120 _____ (Microsoft Corporation) [Arquivo não assinado] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2007-04-21 11:36 - 2007-04-21 11:36 - 000049152 _____ (PFU LIMITED) [Arquivo não assinado] C:\Windows\TWAIN_32\fjscan32\FJSTMKSV.dll
2020-02-11 15:40 - 2020-02-11 15:40 - 000065024 _____ (Python Software Foundation) [Arquivo não assinado] C:\Program Files\LibreOffice\program\python-core-3.5.9\lib\_socket.pyd
2020-02-11 15:40 - 2020-02-11 15:40 - 000019456 _____ (Python Software Foundation) [Arquivo não assinado] C:\Program Files\LibreOffice\program\python-core-3.5.9\lib\select.pyd
2013-04-08 03:54 - 2013-04-08 03:54 - 000112128 _____ (Samsung Electronics Co., Ltd.) [Arquivo não assinado] C:\Program Files (x86)\Samsung\Easy Printer Manager\SmartScreenPrint\CDAKEYMonitor.dll
2020-02-11 17:41 - 2020-02-11 17:41 - 000495616 _____ (The Document Foundation) [Arquivo não assinado] C:\Program Files\LibreOffice\program\pyuno.pyd
2014-06-06 10:44 - 2015-07-20 06:28 - 000043520 _____ (Windows (R) Codename Longhorn DDK provider) [Arquivo não assinado] C:\Windows\system32\spool\PRTPROCS\x64\sse2mpc.dll
2013-11-12 14:44 - 2009-09-22 20:03 - 000033792 _____ (Windows (R) Server 2003 DDK provider) [Arquivo não assinado] C:\Windows\system32\spool\PRTPROCS\x64\ml4550pc.dll
2012-12-27 16:32 - 2012-12-27 16:32 - 000142848 _____ (WinMagic) [Arquivo não assinado] C:\Program Files\WinMagic\SecureDoc-NT\libdmk.dll

==================== Alternate Data Streams (Whitelisted) ========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]

==================== Modo de Segurança (Whitelisted) ==================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Versão 9) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-530474809-1679542572-2355305007-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://br.msn.com/?ocid=iehp
HKU\S-1-5-21-530474809-1679542572-2355305007-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2020-04-14] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2020-04-14] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-530474809-1679542572-2355305007-1000\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-530474809-1679542572-2355305007-1000\...\bb.com.br -> aapj.bb.com.br
IE trusted site: HKU\S-1-5-21-530474809-1679542572-2355305007-1000\...\gastecnologia.com.br -> cloud.gastecnologia.com.br

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 23:34 - 2009-06-10 18:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\oracle92\bin;C:\Program Files\SafeNet\Authentication\SAC\x64;C:\Program Files\SafeNet\Authentication\SAC\x32
HKU\S-1-5-21-530474809-1679542572-2355305007-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\INSS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.31.220.21 - 10.70.124.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

MSCONFIG\startupreg: StartSecurDoc => "C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe"

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{7C9E613B-5061-4350-83E2-B4B12475CB99}C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe] => (Block) C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
FirewallRules: [UDP Query User{3D7F61B1-8F52-4453-AE10-D0188EBDDFDB}C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe] => (Block) C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
FirewallRules: [{FD906168-2E3B-4D73-9522-49DDDEFD2E4F}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.)
FirewallRules: [{564C3D48-F78C-4050-8D96-7006584AC23C}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.)
FirewallRules: [{9537342D-C56C-476C-A09D-9ABBA3429AC6}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.)
FirewallRules: [{ABA1C779-EC44-4AAA-9F88-3959E8CC8A6E}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.)
FirewallRules: [FTP-Out-TCP] => (Allow) C:\system32\\ftp.exe => Nenhum Arquivo
FirewallRules: [FTP-Out-UDP] => (Allow) C:\system32\\ftp.exe => Nenhum Arquivo
FirewallRules: [CACIC-GERCOLS-Out-TCP] => (Allow) C:\Cacic\Modulos\\ger_cols.exe => Nenhum Arquivo
FirewallRules: [CACIC-GERCOLS-Out-UDP] => (Allow) C:\Cacic\Modulos\\ger_cols.exe => Nenhum Arquivo
FirewallRules: [CACIC-SRCACICSRV-Out-TCP] => (Allow) C:\Cacic\Modulos\\srcacicsrv.exe => Nenhum Arquivo
FirewallRules: [CACIC-SRCACICSRV-Out-UDP] => (Allow) C:\Cacic\Modulos\\srcacicsrv.exe => Nenhum Arquivo
FirewallRules: [{E0BEB8D4-BB67-430D-A14A-AF14142A48A5}] => (Allow) C:\Cacic\Modulos\ger_cols.exe => Nenhum Arquivo
FirewallRules: [{5CC7984F-CE61-4C8C-A4BE-3E8D49FE558C}] => (Allow) C:\Cacic\Modulos\ger_cols.exe => Nenhum Arquivo
FirewallRules: [{13CAFDC3-347E-4A07-A486-324B99FCD354}] => (Allow) LPort=5900
FirewallRules: [{75AB9E73-6478-481C-B261-839A9804F112}] => (Allow) LPort=5800
FirewallRules: [{0A2FD84C-FEA9-4E3F-AB05-671B80ED00D0}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{3A9EF195-5460-462A-BF2F-5A40D372A23E}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{C42E0033-CAEA-4733-BF5F-3875EA507A23}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{B8FCAE3E-0000-4D1E-B9DD-9B94A2593B3E}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{A460C600-8836-4251-A5AC-3D10885CE1AC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{00DAC29B-C40A-4A8D-9C21-8448657B2FDB}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{FFD6ABF8-6C42-4315-BB0B-03230962B1A9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{92B7C7E8-8F01-473E-AB0A-8503AEDF0C69}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{2D446410-4180-484B-B790-DF746B204401}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{9BE6A735-5B80-462B-B77A-4E24716095E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{016A2A17-FE2F-49B3-84A1-9107FAB2174E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{17C34D38-AB6F-46AF-A4C5-D9B0D824E365}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{C819E22C-C23D-497D-A34B-48801DCC286B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [Arquivo não assinado]
FirewallRules: [{AB31D7F3-FA05-4150-AEF5-C2C5008C00B8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [Arquivo não assinado]
FirewallRules: [{E1A36371-500C-4AB4-817B-E4ACA1559832}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{97CB0F16-0BEF-4C20-A69A-2E1B1D6756DB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{64E9AC38-9E86-454F-9B92-1E7310ED5AC4}] => (Allow) LPort=5405
FirewallRules: [{F9331017-1747-47F5-877D-5F9B5018A081}] => (Allow) LPort=5505
FirewallRules: [{882DDA1F-C0E1-4930-9D73-3F98117C1DC8}] => (Allow) LPort=5805
FirewallRules: [{81F7009D-6447-4F8D-9D0D-00DA3141C790}] => (Allow) LPort=5905
FirewallRules: [{D42D296F-9832-4292-9AD8-5BA9A4708F06}] => (Allow) C:\Cacic\Modulos\srcacicserver.exe => Nenhum Arquivo
FirewallRules: [{E90FEAB6-34DF-4536-AC59-5F0B69422A90}] => (Allow) C:\Cacic\Modulos\srcacicserver.exe => Nenhum Arquivo
FirewallRules: [{F6462F04-FD4A-447D-A37C-BD8F9F9A6A6C}] => (Allow) C:\Cacic\Modulos\srcacicsrv.exe => Nenhum Arquivo
FirewallRules: [{94168AF2-FBB6-497E-8EC0-40EBC02381F0}] => (Allow) C:\Cacic\Modulos\srcacicsrv.exe => Nenhum Arquivo
FirewallRules: [{3DFA66F4-346D-4ED4-BA9F-F095CAE50C07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B7D16902-DA44-45EE-827F-EDF561A37FFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{99FE44C6-F7EB-4075-92CF-310C1F3AD6B7}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
FirewallRules: [{DA1491A5-17B5-4286-9E27-74C80C6E44CE}] => (Allow) C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe (Kodak Alaris Inc. -> Kodak Alaris Inc.)
FirewallRules: [{E1829DFA-5A55-42B2-B60C-7B1BC9851C65}] => (Allow) C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe (Kodak Alaris Inc. -> Kodak Alaris Inc.)
FirewallRules: [{B1DF8924-8F22-4960-916F-1A3AB4D5DD1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3DB235A7-6FB2-4CAA-96C8-31502E1D887B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2B0271BE-A245-4304-811B-265C8D5F43CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{743AB037-81B7-4317-A32D-2A028D7719DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F2EA8FCE-802A-4C60-9B3C-4D6288C9BF6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Pontos de Restauração =========================

06-12-2020 21:44:29 Windows Update
09-12-2020 10:32:24 Intel® Driver & Support Assistant
13-12-2020 17:06:36 Windows Update

==================== Dispositivos Apresentando Falhas No Gerenciador ============


==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (12/15/2020 11:15:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL". 
Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (12/15/2020 11:15:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL". 
Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (12/15/2020 11:15:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL". 
Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (12/15/2020 09:34:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL". 
Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (12/15/2020 09:34:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL". 
Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (12/15/2020 09:34:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL". 
Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (12/15/2020 09:29:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL". 
Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (12/15/2020 09:29:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_8444db7d32915e4c\MFC80U.DLL". 
Assembly dependente Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.


