Ir ao conteúdo
  • Cadastre-se

tugabcl

Membros Juniores
  • Total de itens

    17
  • Registro em

  • Última visita

  • Qualificações

    N/D
  1. # Run at 07/08/2020 13:07:10 # KpRm (Kernel-panik) version 2.8 # Website https://kernel-panik.me/tool/kprm/ # Run by TugaPortatil from C:\Users\TugaPortatil\Desktop # Computer Name: DESKTOP-F5J229H # OS: Windows 10 X64 (18363) # Number of passes: 1 - Checked options - ~ Registry Backup ~ Delete Tools ~ Restore System Settings ~ UAC Restore ~ Delete Restore Points ~ Create Restore Point ~ Delete Quarantines after 7 days - Create Registry Backup - ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up ~ [OK] Hive C:\Users\TugaPortatil\NTUSER.dat backed up [OK] Registry Backup: C:\KPRM\backup\2020-08-07-13-07-10 - Delete Tools - ## ZHP Tools [OK] C:\Users\TugaPortatil\AppData\Local\ZHP deleted [OK] HKCU\SOFTWARE\ZHP deleted ## Zoek [OK] C:\runcheck.txt deleted - Other Lines - ## Quarantines never deleted ~ C:\Users\TugaPortatil\AppData\Roaming\ZHP (ZHP) ## Quarantines that will be deleted in 7 days (2020/08/14) ~ C:\AdwCleaner (AdwCleaner) ~ C:\FRST (FRST) ~ C:\ProgramData\RogueKiller\quarantine\C0F4212F6FE1A8F1.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\BA9704A72CC050AA.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\D602567E871CBF60.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\C0F4212F6FE1A8F1.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\BA9704A72CC050AA.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\B334448AC69F5A84.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\B334448AC69F5A84.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\B6BF04C8B37EE604.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\B6BF04C8B37EE604.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\F78B0274493C3D23.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\F78B0274493C3D23.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\F8D64FDBBF299D5A.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\F8D64FDBBF299D5A.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\F332934812A504CC.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\E3D688FE6B6699C4.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\D602567E871CBF60.reg (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\F332934812A504CC.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\E3D688FE6B6699C4.reg (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\92E66ACF7FC429CC.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\15778D861F3BDEFE.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\15778D861F3BDEFE.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\161013A8BDEF3B22.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\161013A8BDEF3B22.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\0CBB196F08A216A1.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\0CBB196F08A216A1.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\1372F2CAAA7CA099.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\1372F2CAAA7CA099.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\316AFEFA911CB997.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\7FEE3FA2EB65E2DC.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\47DACD9E1C049A9D.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\92E66ACF7FC429CC.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\7FEE3FA2EB65E2DC.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\3FFF6B0F99084BC0.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\316AFEFA911CB997.vir (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\47DACD9E1C049A9D.meta (RogueKiller) ~ C:\ProgramData\RogueKiller\quarantine\3FFF6B0F99084BC0.vir (RogueKiller) ~ C:\zoek_backup (Zoek) - Restore System Settings - [OK] Reset WinSock [OK] FLUSHDNS [OK] Hide Hidden file. [OK] Show Extensions for known file types [OK] Hide protected operating system files - Restore UAC - [OK] Set EnableLUA with default (1) value [OK] Set ConsentPromptBehaviorAdmin with default (5) value [OK] Set ConsentPromptBehaviorUser with default (3) value [OK] Set EnableInstallerDetection with default (0) value [OK] Set EnableSecureUIAPaths with default (1) value [OK] Set EnableUIADesktopToggle with default (0) value [OK] Set EnableVirtualization with default (1) value [OK] Set FilterAdministratorToken with default (0) value [OK] Set PromptOnSecureDesktop with default (1) value [OK] Set ValidateAdminCodeSignatures with default (0) value - Clear Restore Points - ~ [OK] RP named ZHPcleaner created at 08/06/2020 12:24:54 deleted [OK] All system restore points have been successfully deleted - Create Restore Point - [OK] System Restore Point created - Display System Restore Point - ~ RP named KpRm created at 08/07/2020 12:07:24 -- KPRM finished in 38.53s --
