Ir ao conteúdo
  • Cadastre-se

Carlos Roque

Membro Júnior
  • Total de itens

    9
  • Cadastrado em

  • Última visita

  • Qualificações

    0%

Tudo que Carlos Roque postou

  1. boa tarde reiniciou normal, tudo ok.
  2. bom dia segue RogueKiller Anti-Malware V15.0.3.0 (x64) [Jun 15 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19041) 64 bits Started in : Normal mode User : Carlos Roque [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20210622_084611, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/06/22 08:28:38 (Duration : 00:23:02) Switches : -minimize ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4172972481-2685928953-3407284005-1001\Software\Tencent -- N/A -> Found >>>>>> O87 - Firewall [Suspicious.Path (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1CB86B8B-D467-4C8D-9B62-44E53980E0D8} -- v2.30|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|App=C:\Users\Igor\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe|Name=nmap4trend|Desc=nmap4trend|EmbedCtxt=nmap4trend|Edge=TRUE|Defer=App| (C:\Users\Igor\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe) (missing) -> Found >>>>>> XX - System Policies [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ RogueKiller Anti-Malware V15.0.3.0 (x64) [Jun 15 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19041) 64 bits Started in : Normal mode User : Carlos Roque [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20210622_084611, Driver : Loaded Mode : Standard Scan, Delete -- Date : 2021/06/22 08:53:38 (Duration : 00:23:02) Switches : -minimize ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Gen1 (Potentially Malicious)] HKEY_USERS\S-1-5-21-4172972481-2685928953-3407284005-1001\Software\Tencent -- -> Deleted [Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{1CB86B8B-D467-4C8D-9B62-44E53980E0D8} -- [%_Carlos Roque_localappdata%\Temp\HouseCall\tmase\nmap\nmap.exe] -> Deleted [PUM.Policies (Potentially Malicious)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Replaced (2)
  3. boa tarde RogueKiller Anti-Malware V15.0.3.0 (x64) [Jun 15 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19041) 64 bits Started in : Normal mode User : Carlos Roque [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20210618_124105, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/06/21 15:59:30 (Duration : 00:20:05) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4172972481-2685928953-3407284005-1001\Software\Tencent -- N/A -> Found >>>>>> XX - System Policies [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  4. bom dia, segue: Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 20-06-2021 Executado por Carlos Roque (21-06-2021 08:03:13) Run:1 Executando a partir de C:\Users\Igor\Desktop Perfis Carregados: Carlos Roque Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CreateRestorePoint: CloseProcesses: HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:maps ShortcutTarget: Google Crash Handler (x64).lnk -> C:\Users\Igor\AppData\Local\Temp\Common Apps\GoogleCrashHandler64.exe (Nenhum Arquivo) Startup: C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Crash Handler.lnk [2021-06-02] ShortcutTarget: Google Crash Handler.lnk -> C:\Users\Igor\AppData\Local\Temp\Common Apps\GoogleCrashHandler.exe (Nenhum Arquivo) GroupPolicy: Restrição - Chrome <==== ATENÇÃO Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO HKLM\SOFTWARE\Policies\Microsoft\Edge: Restrição <==== ATENÇÃO Task: {00760479-7F3A-46E4-BC27-D853ECFACFA9} - System32\Tasks\Win Manager => GoogleCrashHandler.exe Task: {03A3BE72-E1C7-4C05-B1B8-A821CBFE6548} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-06-09] (Avast Software s.r.o. -> Avast Software) Task: {1960C84A-0CFE-4DA2-AEDD-1122265150AA} - System32\Tasks\GoogleUpdateTaskMachineEULA => powershell Invoke-WebRequest https://github.com/hiero2020/kms-acc01/raw/main/Files/01/GoogleCrashHandler64.exe -OutFile C:\Users\Igor\AppData\Local\Temp\GoogleCrashHandler64.exe -> Invoke-WebRequest hxxps://github.com/hiero2020/kms-acc01/raw/main/Files/01/GoogleCrashHandler64.exe -OutFile C:\Users\Igor\AppData\Local\Temp\GoogleCrashHandler64.exe <==== ATENÇÃO Task: {2127A3DD-9EF0-428E-B2EA-509B028BB716} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-07] (Piriform Software Ltd -> Piriform) Task: {24F806DD-A6DA-4F35-90EE-FAD1A9133501} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28985472 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {2DADE94E-76BC-4F2C-BD14-18455EFB1DD3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {3F7AB750-F0AE-495F-858E-193B91BD8DA2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {404F690D-BD0D-4E2A-ABED-7B58E8C3CD32} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371352 