Erros de Sistema:
=============
Error: (12/15/2020 08:22:39 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Sustentação do Agente Principal do Sistema CACIC suspenso ao iniciar.

Error: (12/15/2020 08:21:51 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão Específico do aplicativo não concedem permissãoLocal Iniciar para o aplicativo de Servidor COM com CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 e APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 ao usuárioAUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (12/14/2020 09:54:45 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Sustentação do Agente Principal do Sistema CACIC suspenso ao iniciar.

Error: (12/14/2020 09:54:08 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão Específico do aplicativo não concedem permissãoLocal Iniciar para o aplicativo de Servidor COM com CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 e APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 ao usuárioAUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (12/14/2020 12:04:04 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Sustentação do Agente Principal do Sistema CACIC suspenso ao iniciar.

Error: (12/14/2020 12:03:34 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)
Description: As configurações de permissão Específico do aplicativo não concedem permissãoLocal Iniciar para o aplicativo de Servidor COM com CLSID 
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 e APPID 
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 ao usuárioAUTORIDADE NT\SISTEMA SID (S-1-5-18) do endereço LocalHost (Usando LRPC). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.

Error: (12/14/2020 12:00:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Trusted Platform Core Service foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (12/14/2020 12:00:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Intel(R) Driver & Support Assistant foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).


CodeIntegrity:
===================================

Date: 2020-09-24 18:11:00.505
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-09-24 18:11:00.387
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscr64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-09-24 17:47:21.683
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-09-24 17:47:21.600
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscr64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-09-24 17:16:56.265
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll because the set of per-page image hashes could not be found on the system.

Date: 2020-09-24 17:16:56.134
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscr64.dll because the set of per-page image hashes could not be found on the system.

==================== Informações da Memória =========================== 

BIOS: Desenvolvida por Positivo Informatica SA 0104I.L-INSS 01/20/2014
placa-mãe: Positivo Informatica SA POS-PIB75CX
Processador: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentagem de memória em uso: 89%
RAM física total: 5569.96 MB
RAM física disponível: 603.43 MB
Virtual Total: 11138.07 MB
Virtual disponível: 4907.91 MB

==================== Drives ================================

Drive 😄 (Windows) (Fixed) (Total:451.11 GB) (Free:377.93 GB) NTFS

\\?\Volume{51170534-e73c-11e3-9dd9-806e6f6e6963}\ (Recovery image) (Fixed) (Total:14.65 GB) (Free:5.6 GB) NTFS

==================== MBR & Tabela de Partições ====================

==================== Fim de Addition.txt =======================

 

 

 

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 14-12-2020
Executado por INSS (administrador) em INSS830594787 (Positivo Informatica SA POS-PIB75CX) (15-12-2020 15:31:05)
Executando a partir de C:\Users\INSS\Desktop
Perfis Carregados: INSS
Platform: Windows 7 Professional Service Pack 1 (X64) Idioma: Português (Brasil)
Navegador padrão: Chrome
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

() [Arquivo não assinado] C:\Program Files (x86)\Realtek\RtkWin7DashClientInstaller\RtkDashService64.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dataprev - Emp. de TI da Prev Social - UDSL/SSLC) [Arquivo não assinado] C:\Windows\cacicservice.exe
(Dataprev - Tecnologia a Serviço da Cidadania) [Arquivo não assinado] C:\Cacic\cacic280.exe
(FUJITSU LIMITED) [Arquivo não assinado] C:\Windows\twain_32\fjscan32\FjtwMkup.exe
(Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <17>
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Infineon Technologies AG -> Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe
(Infineon Technologies AG -> Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\IFXSPMGT.exe
(Infineon Technologies AG -> Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\IFXTCS.exe
(Infineon Technologies AG -> Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\PSDrt.exe
(Infineon Technologies AG -> Infineon Technologies AG) C:\Program Files (x86)\Infineon\Security Platform Software\SpTNA.exe
(Intel Corporation -> ) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kodak Alaris Inc. -> Kodak Alaris Inc.) C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe <2>
(Kodak Alaris Inc.) [Arquivo não assinado] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KSSCFG.exe
(Kodak Alaris Inc.) [Arquivo não assinado] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KSSE.exe
(Kodak Alaris Inc.) [Arquivo não assinado] C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KSSOutput.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8>
(Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe
(Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
(PFU LIMITED) [Arquivo não assinado] C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe
(PFU LIMITED) [Arquivo não assinado] C:\Windows\twain_32\fjscan32\FiWiaChecker.exe
(PFU LIMITED) [Arquivo não assinado] C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
(PFU LIMITED) [Arquivo não assinado] C:\Windows\twain_32\fjscan32\SOP\FtLnSOP.exe
(PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) C:\Program Files\Diebold\Warsaw\core.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SafeNet, Inc. -> SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe
(SafeNet, Inc. -> SafeNet, Inc.) C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe
(Samsung Electronics CO., LTD. -> ) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.bin
(The Document Foundation -> The Document Foundation) C:\Program Files\LibreOffice\program\soffice.exe
(uvnc bvba -> UltraVNC) C:\Program Files (x86)\UltraVNC\winvnc.exe <2>
(WinMagic Inc. -> WinMagic Inc.) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] (Samsung Electronics CO., LTD. -> )
HKLM\...\Run: [SACMonitor] => C:\Program Files\SafeNet\Authentication\SAC\x64\SACMonitor.exe [633232 2015-01-23] (SafeNet, Inc. -> SafeNet, Inc.)
HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [10442080 2020-04-21] (Palo Alto Networks -> Palo Alto Networks)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IFXSPMGT] => C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe [1160480 2010-02-23] (Infineon Technologies AG -> Infineon Technologies AG)
HKLM-x32\...\Run: [Trend OfficeScan ImageSetup] => "C:\Program Files (x86)\Trend Micro\ImgSetup.exe" "/54bef7450bbf" -HideWindow
HKLM-x32\...\Run: [FJTWAIN Setup] => C:\Windows\Twain_32\fjscan32\FjtwMkup.exe [131072 2008-11-18] (FUJITSU LIMITED) [Arquivo não assinado]
HKLM-x32\...\Run: [FiWIA Service Checker] => C:\Windows\twain_32\fjscan32\FiWiaChecker.exe [86016 2009-10-21] (PFU LIMITED) [Arquivo não assinado]
HKLM-x32\...\Run: [FtLnSOP_setup] => C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe [233472 2012-04-05] (PFU LIMITED) [Arquivo não assinado]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
HKLM-x32\...\Run: [Smart Touch s2000] => C:\Program Files (x86)\Kodak\Document Imaging\kds_s2000\Smart Touch\KSSCFG.exe [790528 2018-03-20] (Kodak Alaris Inc.) [Arquivo não assinado]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-09-07] (Geek Software GmbH -> Geek Software GmbH)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-12-07] (IDSA Production signing key -> Intel)
HKU\S-1-5-21-530474809-1679542572-2355305007-1000\...\MountPoints2: {51170539-e73c-11e3-9dd9-806e6f6e6963} - D:\set_up.exe
HKU\S-1-5-21-530474809-1679542572-2355305007-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\ML4550PC: C:\Windows\System32\spool\prtprocs\x64\ml4550pc.dll [33792 2009-09-22] (Windows (R) Server 2003 DDK provider) [Arquivo não assinado]
HKLM\...\Windows x64\Print Processors\sse2mPC: C:\Windows\System32\spool\prtprocs\x64\sse2mpc.dll [43520 2015-07-20] (Windows (R) Codename Longhorn DDK provider) [Arquivo não assinado]
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\Windows\system32\cpwmon64.dll [85752 2006-12-10] (Acro Software Inc. -> )
HKLM\...\Print\Monitors\ML4550 Langmon: C:\Windows\system32\ml4550l6.dll [22016 2009-09-22] () [Arquivo não assinado]
HKLM\...\Print\Monitors\PDF reDirect Monitor: C:\Windows\system32\PDFreDirectMon64.dll [65344 2010-06-06] (EXP Systems LLC -> )
HKLM\...\Print\Monitors\Redirected Port: C:\Windows\system32\redmon64.dll [113152 2012-06-21] () [Arquivo não assinado]
HKLM\...\Print\Monitors\sse2m Langmon: C:\Windows\system32\sse2mlm.dll [22528 2015-07-20] () [Arquivo não assinado]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] -> C:\Windows\system32\ieudinit.exe [2013-10-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-02] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Error Recovery Guide.lnk [2018-05-15]
ShortcutTarget: Error Recovery Guide.lnk -> C:\Windows\twain_32\fjscan32\ERG\FTErGuid.exe (PFU LIMITED) [Arquivo não assinado]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ShowDesktop.scf [2012-07-17] () [Arquivo não assinado]
Startup: C:\Users\INSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FBR Daniela [2017-06-02] ()