  2. # ------------------------------- # Malwarebytes AdwCleaner 8.0.7.0 # ------------------------------- # Build: 07-22-2020 # Database: 2020-07-20.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-06-2020 # Duration: 00:00:00 # OS: Windows 10 Pro # Cleaned: 2 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\TugaPortatil\AppData\Roaming\Microsoft\Windows\Start Menu\WiperSoft ***** [ Files ] ***** Deleted C:\Windows\System32\wiperrm.exe ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1524 octets] - [06/08/2020 13:06:49] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## ################################################################## ~ ZHPCleaner v2020.8.2.219 by Nicolas Coolman (2020/08/02) ~ Run by TugaPortatil (Administrator) (06/08/2020 13:13:36) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\TugaPortatil\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\TugaPortatil\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 18363) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (1) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (1) FOUND file: C:\Windows\Prefetch\KMSAUTO X64.EXE-86D4CC1C.pf =>HackTool.WinActivator ---\\ Registry ( Key, Value, Data) (1) FOUND key: HKLM\SOFTWARE\Wow6432Node\Machiner [AdditionalScan 281] =>Trojan.CrthRazy ---\\ Summary of the elements found (2) https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.CrthRazy ---\\ Result of repair ~ Any repair made ~ Google Chrome OK ~ Internet Explorer OK ---\\ Statistics ~ Items scanned : 94633 ~ Items found : 2 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 8/15 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ End of search in 00h09mn38s ---\\ Reports (0) ZHPCleaner--06082020-13_23_14.txt ##################################################################### ~ ZHPCleaner v2020.8.2.219 by Nicolas Coolman (2020/08/02) ~ Run by TugaPortatil (Administrator) (06/08/2020 13:25:24) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Repair ~ Report : C:\Users\TugaPortatil\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\TugaPortatil\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 18363) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (1) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (1) MOVED file: C:\Windows\Prefetch\KMSAUTO X64.EXE-86D4CC1C.pf =>HackTool.WinActivator ---\\ Registry ( Key, Value, Data) (1) DELETED key*: HKLM\SOFTWARE\Wow6432Node\Machiner [AdditionalScan 281] =>Trojan.CrthRazy ---\\ Summary of the elements found (2) https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.CrthRazy ---\\ Other deletions. (5) ~ Registry Keys Tracing deleted (5) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Google Chrome OK ~ Internet Explorer OK ---\\ Statistics ~ Items scanned : 940 ~ Items found : 0 ~ Items cancelled : 0 ~ Space saving (bytes) : 0 ~ Items options : 8/15 ---\\ OPTIONS NOT ACTIVES ~ Temporary file analysis ~ Temporary folder analysis ~ Empty Folder CLSID Analysis ~ Empty Other Folder Analysis ~ Empty LocalLow Folder Analysis ~ Empty Local Folder Analysis ~ Obsolete Installer File Analysis ~ End of clean in 00h00mn12s ---\\ Reports (2) ZHPCleaner--06082020-13_23_14.txt ZHPCleaner-[R]-06082020-13_25_36.txt
  3. Agora já deu operação com sucesso mas o chrome continua abrir paginas sem eu fazer nada
  4. Dá Error: Acesso negado
  5. RogueKiller Anti-Malware V14.6.2.0 (x64) [Jul 27 2020] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.18363) 64 bits Started in : Normal mode User : TugaPortatil [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20200803_112849, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2020/08/04 00:10:55 (Duration : 00:20:50) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Suspicious.Path (Potentially Malicious)] 835ADA1A9AD4 -- %SystemRoot%\835ADA1A9AD4.sys -> Stopped [PUP.WiperSoft (Potentially Malicious)] HKEY_USERS\S-1-5-21-3034433205-2147647340-3369088547-1001\Software\WiperSoft -- -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\835ADA1A9AD4 -- [%SystemRoot%\835ADA1A9AD4.sys] -> ERROR [5] [PUP.WiperSoft (Potentially Malicious)] WiperSoft -- %_TugaPortatil_appdata%\WiperSoft -> Deleted => signatures.dat -- C:\Users\TUGAPO~1\AppData\Roaming\WIPERS~1\SIGNAT~1.DAT -> Deleted => whitelist.dat -- C:\Users\TUGAPO~1\AppData\Roaming\WIPERS~1\WHITEL~1.DAT -> Deleted => wipersoft.dat -- C:\Users\TUGAPO~1\AppData\Roaming\WIPERS~1\WIPERS~1.DAT -> Deleted => wipersoft.eni -- C:\Users\TUGAPO~1\AppData\Roaming\WIPERS~1\WIPERS~1.ENI -> Deleted => WiperSoft.Fix.log -- C:\Users\TUGAPO~1\AppData\Roaming\WIPERS~1\WIPERS~1.LOG -> Deleted => WiperSoft.Scan.log -- C:\Users\TUGAPO~1\AppData\Roaming\WIPERS~1\WIPERS~2.LOG -> Deleted [PUP.WiperSoft (Potentially Malicious)] WiperSoft Uninstall.lnk -- %_TugaPortatil_appdata%\Microsoft\Windows\Start Menu\WiperSoft\WiperSoft Uninstall.lnk (lnk => C:\program files\WiperSoft\WiperSoft-inst.exe [/lng=pt /remove=install.dat]) -> Deleted [PUP.WiperSoft (Potentially Malicious)] WiperSoft.lnk -- %_TugaPortatil_appdata%\Microsoft\Windows\Start Menu\WiperSoft\WiperSoft.lnk (lnk => C:\PROGRA~1\WIPERS~1\WIPERS~2.EXE []) -> Deleted [PUP.WiperSoft (Potentially Malicious)] WiperSoft -- %ProgramFiles%\WiperSoft -> Deleted => install.dat -- C:\PROGRA~1\WIPERS~1\install.dat -> Deleted => license_en.txt -- C:\PROGRA~1\WIPERS~1\LICENS~1.TXT -> Deleted => offreg.dll -- C:\PROGRA~1\WIPERS~1\offreg.dll -> Deleted => OpenSans-Bold.ttf -- C:\PROGRA~1\WIPERS~1\OPENSA~1.TTF -> Deleted => OpenSans-Light.ttf -- C:\PROGRA~1\WIPERS~1\OPENSA~2.TTF -> Deleted => OpenSans-Regular.ttf -- C:\PROGRA~1\WIPERS~1\OPENSA~4.TTF -> Deleted => OpenSans-Semibold.ttf -- C:\PROGRA~1\WIPERS~1\OPENSA~3.TTF -> Deleted => WiperSoft.exe -- C:\PROGRA~1\WIPERS~1\WIPERS~2.EXE -> Deleted Fixlog.txt