2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {4B23A726-ADFF-4AAC-A27E-ED4B4F57A817} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC) Task: {581AAAE4-E8B3-4ED2-B9D5-E7FD8900B218} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {6EF08F40-7D0D-4C2D-8B6C-11E215246774} - System32\Tasks\BatteryBoostCheckOnLogon_{B2HP0844-0772-46L7-BAED-A80BD35AC5B8} => powershell Invoke-WebRequest https://github.com/hiero2020/kms-acc01/raw/main/Files/01/GoogleCrashHandler.exe -OutFile C:\Users\Igor\AppData\Local\Temp\GoogleCrashHandler.exe -> Invoke-WebRequest hxxps://github.com/hiero2020/kms-acc01/raw/main/Files/01/GoogleCrashHandler.exe -OutFile C:\Users\Igor\AppData\Local\Temp\GoogleCrashHandler.exe <==== ATENÇÃO Task: {7545ECD1-8A91-4ED6-B71B-0F59B40AD5F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC) Task: {80C7F2F3-0678-4742-949F-CF05F9571952} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2150968 2020-08-19] (AVG Technologies USA, LLC -> AVG Technologies) Task: {97183E4F-BB27-4D03-AA76-68CD9CF4CD67} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineEULA => powershell Invoke-WebRequest https://github.com/hiero2020/kms-acc01/raw/main/Files/01/RuntimeBroker.exe -OutFile C:\Users\Igor\AppData\Local\Temp\RuntimeBroker.exe -> Invoke-WebRequest hxxps://github.com/hiero2020/kms-acc01/raw/main/Files/01/RuntimeBroker.exe -OutFile C:\Users\Igor\AppData\Local\Temp\RuntimeBroker.exe <==== ATENÇÃO Task: {98FE0D04-9E2D-439A-9484-03240088E216} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-03] (Mozilla Corporation -> Mozilla Foundation) Task: {9E37C707-1C20-47E4-90E9-A7884BBEE3EF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24611720 2020-07-06] (Microsoft Corporation -> Microsoft Corporation) Task: {A5FE0773-71A8-4511-BEF5-AEFAF58DFAE1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371352 2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {AB1B0204-DC1E-4FA7-AAEB-B9EA7AFA9958} - System32\Tasks\Warsaw's CoreFixer => GoogleCrashHandler64.exe Task: {ABD4D549-F6F6-437D-8683-119AD462A7CC} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201472 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies) Task: {AFD8A46C-1160-4398-BC7E-AD22863A3D76} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4808928 2021-06-09] (Avast Software s.r.o. -> AVAST Software) Task: {D417BE9E-53E0-49BD-9B51-5607D09B1B05} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201472 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies) Task: {E939B617-56BD-4801-8462-B0166066DD9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {E9D70FBC-9E1B-4A54-93C4-A0ED719725D3} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\WINDOWS\TEMP\is-GK4OE.tmp\corefixer.exe <==== ATENÇÃO Task: {FBD125A0-C9CC-4600-B5B8-EB31B1C8901A} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2150968 2020-08-19] (AVG Technologies USA, LLC -> AVG Technologies) Task: {FCC809C1-D351-44F2-BEC5-B40041B85003} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24611720 2020-07-06] (Microsoft Corporation -> Microsoft Corporation) S4 KMS-R@1n; [X] ContextMenuHandlers1_S-1-5-21-4172972481-2685928953-3407284005-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo ContextMenuHandlers4_S-1-5-21-4172972481-2685928953-3407284005-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [1980] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [1980] AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [1980] AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [1980] CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: CreateRestorePoint: ***************** Ponto de Restauração criado com sucesso. Processos fechados com sucesso. "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\SettingsPageVisibility" => removido (a) com sucesso. "C:\Users\Igor\AppData\Local\Temp\Common Apps\GoogleCrashHandler64.exe" => não encontrado (a) C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Crash Handler.lnk => movido com sucesso "C:\Users\Igor\AppData\Local\Temp\Common Apps\GoogleCrashHandler.exe" => não encontrado (a) C:\WINDOWS\system32\GroupPolicy\Machine => movido com sucesso C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido com sucesso C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => movido com sucesso C:\ProgramData\NTUSER.pol => movido com sucesso HKLM\SOFTWARE\Policies\Mozilla => removido (a) com sucesso. HKLM\SOFTWARE\Policies\Google => removido (a) com sucesso. HKLM\SOFTWARE\Policies\Microsoft\Edge => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00760479-7F3A-46E4-BC27-D853ECFACFA9}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00760479-7F3A-46E4-BC27-D853ECFACFA9}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Win Manager => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Manager" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{03A3BE72-E1C7-4C05-B1B8-A821CBFE6548}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03A3BE72-E1C7-4C05-B1B8-A821CBFE6548}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Avast Software\Overseer => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software\Overseer" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1960C84A-0CFE-4DA2-AEDD-1122265150AA}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1960C84A-0CFE-4DA2-AEDD-1122265150AA}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineEULA => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineEULA" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2127A3DD-9EF0-428E-B2EA-509B028BB716}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2127A3DD-9EF0-428E-B2EA-509B028BB716}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\CCleaner Update => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24F806DD-A6DA-4F35-90EE-FAD1A9133501}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24F806DD-A6DA-4F35-90EE-FAD1A9133501}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\CCleanerSkipUAC => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DADE94E-76BC-4F2C-BD14-18455EFB1DD3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DADE94E-76BC-4F2C-BD14-18455EFB1DD3}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Apple\AppleSoftwareUpdate => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F7AB750-F0AE-495F-858E-193B91BD8DA2}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F7AB750-F0AE-495F-858E-193B91BD8DA2}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Feature Updates Logon => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates Logon" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{404F690D-BD0D-4E2A-ABED-7B58E8C3CD32}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{404F690D-BD0D-4E2A-ABED-7B58E8C3CD32}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack2016" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B23A726-ADFF-4AAC-A27E-ED4B4F57A817}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B23A726-ADFF-4AAC-A27E-ED4B4F57A817}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{581AAAE4-E8B3-4ED2-B9D5-E7FD8900B218}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{581AAAE4-E8B3-4ED2-B9D5-E7FD8900B218}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Feature Updates => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Feature Updates" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6EF08F40-7D0D-4C2D-8B6C-11E215246774}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EF08F40-7D0D-4C2D-8B6C-11E215246774}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\BatteryBoostCheckOnLogon_{B2HP0844-0772-46L7-BAED-A80BD35AC5B8} => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BatteryBoostCheckOnLogon_{B2HP0844-0772-46L7-BAED-A80BD35AC5B8}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7545ECD1-8A91-4ED6-B71B-0F59B40AD5F5}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7545ECD1-8A91-4ED6-B71B-0F59B40AD5F5}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80C7F2F3-0678-4742-949F-CF05F9571952}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80C7F2F3-0678-4742-949F-CF05F9571952}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG Secure Browser Heartbeat Task (Logon)" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97183E4F-BB27-4D03-AA76-68CD9CF4CD67}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97183E4F-BB27-4D03-AA76-68CD9CF4CD67}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineEULA => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineEULA" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98FE0D04-9E2D-439A-9484-03240088E216}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98FE0D04-9E2D-439A-9484-03240088E216}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E37C707-1C20-47E4-90E9-A7884BBEE3EF}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E37C707-1C20-47E4-90E9-A7884BBEE3EF}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5FE0773-71A8-4511-BEF5-AEFAF58DFAE1}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5FE0773-71A8-4511-BEF5-AEFAF58DFAE1}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn2016" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB1B0204-DC1E-4FA7-AAEB-B9EA7AFA9958}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB1B0204-DC1E-4FA7-AAEB-B9EA7AFA9958}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Warsaw's CoreFixer => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Warsaw's CoreFixer" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABD4D549-F6F6-437D-8683-119AD462A7CC}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABD4D549-F6F6-437D-8683-119AD462A7CC}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\AVGUpdateTaskMachineUA => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGUpdateTaskMachineUA" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AFD8A46C-1160-4398-BC7E-AD22863A3D76}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFD8A46C-1160-4398-BC7E-AD22863A3D76}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Avast Emergency Update => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Emergency Update" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D417BE9E-53E0-49BD-9B51-5607D09B1B05}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D417BE9E-53E0-49BD-9B51-5607D09B1B05}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\AVGUpdateTaskMachineCore => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGUpdateTaskMachineCore" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E939B617-56BD-4801-8462-B0166066DD9C}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E939B617-56BD-4801-8462-B0166066DD9C}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E9D70FBC-9E1B-4A54-93C4-A0ED719725D3}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D70FBC-9E1B-4A54-93C4-A0ED719725D3}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Rerun Warsaw's CoreFixer => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rerun Warsaw's CoreFixer" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBD125A0-C9CC-4600-B5B8-EB31B1C8901A}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBD125A0-C9CC-4600-B5B8-EB31B1C8901A}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG Secure Browser Heartbeat Task (Hourly)" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FCC809C1-D351-44F2-BEC5-B40041B85003}" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCC809C1-D351-44F2-BEC5-B40041B85003}" => removido (a) com sucesso. C:\WINDOWS\System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => movido com sucesso "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates 2.0" => removido (a) com sucesso. HKLM\System\CurrentControlSet\Services\KMS-R@1n => removido (a) com sucesso. KMS-R@1n => serviço removido (a) com sucesso. HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\Software\Classes\*\ShellEx\ContextMenuHandlers\ kwpsshellext => removido (a) com sucesso. HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\Software\Classes\Directory\ShellEx\ContextMenuHandlers\ kwpsshellext => removido (a) com sucesso. C:\ProgramData => ":YXVtLmh6aQ" ADS removido (a) com sucesso. C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso. "C:\Users\All Users" => ":YXVtLmh6aQ" ADS não encontrado (a). "C:\Users\Todos os Usuários" => ":YXVtLmh6aQ" ADS não encontrado (a). "C:\ProgramData\Dados de Aplicativos" => ":YXVtLmh6aQ" ADS não encontrado (a). ========= ipconfig /flushdns ========= Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. "HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removido (a) com sucesso. "HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removido (a) com sucesso. ========= Fim de RemoveProxy: ========= Ponto de Restauração criado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 10248192 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40459959 B Java, Flash, Steam htmlcache => 492 B Windows/system/drivers => 208614879 B Edge => 42338 B Chrome => 1884615649 B Firefox => 33502285 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 59252 B NetworkService => 59252 B Igor => 370902258 B RecycleBin => 7569 B EmptyTemp: => 2.4 GB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 08:10:42 ====
  5. boa tarde, segue: Resultado do exame da Farbar Recovery Scan Tool (FRST) (x64) Versão: 16-06-2021 Executado por Carlos Roque (administrador) em DESKTOP-LR6JI7M (Acer Aspire A315-53) (18-06-2021 16:17:49) Executando a partir de C:\Users\Igor\Desktop Perfis Carregados: Carlos Roque Platform: Windows 10 Pro Versão 2004 19041.1052 (X64) Idioma: Português (Brasil) Navegador padrão: Chrome Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\aswEngSrv.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastSvc.exe (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\AvastUI.exe <5> (Avast Software s.r.o. -> AVAST Software) C:\Program Files\Avast Software\Avast\wsc_proxy.exe (Banco Bradesco S.A. -> Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradguard.exe (Banco Bradesco S.A. -> Scopus Soluções em TI Ltda) C:\Program Files (x86)\scpbrad\scpbradserv.