==================== Tarefas Agendadas (Whitelisted) ============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {13E0529A-9D12-4883-9B02-C359FED7CAC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {14BC07EB-67F5-4831-ABC2-556BC169CC6B} - System32\Tasks\{2A799D3A-8C42-41F8-A436-B58E29016E02} => C:\Windows\system32\pcalua.exe -a C:\Users\INSS\Downloads\Sads130400.exe -d C:\Users\INSS\Downloads
Task: {3599144D-F156-4F3D-9DE2-C44B9365FD24} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {4D946A1A-6781-4799-B9F7-E96D94B86ED4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233224 2011-11-25] (Intel® Services Manager -> Intel Corporation)
Task: {6BD69544-3650-44CD-BE76-76DDF52CECD1} - System32\Tasks\{96660FF6-1AFD-429A-B0E4-9C19A0D4A925} => C:\Windows\system32\pcalua.exe -a C:\Users\INSS\Downloads\InstaladorCadeiaV2.exe -d C:\Users\INSS\Downloads
Task: {6E3A38B9-D989-487B-99E5-B7288844C8BF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233224 2011-11-25] (Intel® Services Manager -> Intel Corporation)
Task: {779DCBBC-759F-48E5-8E3F-DBAB46BB841B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7ECD7B8F-397B-4A50-BE09-B8F1082FA57F} - System32\Tasks\kodakalarisincscanner => C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe [217008 2019-01-03] (Kodak Alaris Inc. -> Kodak Alaris Inc.)
Task: {89628670-C301-456C-ADB8-053B60A7FA19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-12-19] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8DAA4222-D439-441C-AE08-2BF79AA78D11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {9516BD6C-1A1B-47E0-9F45-034A8E2BB2E4} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {9A4A9E27-9C2B-4545-B994-85694D6664B7} - \WPD\SqmUpload_S-1-5-21-530474809-1679542572-2355305007-500 -> Nenhum Arquivo <==== ATENÇÃO
Task: {A6B256E1-A745-4EBE-B803-F6A23A2B61A7} - \ScriptGegX -> Nenhum Arquivo <==== ATENÇÃO
Task: {B7C7EE1B-E549-406E-B332-A4F2E2662D1B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {DB9EC9A1-07AD-4065-A030-20613830186C} - System32\Tasks\update-S-1-5-21-530474809-1679542572-2355305007-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {EA51A5E3-6794-4EED-B3E8-5277602B5638} - System32\Tasks\{1732AC89-B35C-4143-A86B-B8A595FCC878} => C:\Windows\system32\pcalua.exe -a C:\temp\setup.EXE -d C:\temp <==== ATENÇÃO
Task: {F5B4C490-320D-40F1-94EE-9D44A5580279} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\update-S-1-5-21-530474809-1679542572-2355305007-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.)

Tcpip\Parameters: [DhcpNameServer] 177.131.112.10 177.131.112.10
Tcpip\..\Interfaces\{15B97023-8227-48B7-AEC4-00DEBB7DF46B}: [DhcpNameServer] 177.131.112.10 177.131.112.10
Tcpip\..\Interfaces\{584946ED-5ECC-45B8-A880-84B92F92B356}: [NameServer] 10.31.220.21,10.70.124.20

FireFox:
========
FF DefaultProfile: 4yj9n7ik.default-1569929801040-1597841975181
FF ProfilePath: C:\Users\INSS\AppData\Roaming\Mozilla\Firefox\Profiles\4yj9n7ik.default-1569929801040-1597841975181 [2020-12-15]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\INSS\AppData\Roaming\Mozilla\Firefox\Profiles\4yj9n7ik.default-1569929801040-1597841975181\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2020-12-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll [2013-11-12] (Adobe Systems Incorporated -> )
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2020-04-14] (Sun Microsystems, Inc. -> Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Nenhum Arquivo]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Software Incorporated -> Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\autoconf_warsaw.js [2020-12-15]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default [2020-12-15]
CHR HomePage: Default -> hxxps://www.google.com.br/
CHR StartupUrls: Default -> "hxxps://google.com.br/"
CHR Extension: (Apresentações) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-14]
CHR Extension: (Kindle Cloud Reader) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldnnhmpcmipijphdbchbfdmnafnjia [2020-12-14]
CHR Extension: (Documentos) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-14]
CHR Extension: (Google Drive) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-14]
CHR Extension: (YouTube) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-14]
CHR Extension: (Avast Passwords) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2020-12-14]
CHR Extension: (Planilhas) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-14]
CHR Extension: (Documentos Google off-line) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-14]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2020-12-14]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-14]
CHR Extension: (Gmail) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-14]
CHR Extension: (Chrome Media Router) - C:\Users\INSS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-14]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Serviços (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-12-19] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S3 CentralAdminAgent; C:\Program Files (x86)\fiScanner\ScannerCentralAdminAgent\FMAService.exe [46984 2012-11-13] (PFU LIMITED -> PFU LIMITED)
R2 DashClientService; C:\Program Files (x86)\Realtek\RtkWin7DashClientInstaller\RtkDashService64.exe [251904 2013-04-29] () [Arquivo não assinado]
R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [45056 2007-03-08] (PFU LIMITED) [Arquivo não assinado]
R2 IFXSpMgtSrv; C:\Program Files (x86)\Infineon\Security Platform Software\ifxspmgt.exe [1160480 2010-02-23] (Infineon Technologies AG -> Infineon Technologies AG)
R2 IFXTCS; C:\Program Files (x86)\Infineon\Security Platform Software\ifxtcs.exe [992544 2010-02-23] (Infineon Technologies AG -> Infineon Technologies AG)
R2 kodakalarisincscanner; C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe [217008 2019-01-03] (Kodak Alaris Inc. -> Kodak Alaris Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-11] (Malwarebytes Inc -> Malwarebytes)
R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [6791520 2020-04-21] (Palo Alto Networks -> Palo Alto Networks)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-09-07] (Geek Software GmbH -> Geek Software GmbH)
R2 PersonalSecureDriveService; C:\Program Files (x86)\Infineon\Security Platform Software\IfxPsdSv.exe [214304 2010-02-23] (Infineon Technologies AG -> Infineon Technologies AG)
R2 SACSrv; C:\Program Files\SafeNet\Authentication\SAC\x64\SACSRV.exe [49040 2015-01-23] (SafeNet, Inc. -> SafeNet, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13216272 2020-03-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 uvnc_service; C:\Program Files (x86)\UltraVNC\winvnc.exe [1590216 2009-12-06] (uvnc bvba -> UltraVNC)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1118256 2019-11-22] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
R2 WinMagic SecureDoc Service; C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe [323264 2013-01-25] (WinMagic Inc. -> WinMagic Inc.)

===================== Drivers (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2015-01-23] (Aladdin Knowledge Systems Inc. -> Aladdin Knowledge Systems, Ltd.)
S3 AKSUP; C:\Windows\System32\drivers\aksup.sys [44712 2015-01-23] (Aladdin Knowledge Systems Inc. -> Aladdin Knowledge Systems, Ltd.)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [99216 2016-10-10] (Daruma Telecomunicacoes e Informatica SA -> FTDI Ltd.)
S3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [86032 2016-10-10] (Daruma Telecomunicacoes e Informatica SA -> FTDI Ltd.)
R3 iKeyEnum; C:\Windows\System32\DRIVERS\ikeyenum.sys [16160 2015-01-23] (SafeNet, Inc. -> SafeNet, Inc.)
R3 iKeyIFD; C:\Windows\System32\DRIVERS\ikeyifd.sys [22304 2015-01-23] (SafeNet, Inc. -> SafeNet, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-11] (Malwarebytes Inc -> Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-12-11] (Malwarebytes Inc -> Malwarebytes)
R3 PanGpd; C:\Windows\System32\DRIVERS\pangpd.sys [68280 2020-04-21] (PALO ALTO NETWORKS, INC. -> Palo Alto Networks Inc.)
R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-25] (Infineon Technologies AG -> Infineon Technologies AG)
R0 PinFile; C:\Windows\System32\DRIVERS\PinFile.sys [48904 2012-08-23] (WinMagic Inc. -> WinMagic, Inc.)
U5 RnbToken; C:\Windows\System32\Drivers\RnbToken.sys [24352 2015-01-23] (SafeNet, Inc. -> SafeNet, Inc.)
R2 RtDashPt; C:\Windows\System32\DRIVERS\RtDashPt.sys [29256 2013-04-29] (Realtek Semiconductor Corp -> Realtek semiconductor corp)
R3 rtkio; C:\Program Files (x86)\Realtek\RtkWin7DashClientInstaller\rtkio64.sys [16016 2013-04-29] (Realtek Semiconductor Corp -> Windows (R) Codename Longhorn DDK provider)
R0 SDDisk2K; C:\Windows\System32\DRIVERS\SDDisk2K.sys [203016 2012-11-19] (WinMagic Inc. -> WinMagic Inc.)
R0 SDDToki; C:\Windows\System32\DRIVERS\SDDToki.sys [131336 2012-10-11] (WinMagic Inc. -> WinMagic Inc.)
R0 SDDVD; C:\Windows\System32\DRIVERS\SDDVD.sys [73480 2012-10-04] (WinMagic Inc. -> WinMagic Inc.)
R0 SDUPC; C:\Windows\System32\DRIVERS\SDUPC.sys [21768 2012-08-09] (WinMagic Inc. -> WinMagic Inc.)
R2 SDVCE; C:\Windows\System32\DRIVERS\SDVCE.sys [70368 2012-06-26] (WinMagic Inc. -> WinMagic, Inc.)
R1 wsddfac; C:\Windows\System32\drivers\wsddfac.sys [28376 2020-12-15] (GAS INFORMATICA LTDA -> GAS Tecnologia)
R1 wsddntf; C:\Windows\System32\DRIVERS\wsddntf.sys [47064 2019-08-28] (Gas Informatica Ltda -> GAS Tecnologia)
R1 wsddpp; C:\Windows\system32\drivers\wsddpp.sys [44728 2019-05-17] (Gas Informatica Ltda -> GAS Tecnologia)
R3 wsddprm; C:\Windows\system32\drivers\wsddprm.sys [43560 2018-04-25] (Gas Informatica Ltda -> GAS Tecnologia)