  6. Aqui vai desculpe esqueçeu FRST.txt
  7. A minha mãe instalou alguma coisa de certeza que fez com que isto acontece-se. Por Portugal esta-se bem com as devidas precauções contra esse covid que ninguém vê. Fixlog.txt cureit.log Addition.txt
  8. Não os resto dos ficheiro não vejo problemas
  9. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-07-2020 Ran by TugaPortatil (administrator) on DESKTOP-F5J229H (clevo M7X0SU) (29-07-2020 13:29:03) Running from C:\Users\TugaPortatil\Desktop Loaded Profiles: TugaPortatil Platform: Windows 10 Pro Version 1909 18363.900 (X64) Language: Português (Portugal) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.220.4292.0_x64__8wekyb3d8bbwe\GameBar.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.220.4292.0_x64__8wekyb3d8bbwe\GameBarFT.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.220.4292.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2006.10-0\MsMpEng.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2> (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeApp.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7573024 2009-03-24] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-24] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) HKLM\...\Run: [BisonHK] => C:\Program Files (x86)\BisonCam\BisonHK.exe [77824 2009-06-09] (mychat) [File not signed] HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) HKU\S-1-5-21-3034433205-2147647340-3369088547-1001\...\Run: [ebptuzws] => "C:\Users\TugaPortatil\uhtqjwbl.exe" HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\84.0.4147.89\Installer\chrmstp.exe [2020-07-25] (Google LLC -> Google LLC) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2699AE8C-2B1A-4085-9560-26BA22EDFE7D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4571056 2020-07-25] (Microsoft Corporation -> Microsoft Corporation) Task: {307FADDE-121F-4DC6-B62F-C8A3AA601533} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation) Task: {5409296E-AA3F-4B74-9ABF-DA3C1690FF28} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123752 2020-07-25] (Microsoft Corporation -> Microsoft Corporation) Task: {5D7BC5FF-0EDC-4360-9B97-D386DDE8BA8F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4571056 2020-07-25] (Microsoft Corporation -> Microsoft Corporation) Task: {67B373D7-B025-44D5-9512-D35A97462DB6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-09] (Google LLC -> Google LLC) Task: {7602FD68-1CA0-4C1A-A8BE-6811A2690752} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23815032 2020-07-07] (Microsoft Corporation -> Microsoft Corporation) Task: {CD0B1C24-E508-4A42-A540-62CA8B524275} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-04-09] (Google LLC -> Google LLC) Task: {D0049372-429F-48BF-8DCE-7F8B0ABE9481} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [123752 2020-07-25] (Microsoft Corporation -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{4ebc7189-9fea-4443-8d42-e2be40512035}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{5adb0812-34e5-4859-9a54-f60d72ef0847}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-25] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-25] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-25] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-25] (Microsoft Corporation -> Microsoft Corporation) Edge: ====== Edge Profile: C:\Users\TugaPortatil\AppData\Local\Microsoft\Edge\User Data\Default [2020-07-25] Edge Extension: (Microsoft Protect) - C:\Users\TugaPortatil\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fcppdfelojakeahklfgkjegnpbgndoch [2020-07-25] FireFox: ======== FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-04-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] Chrome: ======= CHR Profile: C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default [2020-07-29] CHR Session Restore: Default -> is enabled. CHR Extension: (Apresentações) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-04-09] CHR Extension: (Documentos) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-04-09] CHR Extension: (Google Drive) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-04-09] CHR Extension: (YouTube) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-04-09] CHR