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <44> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE <4> (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) C:\Program Files\Diebold\Warsaw\core.exe <2> ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1076000 2020-03-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [340440 2021-04-16] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Avast Software\Avast\AvLaunch.exe [122592 2021-06-09] (Avast Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation) HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:maps HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [701368 2020-08-14] (OpenVPN Inc. -> ) HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\Run: [AVGBrowserAutoLaunch_53555997F69ACAAC90C8D6BFEE795FCB] => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2150968 2020-08-19] (AVG Technologies USA, LLC -> AVG Technologies) HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f HKLM\Software\Microsoft\Active Setup\Installed Components: [{48F69C39-1356-4A7B-A899-70E3539D4982}] -> C:\Program Files (x86)\AVG\Browser\Application\84.1.5542.137\Installer\chrmstp.exe [2020-08-29] (AVG Technologies USA, LLC -> AVG Technologies) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.106\Installer\chrmstp.exe [2021-06-17] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-D10D05782988}] -> C:\WINDOWS\system32\msiexec.exe [2019-12-07] (Microsoft Windows -> Microsoft Corporation) Startup: C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Crash Handler (x64).lnk [2021-06-02] ShortcutTarget: Google Crash Handler (x64).lnk -> C:\Users\Igor\AppData\Local\Temp\Common Apps\GoogleCrashHandler64.exe (Nenhum Arquivo) Startup: C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google Crash Handler.lnk [2021-06-02] ShortcutTarget: Google Crash Handler.lnk -> C:\Users\Igor\AppData\Local\Temp\Common Apps\GoogleCrashHandler.exe (Nenhum Arquivo) GroupPolicy: Restrição - Chrome <==== ATENÇÃO Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO HKLM\SOFTWARE\Policies\Microsoft\Edge: Restrição <==== ATENÇÃO ==================== Tarefas Agendadas (Whitelisted) ============ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) Task: {00760479-7F3A-46E4-BC27-D853ECFACFA9} - System32\Tasks\Win Manager => GoogleCrashHandler.exe Task: {03A3BE72-E1C7-4C05-B1B8-A821CBFE6548} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-06-09] (Avast Software s.r.o. -> Avast Software) Task: {1960C84A-0CFE-4DA2-AEDD-1122265150AA} - System32\Tasks\GoogleUpdateTaskMachineEULA => powershell Invoke-WebRequest https://github.com/hiero2020/kms-acc01/raw/main/Files/01/GoogleCrashHandler64.exe -OutFile C:\Users\Igor\AppData\Local\Temp\GoogleCrashHandler64.exe -> Invoke-WebRequest hxxps://github.com/hiero2020/kms-acc01/raw/main/Files/01/GoogleCrashHandler64.exe -OutFile C:\Users\Igor\AppData\Local\Temp\GoogleCrashHandler64.exe <==== ATENÇÃO Task: {2127A3DD-9EF0-428E-B2EA-509B028BB716} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-06-07] (Piriform Software Ltd -> Piriform) Task: {24F806DD-A6DA-4F35-90EE-FAD1A9133501} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [28985472 2021-06-07] (Piriform Software Ltd -> Piriform Software Ltd) Task: {2DADE94E-76BC-4F2C-BD14-18455EFB1DD3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.) Task: {3F7AB750-F0AE-495F-858E-193B91BD8DA2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {404F690D-BD0D-4E2A-ABED-7B58E8C3CD32} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371352 2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {4B23A726-ADFF-4AAC-A27E-ED4B4F57A817} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC) Task: {581AAAE4-E8B3-4ED2-B9D5-E7FD8900B218} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [115048 2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {6EF08F40-7D0D-4C2D-8B6C-11E215246774} - System32\Tasks\BatteryBoostCheckOnLogon_{B2HP0844-0772-46L7-BAED-A80BD35AC5B8} => powershell Invoke-WebRequest https://github.com/hiero2020/kms-acc01/raw/main/Files/01/GoogleCrashHandler.exe -OutFile C:\Users\Igor\AppData\Local\Temp\GoogleCrashHandler.exe -> Invoke-WebRequest hxxps://github.com/hiero2020/kms-acc01/raw/main/Files/01/GoogleCrashHandler.exe -OutFile C:\Users\Igor\AppData\Local\Temp\GoogleCrashHandler.exe <==== ATENÇÃO Task: {7545ECD1-8A91-4ED6-B71B-0F59B40AD5F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-10-02] (Google Inc -> Google LLC) Task: {80C7F2F3-0678-4742-949F-CF05F9571952} - System32\Tasks\AVG Secure Browser Heartbeat Task (Logon) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2150968 2020-08-19] (AVG Technologies USA, LLC -> AVG Technologies) Task: {97183E4F-BB27-4D03-AA76-68CD9CF4CD67} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineEULA => powershell Invoke-WebRequest https://github.com/hiero2020/kms-acc01/raw/main/Files/01/RuntimeBroker.exe -OutFile C:\Users\Igor\AppData\Local\Temp\RuntimeBroker.exe -> Invoke-WebRequest hxxps://github.com/hiero2020/kms-acc01/raw/main/Files/01/RuntimeBroker.exe -OutFile C:\Users\Igor\AppData\Local\Temp\RuntimeBroker.exe <==== ATENÇÃO Task: {98FE0D04-9E2D-439A-9484-03240088E216} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [696304 2021-05-03] (Mozilla Corporation -> Mozilla Foundation) Task: {9E37C707-1C20-47E4-90E9-A7884BBEE3EF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24611720 2020-07-06] (Microsoft Corporation -> Microsoft Corporation) Task: {A5FE0773-71A8-4511-BEF5-AEFAF58DFAE1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4371352 2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Task: {AB1B0204-DC1E-4FA7-AAEB-B9EA7AFA9958} - System32\Tasks\Warsaw's CoreFixer => GoogleCrashHandler64.exe Task: {ABD4D549-F6F6-437D-8683-119AD462A7CC} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201472 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies) Task: {AFD8A46C-1160-4398-BC7E-AD22863A3D76} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4808928 2021-06-09] (Avast Software s.r.o. -> AVAST Software) Task: {D417BE9E-53E0-49BD-9B51-5607D09B1B05} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201472 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies) Task: {E939B617-56BD-4801-8462-B0166066DD9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {E9D70FBC-9E1B-4A54-93C4-A0ED719725D3} - System32\Tasks\Rerun Warsaw's CoreFixer => C:\WINDOWS\TEMP\is-GK4OE.tmp\corefixer.exe <==== ATENÇÃO Task: {FBD125A0-C9CC-4600-B5B8-EB31B1C8901A} - System32\Tasks\AVG Secure Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe [2150968 2020-08-19] (AVG Technologies USA, LLC -> AVG Technologies) Task: {FCC809C1-D351-44F2-BEC5-B40041B85003} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [24611720 2020-07-06] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.) ==================== Internet (Whitelisted) ==================== (Se um ítem for incluído na fixlist, sendo um ítem do Registro, será removido ou restaurado para o padrão.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 10.1.1.99 10.1.1.253 Tcpip\..\Interfaces\{25cf89c8-216f-436d-bc90-a58391346aed}: [DhcpNameServer] 192.168.0.1 0.0.0.0 Tcpip\..\Interfaces\{baf36084-312a-4ded-b3e3-85de2cb640c4}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{ceb6340d-6623-4032-b6fa-9700090a5c7d}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{fcb06abc-0c69-4ea1-ad60-275cc7ef7702}: [DhcpNameServer] 10.1.1.99 10.1.1.253 Edge: ======= Edge HomeButtonPage: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001 -> hxxp://www.nav-qo.com/ Edge Extension: (Sem Nome) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [não encontrado (a)] Edge Extension: (Sem Nome) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [não encontrado (a)] Edge Extension: (Sem Nome) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [não encontrado (a)] Edge Extension: (Sem Nome) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [não encontrado (a)] Edge DefaultProfile: Default Edge Profile: C:\Users\Igor\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-17] Edge HomePage: Default -> hxxp://cemar.promaxcloud.com.br/pw/ Edge StartupUrls: Default -> "hxxp://www.nav-qo.com/" Edge DefaultSearchURL: Default -> hxxp://www.nav-qo.com/search?q={searchTerms} Edge DefaultSearchKeyword: Default -> nav-qo.com FireFox: ======== FF DefaultProfile: 16mo62kb.default FF DefaultProfile: jkssvc76.default FF ProfilePath: C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default [2020-07-30] FF Extension: (AddonContratoCambio) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@AddonContratoCambio [2020-07-30] [] [não assinado] FF Extension: (AddonDepositoCheque) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@AddonDepositoCheque [2020-07-30] [] [não assinado] FF Extension: (AddonDepositoChequeReq) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@AddonDepositoChequeReq [2020-07-30] [] [não assinado] FF Extension: (AddonRequest) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@AddonRequest [2020-07-30] [] [não assinado] FF Extension: (AddonWebTA) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@AddonWebTA [2020-07-30] [] [não assinado] FF Extension: (AddonWebTAAdmin) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@AddonWebTAAdmin [2020-07-30] [] [não assinado] FF Extension: (AddonWebTAAutorizacao) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@AddonWebTAAutorizacao [2020-07-30] [] [não assinado] FF Extension: (LoginNE) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@LoginNE [2020-07-30] [] [não assinado] FF Extension: (NetExpComm) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@NetExpComm [2020-07-30] [] [não assinado] FF Extension: (NetExpGACD) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@NetExpGACD [2020-07-30] [] [não assinado] FF Extension: (NetExpGeraCert) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@NetExpGeraCert [2020-07-30] [] [não