==================== NetSvcs (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)


==================== Um mês (criados) (Whitelisted) =========

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2020-12-15 15:31 - 2020-12-15 15:32 - 000027938 _____ C:\Users\INSS\Desktop\FRST.txt
2020-12-15 15:30 - 2020-12-15 15:31 - 000000000 ____D C:\FRST
2020-12-15 15:30 - 2020-12-15 15:30 - 002286592 _____ (Farbar) C:\Users\INSS\Desktop\FRST64.exe
2020-12-15 13:20 - 2020-12-15 13:20 - 000009262 _____ C:\Users\INSS\Desktop\roguerKiller_report.txt
2020-12-15 11:17 - 2020-12-15 11:28 - 031048248 _____ C:\Users\INSS\Desktop\RogueKiller64.exe
2020-12-14 20:09 - 2020-12-14 22:15 - 000000000 ____D C:\Users\Todos os Usuários\RogueKiller
2020-12-14 20:09 - 2020-12-14 22:15 - 000000000 ____D C:\ProgramData\RogueKiller
2020-12-14 11:59 - 2020-12-14 11:59 - 000004084 _____ C:\Users\INSS\Downloads\ZHPCleaner (R) (1).txt
2020-12-14 11:45 - 2020-12-14 11:45 - 000361595 _____ C:\Users\INSS\Downloads\Vermiculita Expandida Literatura.pdf
2020-12-14 10:18 - 2020-12-14 10:18 - 000004084 _____ C:\Users\INSS\Downloads\ZHPCleaner (R).txt
2020-12-13 17:26 - 2020-12-13 17:26 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0
2020-12-13 17:22 - 2020-12-13 17:23 - 000089209 _____ C:\Users\INSS\Downloads\boletoSKY_401053170158.pdf
2020-12-13 15:41 - 2020-12-14 13:44 - 000000000 ____D C:\Users\INSS\AppData\Roaming\ZHP
2020-12-13 15:41 - 2020-12-13 15:41 - 000000000 ____D C:\Users\INSS\AppData\Local\ZHP
2020-12-13 15:40 - 2020-12-13 15:41 - 003339136 _____ (Nicolas Coolman) C:\Users\INSS\Desktop\ZHPCleaner.exe
2020-12-13 15:38 - 2020-12-13 15:38 - 000001474 _____ C:\Users\INSS\Desktop\AdwCleaner[S01].txt
2020-12-13 15:32 - 2020-12-13 15:35 - 000000000 ____D C:\AdwCleaner
2020-12-13 15:32 - 2020-12-13 15:32 - 008447152 _____ (Malwarebytes) C:\Users\INSS\Desktop\adwcleaner_8.0.8.exe
2020-12-11 22:59 - 2020-12-11 22:59 - 000007605 _____ C:\Users\INSS\AppData\Local\Resmon.ResmonCfg
2020-12-11 22:03 - 2020-12-11 22:03 - 000222104 _____ (AVAST Software) C:\Users\INSS\Desktop\avast_free_antivirus_setup_online.exe
2020-12-11 10:44 - 2020-12-11 10:44 - 000000000 ____D C:\Users\INSS\AppData\Local\mbam
2020-12-11 10:43 - 2020-12-11 10:43 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-12-11 10:43 - 2020-12-11 10:43 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-12-11 10:43 - 2020-12-11 10:43 - 000001967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-11 10:43 - 2020-12-11 10:43 - 000001955 _____ C:\Users\Todos os Usuários\Desktop\Malwarebytes.lnk
2020-12-11 10:43 - 2020-12-11 10:43 - 000001955 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-11 10:43 - 2020-12-11 10:43 - 000001955 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-11 10:43 - 2020-12-11 10:43 - 000000000 ____D C:\Users\Todos os Usuários\Malwarebytes
2020-12-11 10:43 - 2020-12-11 10:43 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-11 10:43 - 2020-12-11 10:42 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-12-11 10:42 - 2020-12-11 10:42 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-11 10:41 - 2020-12-11 10:41 - 002086424 _____ (Malwarebytes) C:\Users\INSS\Downloads\MBSetup-2Co.2Co.exe
2020-12-10 15:37 - 2020-12-10 15:37 - 000093065 _____ C:\Users\INSS\Downloads\processo-n-5006835-3920198130672-do-tjmg-publicacoes.pdf
2020-12-10 15:24 - 2020-12-10 15:24 - 000046265 _____ C:\Users\INSS\Downloads\pedidos_100130_orcamento-6544-2020-12-10-13-50-35.pdf
2020-12-10 10:28 - 2020-12-10 10:28 - 000046533 _____ C:\Users\INSS\Downloads\pedidos_100130_orcamento-6544-2020-12-10-10-19.pdf
2020-12-09 10:33 - 2020-12-09 10:33 - 000001528 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2020-11-25 17:05 - 2020-11-26 10:45 - 000000000 ____D C:\Users\INSS\Downloads\Telegram Desktop
2020-11-25 13:29 - 2020-11-27 20:54 - 000000000 ____D C:\Users\INSS\AppData\Roaming\Telegram Desktop
2020-11-25 13:29 - 2020-11-25 13:29 - 000000953 _____ C:\Users\INSS\Desktop\Telegram.lnk
2020-11-25 13:29 - 2020-11-25 13:29 - 000000000 ____D C:\Users\INSS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2020-11-21 10:57 - 2020-11-23 09:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Um mês (modificados) ==================

(Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.)

2020-12-15 15:31 - 2019-03-27 10:35 - 000000386 _____ C:\Windows\Tasks\update-sys.job
2020-12-15 14:39 - 2013-11-12 15:19 - 000000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2020-12-15 14:38 - 2019-03-27 10:35 - 000000386 _____ C:\Windows\Tasks\update-S-1-5-21-530474809-1679542572-2355305007-1000.job
2020-12-15 14:35 - 2020-05-07 14:16 - 000000000 _____ C:\Windows\system32\7
2020-12-15 14:07 - 2020-03-26 12:38 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-12-15 13:33 - 2013-11-12 14:15 - 000000000 ____D C:\Users\Todos os Usuários\Mozilla
2020-12-15 13:33 - 2013-11-12 14:15 - 000000000 ____D C:\ProgramData\Mozilla
2020-12-15 13:32 - 2016-11-18 09:05 - 000000000 ____D C:\Users\INSS\AppData\LocalLow\Mozilla
2020-12-15 13:31 - 2020-04-15 18:39 - 000000000 _____ C:\Windows\system32\5
2020-12-15 11:06 - 2020-03-26 20:22 - 000000000 _____ C:\Windows\system32\3
2020-12-15 10:20 - 2013-11-13 08:36 - 000000339 _____ C:\Windows\chksis.ini
2020-12-15 09:18 - 2020-03-26 13:05 - 000000000 _____ C:\Windows\system32\1
2020-12-15 08:45 - 2009-07-14 01:45 - 000030704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-12-15 08:45 - 2009-07-14 01:45 - 000030704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-12-15 08:22 - 2020-05-16 08:52 - 000000000 __SHD C:\Users\INSS\IntelGraphicsProfiles
2020-12-15 08:21 - 2018-06-13 10:15 - 000028376 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\wsddfac.sys
2020-12-15 08:21 - 2013-11-13 08:36 - 000000000 ____D C:\Cacic
2020-12-15 08:21 - 2013-11-12 14:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-12-15 08:20 - 2013-10-08 15:15 - 000000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2020-12-15 08:20 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-12-14 18:08 - 2013-10-08 15:15 - 000000832 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2020-12-13 17:26 - 2013-11-12 10:38 - 000000000 ____D C:\Windows\system32\MRT
2020-12-13 17:16 - 2013-11-12 10:38 - 133736600 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2020-12-13 17:09 - 2013-10-08 15:21 - 001990020 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2020-12-13 17:09 - 2011-04-12 10:40 - 000845402 _____ C:\Windows\system32\prfh0416.dat
2020-12-13 17:09 - 2011-04-12 10:40 - 000199882 _____ C:\Windows\system32\prfc0416.dat
2020-12-13 17:09 - 2009-07-14 02:13 - 001990020 _____ C:\Windows\system32\PerfStringBackup.INI
2020-12-13 17:09 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2020-12-11 22:14 - 2009-07-14 02:08 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-12-11 20:41 - 2020-05-16 16:47 - 000000000 ____D C:\Users\Todos os Usuários\Kaspersky Lab Setup Files
2020-12-11 20:41 - 2020-05-16 16:47 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2020-12-10 23:44 - 2017-05-29 15:21 - 000002066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-10 10:50 - 2019-02-28 13:08 - 000000000 ____D C:\Users\INSS\Desktop\LAA
2020-12-09 18:54 - 2013-11-12 15:17 - 000000000 ____D C:\CNISLINHA
2020-12-09 10:34 - 2013-10-08 15:11 - 000000000 ____D C:\Users\Todos os Usuários\Package Cache
2020-12-09 10:34 - 2013-10-08 15:11 - 000000000 ____D C:\ProgramData\Package Cache
2020-12-09 10:33 - 2013-10-08 15:12 - 000000000 ____D C:\Program Files (x86)\Intel
2020-12-03 19:21 - 2013-12-19 09:05 - 000003502 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-03 19:21 - 2013-12-19 09:05 - 000003374 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-02 19:22 - 2013-12-19 09:06 - 000002229 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-12-02 19:22 - 2013-12-19 09:06 - 000002188 _____ C:\Users\Todos os Usuários\Desktop\Google Chrome.lnk
2020-12-02 19:22 - 2013-12-19 09:06 - 000002188 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-12-02 19:22 - 2013-12-19 09:06 - 000002188 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-11-29 21:56 - 2013-11-14 09:53 - 000000000 ____D C:\Users\INSS
2020-11-26 20:14 - 2020-05-07 14:42 - 000000000 _____ C:\Windows\system32\9
2020-11-25 13:02 - 2016-10-04 07:56 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-11-23 09:28 - 2013-11-12 14:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-11-21 18:40 - 2020-10-27 19:18 - 000000000 _____ C:\Windows\system32\15
2020-11-21 17:42 - 2020-10-27 19:14 - 000000000 _____ C:\Windows\system32\13
2020-11-21 17:41 - 2020-05-07 17:44 - 000000000 _____ C:\Windows\system32\11