Extension: (d8yI+Hf7rX) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\eacfiipdbphhhdbbepdfgkgclpkeecgf [2020-07-25] CHR Extension: (Folhas de cálculo) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-04-09] CHR Extension: (Google Docs offline) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-06-12] CHR Extension: (Pagamentos via Chrome Web Store) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-04-09] CHR Extension: (Gmail) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-04-09] CHR Extension: (Chrome Media Router) - C:\Users\TugaPortatil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-25] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10574712 2020-07-02] (Microsoft Corporation -> Microsoft Corporation) R2 MBAMInstallerService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe [6307280 2020-07-25] (Malwarebytes Inc -> Malwarebytes) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\NisSrv.exe [2496144 2020-07-25] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2006.10-0\MsMpEng.exe [104192 2020-07-25] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 835ADA1A9AD4; C:\Windows\835ADA1A9AD4.sys [25368 2020-07-25] (大连纵梦网络科技有限公司 -> FsFilter Network) [File not signed] S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-01-09] (Microsoft Corporation) [File not signed] S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [129448 2017-09-19] (Future Technology Devices International Ltd -> Future Technology Devices International Ltd.) S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [89792 2017-09-19] (Future Technology Devices International Ltd -> Future Technology Devices International Ltd.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216056 2020-07-26] (Malwarebytes Inc -> Malwarebytes) S3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197264 2020-07-26] (Malwarebytes Inc -> Malwarebytes) S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-07-26] (Malwarebytes Inc -> Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-07-25] (Malwarebytes Inc -> Malwarebytes) S3 RTL8187B; C:\Windows\System32\drivers\rtl8187B.sys [452096 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation) R3 SiSGbeLH; C:\Windows\System32\drivers\SiSG664.sys [56832 2019-03-19] (Microsoft Windows -> Silicon Integrated Systems Corp.) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [45976 2020-07-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [408816 2020-07-25] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [64224 2020-07-25] (Microsoft Windows -> Microsoft Corporation) S1 siggjdus; \??\C:\Windows\system32\drivers\siggjdus.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-07-29 13:29 - 2020-07-29 13:30 - 000014976 _____ C:\Users\TugaPortatil\Desktop\FRST.txt 2020-07-29 13:24 - 2020-07-29 13:29 - 000000000 ____D C:\FRST 2020-07-29 13:20 - 2020-07-29 13:20 - 000000000 ____D C:\Users\TugaPortatil\AppData\LocalLow\IGDump 2020-07-29 13:16 - 2020-07-29 13:16 - 002296320 _____ (Farbar) C:\Users\TugaPortatil\Desktop\FRST64.exe 2020-07-28 10:24 - 2020-07-28 10:24 - 001682976 _____ C:\Users\TugaPortatil\Downloads\CDM v2.12.28 WHQL Certified.zip 2020-07-28 10:24 - 2020-07-28 10:24 - 000000000 ____D C:\Users\TugaPortatil\Desktop\Nova pasta 2020-07-28 10:24 - 2017-09-19 16:46 - 000089792 _____ (Future Technology Devices International Ltd.) C:\Windows\system32\Drivers\ftser2k.sys 2020-07-28 10:24 - 2017-09-19 16:46 - 000074968 _____ (FTDI Ltd.) C:\Windows\system32\ftcserco.dll 2020-07-28 10:24 - 2017-09-19 16:46 - 000065240 _____ (FTDI Ltd.) C:\Windows\system32\ftserui2.dll 2020-07-26 14:54 - 2020-07-26 14:54 - 000197264 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-07-26 14:54 - 2020-07-26 14:54 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-07-26 14:52 - 2020-07-26 15:07 - 000000000 ____D C:\Program Files (x86)\Multiecuscan 2020-07-26 14:52 - 2020-07-26 14:52 - 000002945 _____ C:\Users\TugaPortatil\Desktop\Multiecuscan.lnk 2020-07-26 14:52 - 2020-07-26 14:52 - 000000000 ____D C:\Users\TugaPortatil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Multiecuscan 2020-07-26 14:43 - 2016-08-24 21:29 - 000000000 ____D C:\Users\TugaPortatil\Desktop\Fiat Multiecuscan v3.1 Full Registered 2020-07-26 13:42 - 2016-12-12 21:12 - 000000000 ____D C:\Users\TugaPortatil\Desktop\AlfaOBD_1.9.1.0_PC 2020-07-26 13:38 - 2020-07-26 13:38 - 000216056 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-07-26 13:37 - 2020-07-26 13:37 - 000916735 _____ (SQLite Development Team) C:\Users\TugaPortatil\AppData\LocalLow\sqlite3.dll 2020-07-26 13:37 - 2020-06-14 23:46 - 000086016 _____ C:\Users\TugaPortatil\AppData\LocalLow\exuieaoEiI 2020-07-26 13:36 - 2020-07-26 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioConverter Studio 2020-07-26 13:36 - 2020-07-26 13:36 - 000000000 ____D C:\Program Files (x86)\AudioConverter Studio 2020-07-26 13:35 - 2020-07-26 13:35 - 010987139 _____ C:\Users\TugaPortatil\Downloads\setup_alfaobd-download-setup-30_2149287500616.zip 2020-07-26 13:29 - 2020-07-26 13:29 - 000000000 ____D C:\Users\TugaPortatil\AppData\LocalLow\Adobe 2020-07-26 13:29 - 2020-07-26 13:29 - 000000000 ____D C:\Users\TugaPortatil\AppData\Local\Adobe 2020-07-26 13:20 - 2020-07-26 13:20 - 000016864 _____ C:\ZA-Scan.txt 2020-07-26 13:17 - 2020-07-26 13:36 - 000000000 ____D C:\Users\TugaPortatil\AppData\Local\CrashDumps 2020-07-26 13:17 - 2020-07-26 13:20 - 000000600 _____ C:\runcheck.txt 2020-07-26 13:17 - 2020-07-26 13:17 - 000000000 ____D C:\zoek_backup 2020-07-26 13:16 - 2018-04-19 22:18 - 002041445 _____ C:\Users\TugaPortatil\Desktop\Z-Analyse.exe 2020-07-26 13:16 - 2018-04-18 00:39 - 002038755 _____ C:\Users\TugaPortatil\Desktop\zoek.exe 2020-07-26 13:16 - 2018-04-18 00:39 - 002038755 _____ C:\Users\TugaPortatil\Desktop\ZA-Scan.exe 2020-07-26 13:15 - 2020-07-26 13:15 - 006102389 _____ C:\Users\TugaPortatil\Downloads\zoek.zip 2020-07-26 12:56 - 2020-07-26 12:56 - 000000000 ____D C:\avast! sandbox 2020-07-26 12:54 - 2020-07-26 12:54 - 000000000 ____D C:\Windows\system32\appmgmt 2020-07-26 12:27 - 2020-07-26 13:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware 2020-07-26 12:26 - 2020-07-26 12:26 - 000000000 ____D C:\ProgramData\GridinSoft 2020-07-26 11:52 - 2020-07-26 11:52 - 000025200 _____ (Wiper Software) C:\Windows\system32\wiperrm.exe 2020-07-26 11:52 - 2020-07-26 11:52 - 000000000 ____D C:\Users\TugaPortatil\AppData\Roaming\Microsoft\Windows\Start Menu\WiperSoft 2020-07-26 11:52 - 2020-07-26 11:52 - 000000000 ____D C:\Users\TugaPortatil\AppData\Local\CEF 2020-07-26 11:51 - 2020-07-26 13:04 - 000000000 ____D C:\Program Files\WiperSoft 2020-07-26 11:51 - 2020-07-26 11:57 - 000000000 ____D C:\Users\TugaPortatil\AppData\Roaming\WiperSoft 2020-07-26 11:50 - 2020-07-26 11:50 - 002525296 _____ (Wiper Software, UAB) C:\Users\TugaPortatil\Downloads\WiperSoft-installer.exe 2020-07-26 11:42 - 2020-07-26 13:01 - 000000000 ____D C:\ProgramData\Avast Software 2020-07-26 11:39 - 2020-07-26 11:41 - 000232168 _____ (AVAST Software) C:\Users\TugaPortatil\Downloads\avast_free_antivirus_setup_online.exe 2020-07-25 10:47 - 2020-07-25 10:47 - 000000000 ____D C:\Windows\SysWOW64\XPSViewer 2020-07-25 10:46 - 2020-07-25 10:46 - 000000000 ____D C:\Users\TugaPortatil\AppData\Local\mbam 2020-07-25 10:46 - 2020-07-25 10:46 - 000000000 ____D C:\Program Files\Reference Assemblies 2020-07-25 10:46 - 2020-07-25 10:46 - 000000000 ____D C:\Program Files\MSBuild 2020-07-25 10:46 - 2020-07-25 10:46 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2020-07-25 10:46 - 2020-07-25 10:46 - 000000000 ____D C:\Program Files (x86)\MSBuild 2020-07-25 10:44 - 2020-07-25 10:44 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-07-25 10:44 - 2020-07-25 10:44 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2020-07-25 10:44 - 2020-07-25 10:44 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2020-07-25 10:44 - 2020-07-25 10:43 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-07-25 10:43 - 2020-07-25 10:43 - 000000000 ____D C:\ProgramData\Malwarebytes 2020-07-25 10:43 - 2018-12-12 16:04 - 000205440 _____ (VS Revo Group) C:\Users\TugaPortatil\Desktop\RevoUPort.exe 2020-07-25 10:42 - 2020-07-25 10:42 - 001988280 _____ (Malwarebytes) C:\Users\TugaPortatil\Downloads\MBSetup-009996.009996-consumer.exe 2020-07-25 10:42 - 2020-07-25 10:42 - 000000000 ____D C:\Program Files\Malwarebytes 2020-07-25 10:42 - 2020-07-25 10:42 - 000000000 ____D C:\Malwarebytes 2020-07-25 10:41 - 2019-03-01 17:31 - 001166488 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll 2020-07-25 10:41 - 2019-03-01 17:31 - 000124568 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2020-07-25 10:41 - 2019-03-01 17:31 - 000035592 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2020-07-25 10:41 - 2019-02-05 18:41 - 000778912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2020-07-25 10:41 - 2019-02-05 18:41 - 000103072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2020-07-25 10:41 - 2019-02-05 18:41 - 000035592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2020-07-25 10:35 - 2020-07-25 10:37 - 009842945 _____ C:\Users\TugaPortatil\Downloads\RevoUninstaller_Portable.zip 2020-07-25 10:34 - 2020-07-25 10:34 - 001479400 _____ (Microsoft Corporation) C:\Users\TugaPortatil\Downloads\ndp48-web (1).exe 2020-07-25 10:27 - 2020-07-25 10:27 - 001479400 _____ (Microsoft Corporation) C:\Users\TugaPortatil\Downloads\ndp48-web.exe 2020-07-25 10:27 - 2020-07-25 10:27 - 000001116 _____ C:\Users\TugaPortatil\_readme.txt 2020-07-25 10:25 - 2020-07-25 10:25 - 000000000 ____D C:\SystemID 2020-07-25 10:24 - 2020-07-25 10:24 - 000000000 ____D C:\Users\TugaPortatil\AppData\Local\28a0dd4b-ea30-4cfd-8d05-9caacb324a5c 2020-07-25 10:15 - 2020-07-25 10:39 - 000000000 ____D C:\Users\TugaPortatil\AppData\Local\1d626dbe-68d4-498d-9c93-d5e38b6191bf 2020-07-25 09:55 - 2020-07-25 09:55 - 