==================== Arquivos na raiz de alguns diretórios ========

2016-09-26 08:42 - 2020-08-02 18:00 - 000001395 _____ () C:\Users\INSS\AppData\Roaming\SAS7_000.DAT
2020-12-11 22:59 - 2020-12-11 22:59 - 000007605 _____ () C:\Users\INSS\AppData\Local\Resmon.ResmonCfg
2019-03-27 10:35 - 2019-03-27 10:35 - 000000003 _____ () C:\Users\INSS\AppData\Local\updater.log
2019-03-27 10:35 - 2019-03-27 10:35 - 000000425 _____ () C:\Users\INSS\AppData\Local\UserProducts.xml
2020-05-27 09:07 - 2020-05-27 09:07 - 000000000 _____ () C:\Users\INSS\AppData\Local\{0ABB5CDB-2A27-4506-BF26-880D7BAEF35B}
2020-05-23 10:42 - 2020-05-23 10:42 - 000000000 _____ () C:\Users\INSS\AppData\Local\{ADE094F0-21A3-487B-98CC-3F3182D87A4B}
2020-05-17 11:39 - 2020-05-17 11:39 - 000000000 _____ () C:\Users\INSS\AppData\Local\{BE9E4223-55EC-491F-89B6-1CD1B1640345}
2020-05-19 09:45 - 2020-05-19 09:45 - 000000000 _____ () C:\Users\INSS\AppData\Local\{C03A71AA-8AFB-4FD7-B2CF-F5749182A600}

==================== SigCheck ============================

(Não há correção automática para arquivos que não passaram na verificação.)


LastRegBack: 2020-12-13 10:20
==================== Fim de FRST.txt ========================

 

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@Luiz Agripino

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está no CODE abaixo:

CreateRestorePoint:
CloseProcesses:
ContextMenuHandlers1: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll -> Nenhum Arquivo
ContextMenuHandlers2: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll -> Nenhum Arquivo
ContextMenuHandlers4: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll -> Nenhum Arquivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> Nenhum Arquivo
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{7C9E613B-5061-4350-83E2-B4B12475CB99}C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe] => (Block) C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
FirewallRules: [UDP Query User{3D7F61B1-8F52-4453-AE10-D0188EBDDFDB}C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe] => (Block) C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation)
FirewallRules: [{FD906168-2E3B-4D73-9522-49DDDEFD2E4F}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.)
FirewallRules: [{564C3D48-F78C-4050-8D96-7006584AC23C}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.)
FirewallRules: [{9537342D-C56C-476C-A09D-9ABBA3429AC6}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.)
FirewallRules: [{ABA1C779-EC44-4AAA-9F88-3959E8CC8A6E}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.)
FirewallRules: [FTP-Out-TCP] => (Allow) C:\system32\\ftp.exe => Nenhum Arquivo
FirewallRules: [FTP-Out-UDP] => (Allow) C:\system32\\ftp.exe => Nenhum Arquivo
FirewallRules: [CACIC-GERCOLS-Out-TCP] => (Allow) C:\Cacic\Modulos\\ger_cols.exe => Nenhum Arquivo
FirewallRules: [CACIC-GERCOLS-Out-UDP] => (Allow) C:\Cacic\Modulos\\ger_cols.exe => Nenhum Arquivo
FirewallRules: [CACIC-SRCACICSRV-Out-TCP] => (Allow) C:\Cacic\Modulos\\srcacicsrv.exe => Nenhum Arquivo
FirewallRules: [CACIC-SRCACICSRV-Out-UDP] => (Allow) C:\Cacic\Modulos\\srcacicsrv.exe => Nenhum Arquivo
FirewallRules: [{E0BEB8D4-BB67-430D-A14A-AF14142A48A5}] => (Allow) C:\Cacic\Modulos\ger_cols.exe => Nenhum Arquivo
FirewallRules: [{5CC7984F-CE61-4C8C-A4BE-3E8D49FE558C}] => (Allow) C:\Cacic\Modulos\ger_cols.exe => Nenhum Arquivo
FirewallRules: [{13CAFDC3-347E-4A07-A486-324B99FCD354}] => (Allow) LPort=5900
FirewallRules: [{75AB9E73-6478-481C-B261-839A9804F112}] => (Allow) LPort=5800
FirewallRules: [{0A2FD84C-FEA9-4E3F-AB05-671B80ED00D0}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{3A9EF195-5460-462A-BF2F-5A40D372A23E}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{C42E0033-CAEA-4733-BF5F-3875EA507A23}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{B8FCAE3E-0000-4D1E-B9DD-9B94A2593B3E}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC)
FirewallRules: [{A460C600-8836-4251-A5AC-3D10885CE1AC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{00DAC29B-C40A-4A8D-9C21-8448657B2FDB}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> )
FirewallRules: [{FFD6ABF8-6C42-4315-BB0B-03230962B1A9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{92B7C7E8-8F01-473E-AB0A-8503AEDF0C69}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{2D446410-4180-484B-B790-DF746B204401}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{9BE6A735-5B80-462B-B77A-4E24716095E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{016A2A17-FE2F-49B3-84A1-9107FAB2174E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{17C34D38-AB6F-46AF-A4C5-D9B0D824E365}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{C819E22C-C23D-497D-A34B-48801DCC286B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [Arquivo não assinado]
FirewallRules: [{AB31D7F3-FA05-4150-AEF5-C2C5008C00B8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [Arquivo não assinado]
FirewallRules: [{E1A36371-500C-4AB4-817B-E4ACA1559832}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{97CB0F16-0BEF-4C20-A69A-2E1B1D6756DB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{64E9AC38-9E86-454F-9B92-1E7310ED5AC4}] => (Allow) LPort=5405
FirewallRules: [{F9331017-1747-47F5-877D-5F9B5018A081}] => (Allow) LPort=5505
FirewallRules: [{882DDA1F-C0E1-4930-9D73-3F98117C1DC8}] => (Allow) LPort=5805
FirewallRules: [{81F7009D-6447-4F8D-9D0D-00DA3141C790}] => (Allow) LPort=5905
FirewallRules: [{D42D296F-9832-4292-9AD8-5BA9A4708F06}] => (Allow) C:\Cacic\Modulos\srcacicserver.exe => Nenhum Arquivo
FirewallRules: [{E90FEAB6-34DF-4536-AC59-5F0B69422A90}] => (Allow) C:\Cacic\Modulos\srcacicserver.exe => Nenhum Arquivo
FirewallRules: [{F6462F04-FD4A-447D-A37C-BD8F9F9A6A6C}] => (Allow) C:\Cacic\Modulos\srcacicsrv.exe => Nenhum Arquivo
FirewallRules: [{94168AF2-FBB6-497E-8EC0-40EBC02381F0}] => (Allow) C:\Cacic\Modulos\srcacicsrv.exe => Nenhum Arquivo
FirewallRules: [{3DFA66F4-346D-4ED4-BA9F-F095CAE50C07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B7D16902-DA44-45EE-827F-EDF561A37FFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{99FE44C6-F7EB-4075-92CF-310C1F3AD6B7}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf)
FirewallRules: [{DA1491A5-17B5-4286-9E27-74C80C6E44CE}] => (Allow) C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe (Kodak Alaris Inc. -> Kodak Alaris Inc.)
FirewallRules: [{E1829DFA-5A55-42B2-B60C-7B1BC9851C65}] => (Allow) C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe (Kodak Alaris Inc. -> Kodak Alaris Inc.)
FirewallRules: [{B1DF8924-8F22-4960-916F-1A3AB4D5DD1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3DB235A7-6FB2-4CAA-96C8-31502E1D887B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{2B0271BE-A245-4304-811B-265C8D5F43CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{743AB037-81B7-4317-A32D-2A028D7719DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F2EA8FCE-802A-4C60-9B3C-4D6288C9BF6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
HKU\S-1-5-21-530474809-1679542572-2355305007-1000\...\MountPoints2: {51170539-e73c-11e3-9dd9-806e6f6e6963} - D:\set_up.exe
Task: {13E0529A-9D12-4883-9B02-C359FED7CAC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {14BC07EB-67F5-4831-ABC2-556BC169CC6B} - System32\Tasks\{2A799D3A-8C42-41F8-A436-B58E29016E02} => C:\Windows\system32\pcalua.exe -a C:\Users\INSS\Downloads\Sads130400.exe -d C:\Users\INSS\Downloads
Task: {3599144D-F156-4F3D-9DE2-C44B9365FD24} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {4D946A1A-6781-4799-B9F7-E96D94B86ED4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233224 2011-11-25] (Intel® Services Manager -> Intel Corporation)
Task: {6BD69544-3650-44CD-BE76-76DDF52CECD1} - System32\Tasks\{96660FF6-1AFD-429A-B0E4-9C19A0D4A925} => C:\Windows\system32\pcalua.exe -a C:\Users\INSS\Downloads\InstaladorCadeiaV2.exe -d C:\Users\INSS\Downloads
Task: {6E3A38B9-D989-487B-99E5-B7288844C8BF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233224 2011-11-25] (Intel® Services Manager -> Intel Corporation)
Task: {779DCBBC-759F-48E5-8E3F-DBAB46BB841B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {7ECD7B8F-397B-4A50-BE09-B8F1082FA57F} - System32\Tasks\kodakalarisincscanner => C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe [217008 2019-01-03] (Kodak Alaris Inc. -> Kodak Alaris Inc.)
Task: {89628670-C301-456C-ADB8-053B60A7FA19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-12-19] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {8DAA4222-D439-441C-AE08-2BF79AA78D11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.)
Task: {9516BD6C-1A1B-47E0-9F45-034A8E2BB2E4} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {9A4A9E27-9C2B-4545-B994-85694D6664B7} - \WPD\SqmUpload_S-1-5-21-530474809-1679542572-2355305007-500 -> Nenhum Arquivo <==== ATENÇÃO
Task: {A6B256E1-A745-4EBE-B803-F6A23A2B61A7} - \ScriptGegX -> Nenhum Arquivo <==== ATENÇÃO
Task: {B7C7EE1B-E549-406E-B332-A4F2E2662D1B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {DB9EC9A1-07AD-4065-A030-20613830186C} - System32\Tasks\update-S-1-5-21-530474809-1679542572-2355305007-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: {EA51A5E3-6794-4EED-B3E8-5277602B5638} - System32\Tasks\{1732AC89-B35C-4143-A86B-B8A595FCC878} => C:\Windows\system32\pcalua.exe -a C:\temp\setup.EXE -d C:\temp <==== ATENÇÃO
Task: {F5B4C490-320D-40F1-94EE-9D44A5580279} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\update-S-1-5-21-530474809-1679542572-2355305007-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Tcpip\Parameters: [DhcpNameServer] 177.131.112.10 177.131.112.10
Tcpip\..\Interfaces\{15B97023-8227-48B7-AEC4-00DEBB7DF46B}: [DhcpNameServer] 177.131.112.10 177.131.112.10
Tcpip\..\Interfaces\{584946ED-5ECC-45B8-A880-84B92F92B356}: [NameServer] 10.31.220.21,10.70.124.20
VirusTotal: C:\Windows\Twain_32\fjscan32\FjtwMkup.exe
VirusTotal: C:\Program Files (x86)\UltraVNC\winvnc.exe
CMD: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
CreateRestorePoint:

Salve este arquivo na na sua área de trabalho com o nome fixlist

OBS: É de extrema importância que o arquivo "fixlist" seja salvo na sua Área de Trabalho/Desktop. Verifique também se o FRST.exe encontra-se na Área de Trabalho/Desktop.

** Usuários do Windows Vista, Windows 7, 8/8.1 e windows 10:Clique com o direito sobre o arquivo FRST.EXE, depois clique em http://i.imgur.com/VRIfczU.png

Clique no botão image.png

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Abra o arquivo Fixlog.txt, copie e cole seu conteudo na sua proxima resposta.

Link para o comentário
Compartilhar em outros sites

Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 14-12-2020 Executado por INSS (17-12-2020 11:05:12) Run:1 Executando a partir de C:\Users\INSS\Desktop Perfis Carregados: INSS Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: ContextMenuHandlers1: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll -> Nenhum Arquivo ContextMenuHandlers2: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll -> Nenhum Arquivo ContextMenuHandlers4: [OfficeScan NT] -> {AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => c:\Program Files (x86)\Trend Micro\OfficeScan Client\TmdShell_64x.dll -> Nenhum Arquivo ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll -> Nenhum Arquivo FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{7C9E613B-5061-4350-83E2-B4B12475CB99}C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe] => (Block) C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) FirewallRules: [UDP Query User{3D7F61B1-8F52-4453-AE10-D0188EBDDFDB}C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe] => (Block) C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation) FirewallRules: [{FD906168-2E3B-4D73-9522-49DDDEFD2E4F}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.) FirewallRules: [{564C3D48-F78C-4050-8D96-7006584AC23C}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.) FirewallRules: [{9537342D-C56C-476C-A09D-9ABBA3429AC6}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.) FirewallRules: [{ABA1C779-EC44-4AAA-9F88-3959E8CC8A6E}] => (Allow) C:\Program Files\WinMagic\SecureDoc-NT\SDService.exe (WinMagic Inc. -> WinMagic Inc.) FirewallRules: [FTP-Out-TCP] => (Allow) C:\system32\\ftp.exe => Nenhum Arquivo FirewallRules: [FTP-Out-UDP] => (Allow) C:\system32\\ftp.exe => Nenhum Arquivo FirewallRules: [CACIC-GERCOLS-Out-TCP] => (Allow) C:\Cacic\Modulos\\ger_cols.exe => Nenhum Arquivo FirewallRules: [CACIC-GERCOLS-Out-UDP] => (Allow) C:\Cacic\Modulos\\ger_cols.exe => Nenhum Arquivo FirewallRules: [CACIC-SRCACICSRV-Out-TCP] => (Allow) C:\Cacic\Modulos\\srcacicsrv.exe => Nenhum Arquivo FirewallRules: [CACIC-SRCACICSRV-Out-UDP] => (Allow) C:\Cacic\Modulos\\srcacicsrv.exe => Nenhum Arquivo FirewallRules: [{E0BEB8D4-BB67-430D-A14A-AF14142A48A5}] => (Allow) C:\Cacic\Modulos\ger_cols.exe => Nenhum Arquivo FirewallRules: [{5CC7984F-CE61-4C8C-A4BE-3E8D49FE558C}] => (Allow) C:\Cacic\Modulos\ger_cols.exe => Nenhum Arquivo FirewallRules: [{13CAFDC3-347E-4A07-A486-324B99FCD354}] => (Allow) LPort=5900 FirewallRules: [{75AB9E73-6478-481C-B261-839A9804F112}] => (Allow) LPort=5800 FirewallRules: [{0A2FD84C-FEA9-4E3F-AB05-671B80ED00D0}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC) FirewallRules: [{3A9EF195-5460-462A-BF2F-5A40D372A23E}] => (Allow) C:\Program Files (x86)\UltraVNC\winvnc.exe (uvnc bvba -> UltraVNC) FirewallRules: [{C42E0033-CAEA-4733-BF5F-3875EA507A23}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC) FirewallRules: [{B8FCAE3E-0000-4D1E-B9DD-9B94A2593B3E}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe (uvnc bvba -> UltraVNC) FirewallRules: [{A460C600-8836-4251-A5AC-3D10885CE1AC}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{00DAC29B-C40A-4A8D-9C21-8448657B2FDB}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Samsung Electronics CO., LTD. -> ) FirewallRules: [{FFD6ABF8-6C42-4315-BB0B-03230962B1A9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{92B7C7E8-8F01-473E-AB0A-8503AEDF0C69}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{2D446410-4180-484B-B790-DF746B204401}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{9BE6A735-5B80-462B-B77A-4E24716095E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{016A2A17-FE2F-49B3-84A1-9107FAB2174E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{17C34D38-AB6F-46AF-A4C5-D9B0D824E365}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{C819E22C-C23D-497D-A34B-48801DCC286B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [Arquivo n�o assinado] FirewallRules: [{AB31D7F3-FA05-4150-AEF5-C2C5008C00B8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe (Samsung Electronics Co., Ltd.) [Arquivo n�o assinado] FirewallRules: [{E1A36371-500C-4AB4-817B-E4ACA1559832}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{97CB0F16-0BEF-4C20-A69A-2E1B1D6756DB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) FirewallRules: [{64E9AC38-9E86-454F-9B92-1E7310ED5AC4}] => (Allow) LPort=5405 FirewallRules: [{F9331017-1747-47F5-877D-5F9B5018A081}] => (Allow) LPort=5505 FirewallRules: [{882DDA1F-C0E1-4930-9D73-3F98117C1DC8}] => (Allow) LPort=5805 FirewallRules: [{81F7009D-6447-4F8D-9D0D-00DA3141C790}] => (Allow) LPort=5905 FirewallRules: [{D42D296F-9832-4292-9AD8-5BA9A4708F06}] => (Allow) C:\Cacic\Modulos\srcacicserver.exe => Nenhum Arquivo FirewallRules: [{E90FEAB6-34DF-4536-AC59-5F0B69422A90}] => (Allow) C:\Cacic\Modulos\srcacicserver.exe => Nenhum Arquivo FirewallRules: [{F6462F04-FD4A-447D-A37C-BD8F9F9A6A6C}] => (Allow) C:\Cacic\Modulos\srcacicsrv.exe => Nenhum Arquivo FirewallRules: [{94168AF2-FBB6-497E-8EC0-40EBC02381F0}] => (Allow) C:\Cacic\Modulos\srcacicsrv.exe => Nenhum Arquivo FirewallRules: [{3DFA66F4-346D-4ED4-BA9F-F095CAE50C07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{B7D16902-DA44-45EE-827F-EDF561A37FFE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{99FE44C6-F7EB-4075-92CF-310C1F3AD6B7}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) FirewallRules: [{DA1491A5-17B5-4286-9E27-74C80C6E44CE}] => (Allow) C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe (Kodak Alaris Inc. -> Kodak Alaris Inc.) FirewallRules: [{E1829DFA-5A55-42B2-B60C-7B1BC9851C65}] => (Allow) C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe (Kodak Alaris Inc. -> Kodak Alaris Inc.) FirewallRules: [{B1DF8924-8F22-4960-916F-1A3AB4D5DD1D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{3DB235A7-6FB2-4CAA-96C8-31502E1D887B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{2B0271BE-A245-4304-811B-265C8D5F43CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{743AB037-81B7-4317-A32D-2A028D7719DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F2EA8FCE-802A-4C60-9B3C-4D6288C9BF6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) HKU\S-1-5-21-530474809-1679542572-2355305007-1000\...\MountPoints2: {51170539-e73c-11e3-9dd9-806e6f6e6963} - D:\set_up.exe Task: {13E0529A-9D12-4883-9B02-C359FED7CAC2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.) Task: {14BC07EB-67F5-4831-ABC2-556BC169CC6B} - System32\Tasks\{2A799D3A-8C42-41F8-A436-B58E29016E02} => C:\Windows\system32\pcalua.exe -a C:\Users\INSS\Downloads\Sads130400.exe -d C:\Users\INSS\Downloads Task: {3599144D-F156-4F3D-9DE2-C44B9365FD24} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {4D946A1A-6781-4799-B9F7-E96D94B86ED4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233224 2011-11-25] (Intel� Services Manager -> Intel Corporation) Task: {6BD69544-3650-44CD-BE76-76DDF52CECD1} - System32\Tasks\{96660FF6-1AFD-429A-B0E4-9C19A0D4A925} => C:\Windows\system32\pcalua.exe -a C:\Users\INSS\Downloads\InstaladorCadeiaV2.exe -d C:\Users\INSS\Downloads Task: {6E3A38B9-D989-487B-99E5-B7288844C8BF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [233224 2011-11-25] (Intel� Services Manager -> Intel Corporation) Task: {779DCBBC-759F-48E5-8E3F-DBAB46BB841B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.) Task: {7ECD7B8F-397B-4A50-BE09-B8F1082FA57F} - System32\Tasks\kodakalarisincscanner => C:\Windows\System32\Kodak\kascannerservice\kascannerservice.exe [217008 2019-01-03] (Kodak Alaris Inc. -> Kodak Alaris Inc.) Task: {89628670-C301-456C-ADB8-053B60A7FA19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [257416 2013-12-19] (Adobe Systems Incorporated -> Adobe Systems Incorporated) Task: {8DAA4222-D439-441C-AE08-2BF79AA78D11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc -> Google Inc.) Task: {9516BD6C-1A1B-47E0-9F45-034A8E2BB2E4} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation) Task: {9A4A9E27-9C2B-4545-B994-85694D6664B7} - \WPD\SqmUpload_S-1-5-21-530474809-1679542572-2355305007-500 -> Nenhum Arquivo <==== ATEN��O Task: {A6B256E1-A745-4EBE-B803-F6A23A2B61A7} - \ScriptGegX -> Nenhum Arquivo <==== ATEN��O Task: {B7C7EE1B-E549-406E-B332-A4F2E2662D1B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation) Task: {DB9EC9A1-07AD-4065-A030-20613830186C} - System32\Tasks\update-S-1-5-21-530474809-1679542572-2355305007-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: {EA51A5E3-6794-4EED-B3E8-5277602B5638} - System32\Tasks\{1732AC89-B35C-4143-A86B-B8A595FCC878} => C:\Windows\system32\pcalua.exe -a C:\temp\setup.EXE -d C:\temp <==== ATEN��O Task: {F5B4C490-320D-40F1-94EE-9D44A5580279} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\update-S-1-5-21-530474809-1679542572-2355305007-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Tcpip\Parameters: [DhcpNameServer] 177.131.112.10 177.131.112.10 Tcpip\..\Interfaces\{15B97023-8227-48B7-AEC4-00DEBB7DF46B}: [DhcpNameServer] 177.131.112.10 177.131.112.10 Tcpip\..