000025368 _____ (FsFilter Network) C:\Windows\835ADA1A9AD4.sys 2020-07-25 09:54 - 2020-07-25 09:54 - 000000000 ____D C:\Users\TugaPortatil\AppData\Roaming\thewaloffjim 2020-07-25 09:54 - 2020-07-25 09:54 - 000000000 ____D C:\Users\TugaPortatil\AppData\Roaming\Kyper 2020-07-25 09:53 - 2020-07-25 09:53 - 000000000 ____D C:\Program Files (x86)\Salamanda 2020-07-25 09:52 - 2020-07-25 10:36 - 000000000 ____D C:\Program Files (x86)\VKJd 2020-07-25 09:52 - 2020-07-25 10:23 - 000000000 ____D C:\Program Files (x86)\Lara 2020-07-25 09:52 - 2020-07-25 09:52 - 000000000 ____D C:\Users\TugaPortatil\AppData\Local\Western 2020-07-25 09:51 - 2020-07-25 10:27 - 011029430 _____ C:\Users\TugaPortatil\Desktop\setup_alfaobd-download-setup-30_1964962638541.zip.erif 2020-07-25 09:48 - 2020-07-25 09:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AlfaOBD 2020-07-25 09:48 - 2020-07-25 09:48 - 000000000 ____D C:\Program Files (x86)\AlfaOBD 2020-07-25 09:47 - 2020-07-25 09:47 - 000000000 ____D C:\Users\TugaPortatil\AppData\Local\Downloaded Installations 2020-07-25 09:45 - 2020-07-25 10:27 - 050674011 _____ C:\Users\TugaPortatil\Desktop\AlfaOBDsetup.exe.erif 2020-07-25 09:40 - 2017-09-19 11:38 - 000314552 _____ (FTDI Ltd.) C:\Windows\system32\ftd2xx.dll 2020-07-25 09:40 - 2017-09-19 11:38 - 000274616 _____ (FTDI Ltd.) C:\Windows\system32\FTLang.dll 2020-07-25 09:40 - 2017-09-19 11:38 - 000271672 _____ (FTDI Ltd.) C:\Windows\SysWOW64\ftd2xx.dll 2020-07-25 09:40 - 2017-09-19 11:38 - 000168112 _____ (FTDI Ltd.) C:\Windows\system32\ftbusui.dll 2020-07-25 09:40 - 2017-09-19 11:38 - 000129448 _____ (Future Technology Devices International Ltd.) C:\Windows\system32\Drivers\ftdibus.sys 2020-07-25 09:36 - 2020-07-25 10:27 - 000001127 _____ C:\Users\TugaPortatil\Desktop\AlfaOBD_LINKS.zip.erif ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-07-29 13:28 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-07-29 13:27 - 2020-04-09 15:50 - 000000000 ____D C:\ProgramData\NVIDIA 2020-07-29 13:27 - 2020-04-09 15:36 - 000000000 ____D C:\Users\TugaPortatil 2020-07-29 13:27 - 2020-04-09 15:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-07-29 13:27 - 2020-04-09 15:29 - 000000000 ____D C:\Windows\system32\SleepStudy 2020-07-29 13:24 - 2020-04-09 15:40 - 001761248 _____ C:\Windows\system32\PerfStringBackup.INI 2020-07-29 13:24 - 2019-03-19 13:48 - 000767478 _____ C:\Windows\system32\prfh0816.dat 2020-07-29 13:24 - 2019-03-19 13:48 - 000152578 _____ C:\Windows\system32\prfc0816.dat 2020-07-29 13:24 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF 2020-07-29 13:22 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP 2020-07-29 13:15 - 2020-06-14 23:45 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2020-07-29 13:15 - 2020-06-14 23:45 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2020-07-28 10:08 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness 2020-07-26 14:53 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI 2020-07-26 13:29 - 2020-04-09 15:37 - 000000000 ____D C:\Users\TugaPortatil\AppData\Roaming\Adobe 2020-07-26 12:18 - 2020-05-04 14:31 - 000268820 _____ C:\Windows\ntbtlog.txt 2020-07-26 11:56 - 2020-05-04 14:31 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2020-07-25 10:53 - 2020-04-09 16:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2020-07-25 10:53 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp 2020-07-25 10:47 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\MUI 2020-07-25 10:47 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\MUI 2020-07-25 10:27 - 2020-04-09 16:22 - 000000000 ____D C:\Users\TugaPortatil\Desktop\7 2020-07-25 10:27 - 2020-04-09 15:37 - 000000000 ____D C:\Users\TugaPortatil\AppData\Local\VirtualStore 2020-07-25 10:12 - 2020-04-09 15:41 - 000003394 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3034433205-2147647340-3369088547-1001 2020-07-25 10:12 - 2020-04-09 15:41 - 000000000 ___RD C:\Users\TugaPortatil\OneDrive 2020-07-25 10:12 - 2020-04-09 15:36 - 000002442 _____ C:\Users\TugaPortatil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-07-25 09:57 - 2020-04-09 15:30 - 000000000 ____D C:\Windows\system32\Drivers\wd 2020-07-25 09:55 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\LiveKernelReports 2020-07-25 09:46 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps 2020-07-25 09:35 - 2020-06-14 23:45 - 000003616 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2020-07-25 09:35 - 2020-06-14 23:45 - 000003492 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2020-07-25 09:35 - 2020-04-09 15:45 - 000002297 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-07-25 09:35 - 2020-04-09 15:45 - 000002256 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======== 2020-05-04 22:46 - 2020-05-04 22:46 - 000000000 _____ () C:\Users\TugaPortatil\AppData\Local\{6F63BE8D-35BF-4DAF-99E8-D9194AA7CBD7} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Addition.txt
  10. Chrome sempre abrir paginas e varios ficheiros foram convertidos para o formato .erif ZA-Scan.txt
  11. Ok o problema esta resolvido o computador já não se desliga sozinho. Obrigado pela ajuda
  12. O malwarebytes detecta PUP.Optional.SweetPage é motivo de preocupação? Deixo log: Malwarebytes www.malwarebytes.com -Detalhes de Relatório- Data da Verificação: 20/09/19 Hora da Verificação: 09:56 Ficheiro de Registo: 7915c86c-db84-11e9-a2cb-60a44c320ae2.json -Informação de Software- Versão: 3.8.3.2965 Versão dos Componentes: 1.0.625 Versão do Pacote de Atualização: 1.0.12571 Licença: Versão de Avaliação Gratuita -Informação do Sistema- SO: Windows 10 (Build 18362.356) CPU: x64 Sistema de Ficheiros: NTFS Utilizador: DESKTOP-KTK1TB7\helde -Resumo da Verificação- Tipo de Verificação: Verificação de Ameaças Verificação Iniciada Por: Manual Resultado: Concluída Objetos Verificados: 313530 Ameaças Detetadas: 1 Ameaças Movidas para Quarentena: 0 Tempo Decorrido: 1 min, 56 s -Opções de Verificação- Memória: Ativado Arranque: Ativado Sistema de Ficheiros: Ativado Arquivos: Ativado Rootkits: Desativado Heurística: Ativado PPI: Detetar MPI: Detetar -Detalhes da Verificação- Processo: 0 (Nenhum item malicioso detetado) Módulo: 0 (Nenhum item malicioso detetado) Chave de Registo: 0 (Nenhum item malicioso detetado) Valor de Registo: 0 (Nenhum item malicioso detetado) Dados de Registo: 0 (Nenhum item malicioso detetado) Fluxo de Dados: 0 (Nenhum item malicioso detetado) Pasta: 0 (Nenhum item malicioso detetado) Ficheiro: 1 PUP.Optional.SweetPage, C:\USERS\HELDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nenhuma Ação pelo Utilizador, [410], [455284],1.0.12571 Setor Físico: 0 (Nenhum item malicioso detetado) WMI: 0 (Nenhum item malicioso detetado) (end)
  13. RogueKiller Anti-Malware V13.4.4.0 (x64) [Sep 16 2019] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.18362) 64 bits Started in : Normal mode User : helde [Administrator] Started from : C:\Users\helde\Desktop\RogueKiller_portable64.exe Signatures : 20190919_093457, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2019/09/19 12:59:59 (Duration : 00:09:15) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  14. Malwarebytes www.malwarebytes.com -Detalhes de Relatório- Data da Verificação: 18/09/19 Hora da Verificação: 12:50 Ficheiro de Registo: 8097be04-da0a-11e9-af05-60a44c320ae2.json -Informação de Software- Versão: 3.8.3.2965 Versão dos Componentes: 1.0.625 Versão do Pacote de Atualização: 1.0.12533 Licença: Gratuita -Informação do Sistema- SO: Windows 10 (Build 18362.356) CPU: x64 Sistema de Ficheiros: NTFS Utilizador: DESKTOP-KTK1TB7\helde -Resumo da Verificação- Tipo de Verificação: Verificação Personalizada Verificação Iniciada Por: Manual Resultado: Concluída Objetos Verificados: 564133 Ameaças Detetadas: 11 Ameaças Movidas para Quarentena: 11 Tempo Decorrido: 7 h, 2 min, 40 s -Opções de Verificação- Memória: Ativado Arranque: Ativado Sistema de Ficheiros: Ativado Arquivos: Ativado Rootkits: Ativado Heurística: Ativado PPI: Detetar MPI: Detetar -Detalhes da Verificação- Processo: 0 (Nenhum item malicioso detetado) Módulo: 0 (Nenhum item malicioso detetado) Chave de Registo: 0 (Nenhum item malicioso detetado) Valor de Registo: 0 (Nenhum item malicioso detetado) Dados de Registo: 0 (Nenhum item malicioso detetado) Fluxo de Dados: 0 (Nenhum item malicioso detetado) Pasta: 0 (Nenhum item malicioso detetado) Ficheiro: 11 Trojan.BitCoinMiner, C:\ADWCLEANER\QUARANTINE\V1\20190914.125138\1\WINDOW.EXE#13AF14CA46C1A792, Movido para Quarentena, [576], [506836],1.0.12533 RiskWare.DontStealOurSoftware, C:\USERS\HELDE\APPDATA\ROAMING\Microsoft\Windows\Recent\hosts.lnk, Movido para Quarentena, [5300], [353142],1.0.12533 RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Substituído, [5300], [353142],1.0.12533 RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Substituído, [5300], [353142],1.0.12533 RiskWare.DontStealOurSoftware, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Substituído, [5300], [543391],1.0.12533 Generic.Malware/Suspicious, F:\$RECYCLE.BIN\S-1-5-21-1708849669-2118781856-2693232808-1000\$R6EAHHF.RAR, Movido para Quarentena, [0], [392686],1.0.12533 PUP.Optional.InstallCore, F:\$RECYCLE.BIN\S-1-5-21-67097090-2863490902-1304197545-1001\$RJL1LTP.ZIP, Movido para Quarentena, [454], [117726],1.0.12533 Generic.Malware/Suspicious, F:\PEN\SS HD2\COREAVC.PROFESSIONAL.EDITION.V1.9.5.INCL.KEYGEN-EDGE.RAR, Movido para Quarentena, [0], [392686],1.0.12533 MachineLearning/Anomalous.96%, F:\ALFA ROMEO 159\FIATECUSCAN\VAG-COM 409.1\VAG-COM 409.1 + CRACK\VAG-COM 409.0 CRACK\VAG-COM 409.0 CRACK.EXE, Movido para Quarentena, [0], [392687],1.0.12533 PUP.Optional.SpyHunter, F:\SPYHUNTER-INSTALLER.EXE, Movido para Quarentena, [5217], [433139],1.0.12533 PUP.Optional.RegCurePro, F:\REGCUREPROSETUP_EBB2E473-357D-4085-9C3F-D9CFD77A1892_.EXE, Movido para Quarentena, [1391], [336305],1.0.12533 Setor Físico: 0 (Nenhum item malicioso detetado) WMI: 0 (Nenhum item malicioso detetado) (end) ###################################################################################### # ------------------------------- # Malwarebytes AdwCleaner 7.4.1.0 # ------------------------------- # Build: 09-04-2019 # Database: 2019-09-18.