\Interfaces\{584946ED-5ECC-45B8-A880-84B92F92B356}: [NameServer] 10.31.220.21,10.70.124.20 VirusTotal: C:\Windows\Twain_32\fjscan32\FjtwMkup.exe VirusTotal: C:\Program Files (x86)\UltraVNC\winvnc.exe CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\OfficeScan NT => removido (a) com sucesso. HKLM\Software\Classes\CLSID\{AF4F7471-FCFB-11d0-80B6-0080C838D5F9} => removido (a) com sucesso. HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\OfficeScan NT => removido (a) com sucesso. HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\OfficeScan NT => removido (a) com sucesso. HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removido (a) com sucesso. HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\SPPSVC-In-TCP-NoScope" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7C9E613B-5061-4350-83E2-B4B12475CB99}C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3D7F61B1-8F52-4453-AE10-D0188EBDDFDB}C:\program files (x86)\realtek\rtkwin7dashclientinstaller\rtkdashclient.exe" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FD906168-2E3B-4D73-9522-49DDDEFD2E4F}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{564C3D48-F78C-4050-8D96-7006584AC23C}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9537342D-C56C-476C-A09D-9ABBA3429AC6}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ABA1C779-EC44-4AAA-9F88-3959E8CC8A6E}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FTP-Out-TCP" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\FTP-Out-UDP" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CACIC-GERCOLS-Out-TCP" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CACIC-GERCOLS-Out-UDP" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CACIC-SRCACICSRV-Out-TCP" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\CACIC-SRCACICSRV-Out-UDP" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E0BEB8D4-BB67-430D-A14A-AF14142A48A5}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5CC7984F-CE61-4C8C-A4BE-3E8D49FE558C}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{13CAFDC3-347E-4A07-A486-324B99FCD354}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{75AB9E73-6478-481C-B261-839A9804F112}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0A2FD84C-FEA9-4E3F-AB05-671B80ED00D0}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3A9EF195-5460-462A-BF2F-5A40D372A23E}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C42E0033-CAEA-4733-BF5F-3875EA507A23}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8FCAE3E-0000-4D1E-B9DD-9B94A2593B3E}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A460C600-8836-4251-A5AC-3D10885CE1AC}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{00DAC29B-C40A-4A8D-9C21-8448657B2FDB}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FFD6ABF8-6C42-4315-BB0B-03230962B1A9}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92B7C7E8-8F01-473E-AB0A-8503AEDF0C69}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D446410-4180-484B-B790-DF746B204401}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9BE6A735-5B80-462B-B77A-4E24716095E5}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{016A2A17-FE2F-49B3-84A1-9107FAB2174E}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17C34D38-AB6F-46AF-A4C5-D9B0D824E365}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C819E22C-C23D-497D-A34B-48801DCC286B}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AB31D7F3-FA05-4150-AEF5-C2C5008C00B8}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1A36371-500C-4AB4-817B-E4ACA1559832}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97CB0F16-0BEF-4C20-A69A-2E1B1D6756DB}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{64E9AC38-9E86-454F-9B92-1E7310ED5AC4}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9331017-1747-47F5-877D-5F9B5018A081}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{882DDA1F-C0E1-4930-9D73-3F98117C1DC8}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81F7009D-6447-4F8D-9D0D-00DA3141C790}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D42D296F-9832-4292-9AD8-5BA9A4708F06}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E90FEAB6-34DF-4536-AC59-5F0B69422A90}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6462F04-FD4A-447D-A37C-BD8F9F9A6A6C}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{94168AF2-FBB6-497E-8EC0-40EBC02381F0}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DFA66F4-346D-4ED4-BA9F-F095CAE50C07}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B7D16902-DA44-45EE-827F-EDF561A37FFE}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{99FE44C6-F7EB-4075-92CF-310C1F3AD6B7}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA1491A5-17B5-4286-9E27-74C80C6E44CE}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1829DFA-5A55-42B2-B60C-7B1BC9851C65}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B1DF8924-8F22-4960-916F-1A3AB4D5DD1D}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DB235A7-6FB2-4CAA-96C8-31502E1D887B}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B0271BE-A245-4304-811B-265C8D5F43CD}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{743AB037-81B7-4317-A32D-2A028D7719DC}" => removido (a) com sucesso. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2EA8FCE-802A-4C60-9B3C-4D6288C9BF6B}" => removido (a) com sucesso. HKU\S-1-5-21-530474809-1679542572-2355305007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51170539-e73c-11e3-9dd9-806e6f6e6963} => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13E0529A-9D12-4883-9B02-C359FED7CAC2}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13E0529A-9D12-4883-9B02-C359FED7CAC2}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14BC07EB-67F5-4831-ABC2-556BC169CC6B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14BC07EB-67F5-4831-ABC2-556BC169CC6B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\{2A799D3A-8C42-41F8-A436-B58E29016E02} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A799D3A-8C42-41F8-A436-B58E29016E02}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3599144D-F156-4F3D-9DE2-C44B9365FD24}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3599144D-F156-4F3D-9DE2-C44B9365FD24}" => removido (a) com sucesso. C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D946A1A-6781-4799-B9F7-E96D94B86ED4}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D946A1A-6781-4799-B9F7-E96D94B86ED4}" => removido (a) com sucesso. C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6BD69544-3650-44CD-BE76-76DDF52CECD1}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6BD69544-3650-44CD-BE76-76DDF52CECD1}" => removido (a) com sucesso. C:\Windows\System32\Tasks\{96660FF6-1AFD-429A-B0E4-9C19A0D4A925} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{96660FF6-1AFD-429A-B0E4-9C19A0D4A925}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E3A38B9-D989-487B-99E5-B7288844C8BF}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E3A38B9-D989-487B-99E5-B7288844C8BF}" => removido (a) com sucesso. C:\Windows\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{779DCBBC-759F-48E5-8E3F-DBAB46BB841B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{779DCBBC-759F-48E5-8E3F-DBAB46BB841B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7ECD7B8F-397B-4A50-BE09-B8F1082FA57F}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ECD7B8F-397B-4A50-BE09-B8F1082FA57F}" => removido (a) com sucesso. C:\Windows\System32\Tasks\kodakalarisincscanner => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kodakalarisincscanner" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89628670-C301-456C-ADB8-053B60A7FA19}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89628670-C301-456C-ADB8-053B60A7FA19}" => removido (a) com sucesso. C:\Windows\System32\Tasks\Adobe Flash Player Updater => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DAA4222-D439-441C-AE08-2BF79AA78D11}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DAA4222-D439-441C-AE08-2BF79AA78D11}" => removido (a) com sucesso. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9516BD6C-1A1B-47E0-9F45-034A8E2BB2E4}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9516BD6C-1A1B-47E0-9F45-034A8E2BB2E4}" => removido (a) com sucesso. C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A4A9E27-9C2B-4545-B994-85694D6664B7}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A4A9E27-9C2B-4545-B994-85694D6664B7}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-530474809-1679542572-2355305007-500" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6B256E1-A745-4EBE-B803-F6A23A2B61A7}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6B256E1-A745-4EBE-B803-F6A23A2B61A7}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScriptGegX" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7C7EE1B-E549-406E-B332-A4F2E2662D1B}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7C7EE1B-E549-406E-B332-A4F2E2662D1B}" => removido (a) com sucesso. C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB9EC9A1-07AD-4065-A030-20613830186C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB9EC9A1-07AD-4065-A030-20613830186C}" => removido (a) com sucesso. C:\Windows\System32\Tasks\update-S-1-5-21-530474809-1679542572-2355305007-1000 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-S-1-5-21-530474809-1679542572-2355305007-1000" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EA51A5E3-6794-4EED-B3E8-5277602B5638}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA51A5E3-6794-4EED-B3E8-5277602B5638}" => removido (a) com sucesso. C:\Windows\System32\Tasks\{1732AC89-B35C-4143-A86B-B8A595FCC878} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1732AC89-B35C-4143-A86B-B8A595FCC878}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5B4C490-320D-40F1-94EE-9D44A5580279}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5B4C490-320D-40F1-94EE-9D44A5580279}" => removido (a) com sucesso. C:\Windows\System32\Tasks\update-sys => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\update-sys" => removido (a) com sucesso. C:\Windows\Tasks\Adobe Flash Player Updater.job => movido com sucesso C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => movido com sucesso C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => movido com sucesso C:\Windows\Tasks\update-S-1-5-21-530474809-1679542572-2355305007-1000.job => movido com sucesso C:\Windows\Tasks\update-sys.job => movido com sucesso "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removido (a) com sucesso. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15B97023-8227-48B7-AEC4-00DEBB7DF46B}\\DhcpNameServer" => removido (a) com sucesso. "HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{584946ED-5ECC-45B8-A880-84B92F92B356}\\NameServer" => removido (a) com sucesso. VirusTotal: C:\Windows\Twain_32\fjscan32\FjtwMkup.exe => (3) Erro VirusTotal: C:\Program Files (x86)\UltraVNC\winvnc.exe => (3) Erro ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. "HKU\S-1-5-21-530474809-1679542572-2355305007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-530474809-1679542572-2355305007-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47762955 B Java, Flash, Steam htmlcache => 506 B Windows/system/drivers => 1168668977 B Edge => 0 B Chrome => 655115258 B Firefox => 1101986070 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 128279 B systemprofile32 => 451682 B LocalService => 451682 B NetworkService => 1749294 B INSS => 7733179483 B RecycleBin => 49674937 B EmptyTemp: => 10 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 11:13:28 ====