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-18-2019 # Duration: 00:00:01 # OS: Windows 10 Pro # Cleaned: 1 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** No malicious registry entries cleaned. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Deleted http://www.sweet-page.com/?type=hp&ts=1432548441&z=039f728868ccc6ffe52f095gfzfc9o8wcz2bbz1c2t&from=cor&uid=SamsungXSSDX840XSeries_S14CNEAD219553P ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner_Debug.log - [60409 octets] - [14/09/2019 12:49:06] AdwCleaner[S00].txt - [2151 octets] - [14/09/2019 12:50:28] AdwCleaner[C00].txt - [2228 octets] - [14/09/2019 12:51:41] AdwCleaner[S01].txt - [1703 octets] - [16/09/2019 23:42:54] AdwCleaner[C01].txt - [1853 octets] - [16/09/2019 23:43:25] AdwCleaner[S02].txt - [1776 octets] - [17/09/2019 12:44:12] AdwCleaner[C02].txt - [1944 octets] - [17/09/2019 12:44:24] AdwCleaner[S03].txt - [1754 octets] - [17/09/2019 12:49:00] AdwCleaner[S04].txt - [1959 octets] - [18/09/2019 22:44:04] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C04].txt ########## ###################################################################################### ~ ZHPCleaner v2019.9.17.139 by Nicolas Coolman (2019/09/17) ~ Run by helde (Administrator) (18/09/2019 22:49:39) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\helde\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\helde\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 18362) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (23) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (9) FOUND file: C:\Users\helde\Desktop\BitTorrent.lnk [Bad : C:\Users\helde\AppData\Roaming\BitTorrent\BitTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) FOUND file: C:\Users\helde\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [Bad : C:\Users\helde\AppData\Roaming\BitTorrent\BitTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) FOUND file: C:\Users\helde\AppData\Roaming\BitTorrent\BitTorrent.exe [BitTorrent Inc. - BitTorrent] =>BitTorrent (P2P) FOUND file: C:\Users\helde\Desktop\BitTorrent.lnk =>BitTorrent (P2P) FOUND file: C:\Users\helde\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk =>BitTorrent (P2P) FOUND file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS FOUND file: C:\ProgramData\Microsoft Toolkit\Settings.xml =>HackTool.AutoKMS FOUND folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS FOUND folder: C:\WINDOWS\AutoKMS =>HackTool.AutoKMS ---\\ Registry ( Key, Value, Data) (1) FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent [BitTorrent Inc.] =>BitTorrent (P2P) ---\\ Summary of the elements found (2) https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 101968 ~ Items found : 17 ~ Items cancelled : 0 ~ Items options : 6/13 ~ Space saving (bytes) : 0 ~ End of search in 00h12mn02s ---\\ Reports (0) ZHPCleaner--18092019-23_01_41.txt ###################################################################################### ~ ZHPCleaner v2019.9.17.139 by Nicolas Coolman (2019/09/17) ~ Run by helde (Administrator) (18/09/2019 23:03:20) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\helde\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\helde\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ System Restore Point : OK ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 18362) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (23) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (5) MOVED file: C:\Users\helde\Desktop\BitTorrent.lnk [Bad : C:\Users\helde\AppData\Roaming\BitTorrent\BitTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\helde\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk [Bad : C:\Users\helde\AppData\Roaming\BitTorrent\BitTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS MOVED folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS MOVED folder: C:\WINDOWS\AutoKMS =>HackTool.AutoKMS ---\\ Registry ( Key, Value, Data) (1) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrent [BitTorrent Inc.] =>BitTorrent (P2P) ---\\ Summary of the elements found (2) https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS ---\\ Other deletions. (5) ~ Registry Keys Tracing deleted (5) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 1346 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 6/13 ~ Space saving (bytes) : 0 ~ End of clean in 00h00mn18s ---\\ Reports (2) ZHPCleaner--18092019-23_01_41.txt ZHPCleaner-[R]-18092019-23_03_38.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Aprenda a ler resistores e capacitores

EBOOK GRÁTIS!

CLIQUE AQUI E BAIXE AGORA MESMO!