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@Luiz Agripino

 

  1. Clique no menu Iniciar, e após isso clique com o botão direito do mouse sob Meu computador e selecione a opção Propriedades.
  2. Em Propriedades, selecione a opção Configurações avançadas do sistema.
  3. Vá na aba Proteção do Sistema, e em Restauração do Sistema, vá na opção Criar.
    fce2f587-5556-456b-93d4-00966ae7f59d
  4. Depois basta seguir as instruções em tela, para criar seu ponto de restauração.OBS: Lembre-se de colocar um nome de fácil entendimento para uma posterior restauração a partir deste ponto.

Pressione as teclas Windows conheca-atalhos-de-teclado-para-dominar-o-windows-8-2.jpg + R e digite: msconfig 

- Clique na guia Serviços, marque a opção Ocultar todos os serviços Microsoft e depois clique em Desativar tudo

- Clique na guia Inicialização de Programas e clique em Desativar tudo 

 

Siga as mensagens ate que seja solicitado a reiniciar.Após isso me informe se os problemas em relação a malwares ainda persistem.

 

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança
7 horas atrás, Luiz Agripino disse:

Continua dando mensagem que sugere persistência de invasão (vide arquivo em anexo)

 

Essa parte você não comentou no seu primeiro post.

 

Já mudou a senha do se roteador? Verifique se o DNS configurado no seu roteador pertence a sua operadora.

Link para o comentário
Compartilhar em outros sites

  • Analista de Segurança

@Luiz Agripino

 

Em relação a malwares, não temos mais problemas.

MANTENHA O SO ATUALIZADO:
Mantenha como "automatica" as atualizações do windows. Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações. Por isso é fundamental manter o seu sistema atualizado.

Se não tiver mais problema em relação a malwares, clique em Denunciar Post localizado no topo da pagina e diga que seu topico está RESOLVIDO. Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do CdH.

  • Obrigado 1
Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novas respostas.

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Como ganhar dinheiro montando computadores!

MINICURSO GRÁTIS!

Como ganhar dinheiro montando computadores!

CLIQUE AQUI E INSCREVA-SE AGORA MESMO!