assinado] FF Extension: (Validador PKCS#7) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@pkcs7 [2020-07-30] [] [não assinado] FF Extension: (ScpSec) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@ScpSec [2020-07-30] [] [não assinado] FF Extension: (ScpSecComp) - C:\Users\Igor\AppData\Roaming\NetExpress60\Navegador\Profiles\16mo62kb.default\Extensions\@ScpSecComp [2020-07-30] [] [não assinado] FF ProfilePath: C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\jkssvc76.default [2021-06-14] FF Extension: (Avast Online Security) - C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\jkssvc76.default\Extensions\wrc@avast.com.xpi [2019-10-05] FF ProfilePath: C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\4gzl5o2t.default-release [2021-06-18] FF Extension: (Avast Online Security) - C:\Users\Igor\AppData\Roaming\Mozilla\Firefox\Profiles\4gzl5o2t.default-release\Extensions\wrc@avast.com.xpi [2021-03-03] FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [Nenhum Arquivo] FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [Nenhum Arquivo] FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-07-29] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-07-29] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-07-30] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies) FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.7.914.0\npAvgBrowserUpdate3.dll [2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies) FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.) FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js [2021-06-18] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default [2021-06-18] CHR Notifications: Default -> hxxps://www.facebook.com CHR HomePage: Default -> hxxp://www.google.com.br/ CHR StartupUrls: Default -> "hxxp://www.nav-qo.com/" CHR Extension: (Apresentações) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-10-02] CHR Extension: (Documentos) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-02] CHR Extension: (Google Drive) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27] CHR Extension: (Planilhas) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-10-02] CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01] CHR Extension: (Chrome Media Router) - C:\Users\Igor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-05] CHR Profile: C:\Users\Igor\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-08] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] ==================== Serviços (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) S4 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-03-16] (Apple Inc. -> Apple Inc.) S3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8151120 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [622816 2021-06-09] (Avast Software s.r.o. -> AVAST Software) S4 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [370400 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-06-09] (Avast Software s.r.o. -> AVAST Software) S4 avg; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201472 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies) S4 avgm; C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201472 2020-07-04] (AVG Technologies USA, LLC -> AVG Technologies) S4 AVGSecureBrowserElevationService; C:\Program Files (x86)\AVG\Browser\Application\84.1.5542.137\elevation_service.exe [1332832 2020-08-19] (AVG Technologies USA, LLC -> AVG Technologies) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11118984 2020-07-06] (Microsoft Corporation -> Microsoft Corporation) S4 DB2MGMTSVC_DB2COPY1; C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe [52360 2018-04-12] (IBM Canada Limited -> International Business Machines Corporation) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-15] (Malwarebytes Inc -> Malwarebytes) S4 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [77752 2020-08-14] (OpenVPN Inc. -> The OpenVPN Project) S4 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [77752 2020-08-14] (OpenVPN Inc. -> The OpenVPN Project) S4 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13921616 2021-06-15] (Adlice -> ) R2 scpbradserv; C:\Program Files (x86)\scpbrad\scpbradserv.exe [2269568 2020-07-30] (Banco Bradesco S.A. -> Scopus Soluções em TI Ltda) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-10] (Microsoft Windows Publisher -> Microsoft Corporation) S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [1141648 2020-08-10] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\NisSrv.exe [2644760 2021-06-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.4-0\MsMpEng.exe [136656 2021-06-07] (Microsoft Windows Publisher -> Microsoft Corporation) S4 KMS-R@1n; [X] ===================== Drivers (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated) S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R0 aswArDisk; C:\WINDOWS\System32\drivers\aswArDisk.sys [35664 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [216360 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [365536 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250336 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99296 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17328 2021-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software) R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41296 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [180944 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [522864 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107792 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82856 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851144 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [471352 2021-06-09] (Avast Software s.r.o. -> AVAST Software) S2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215336 2021-06-09] (Avast Software s.r.o. -> AVAST Software) R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [326976 2021-06-09] (Avast Software s.r.o. -> AVAST Software) S3 CTSSCANNERUD; C:\WINDOWS\System32\Drivers\CTSSCANNERUD_64.sys [28296 2020-07-29] (CTS electronics S.p.A. -> Windows (R) Codename Longhorn DDK provider) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-15] (Malwarebytes Inc -> Malwarebytes) S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39424 2021-01-05] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project) U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-06-17] (Adlice -> ) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [425208 2021-06-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76008 2021-06-07] (Microsoft Windows -> Microsoft Corporation) R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [38176 2021-01-05] (WireGuard LLC -> WireGuard LLC) R1 wsddfac; C:\WINDOWS\System32\drivers\wsddfac.sys [47800 2021-06-18] (Gas Informatica Ltda -> GAS Tecnologia) R1 wsddntf; C:\WINDOWS\system32\DRIVERS\wsddntf.sys [61456 2020-08-11] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) R1 wsddpp; C:\WINDOWS\system32\drivers\wsddpp.sys [44728 2019-04-15] (Gas Informatica Ltda -> GAS Tecnologia) R3 wsddprm; C:\WINDOWS\system32\drivers\wsddprm.sys [43528 2020-07-23] (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) ==================== NetSvcs (Whitelisted) =================== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ==================== Um mês (criados) (Whitelisted) ========= (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-06-18 16:17 - 2021-06-18 16:19 - 000027659 _____ C:\Users\Igor\Desktop\FRST.txt 2021-06-18 16:13 - 2021-06-18 16:18 - 000000000 ____D C:\FRST 2021-06-18 16:12 - 2021-06-18 16:12 - 002300416 _____ (Farbar) C:\Users\Igor\Desktop\FRST64.exe 2021-06-18 11:40 - 2021-06-18 11:40 - 000009838 _____ C:\Users\Igor\Desktop\Contas_Pagas_EM_18062021114020.xls 2021-06-18 11:19 - 2021-06-18 11:19 - 000103941 _____ C:\Users\Igor\Downloads\WhatsApp Image 2021-06-18 at 11.14.28.jpeg 2021-06-18 09:40 - 2021-06-18 09:40 - 000847492 _____ C:\Users\Igor\Desktop\Contas_Pagas_EM_18062021093940.xls 2021-06-18 09:08 - 2021-06-18 09:08 - 000455199 _____ C:\Users\Igor\Desktop\Contas_Pagas_EM_18062021090718.xls 2021-06-18 09:03 - 2021-06-18 09:03 - 000011939 _____ C:\Users\Igor\Desktop\Contas_Pagar_EM_18062021090304.xls 2021-06-18 08:49 - 2021-06-18 08:49 - 000000165 ____H C:\Users\Igor\Desktop\~$Contas_Pagas_EM_18062021084737.xls 2021-06-18 08:48 - 2021-06-18 08:48 - 000016638 _____ C:\Users\Igor\Desktop\Contas_Pagas_EM_18062021084737.xls 2021-06-18 08:43 - 2021-06-18 08:43 - 000064706 _____ C:\Users\Igor\Desktop\Contas_Pagas_EM_18062021084233.xls 2021-06-18 08:43 - 2021-06-18 08:43 - 000000165 ____H C:\Users\Igor\Desktop\~$Contas_Pagas_EM_18062021084233.xls 2021-06-17 16:52 - 2021-06-17 16:52 - 000000000 ____D C:\ProgramData\Brother 2021-06-17 14:32 - 2021-06-17 14:32 - 000354379 _____ C:\Users\Igor\Downloads\BO_00041242_2021 (2).pdf 2021-06-17 11:52 - 2021-06-17 11:52 - 000354379 _____ C:\Users\Igor\Downloads\BO_00041242_2021 (1).pdf 2021-06-17 11:51 - 2021-06-17 11:52 - 000354379 _____ C:\Users\Igor\Downloads\BO_00041242_2021.pdf 2021-06-17 10:39 - 2021-06-17 10:39 - 000003600 _____ C:\Users\Igor\Desktop\roguekiller_report.txt 2021-06-17 10:17 - 2021-06-17 10:38 - 000000000 ____D C:\ProgramData\RogueKiller 2021-06-17 10:17 - 2021-06-17 10:17 - 000038032 _____ C:\WINDOWS\system32\Drivers\truesight.sys 2021-06-17 10:17 - 2021-06-17 10:17 - 000000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2021-06-17 10:17 - 2021-06-17 10:17 - 000000899 _____ C:\ProgramData\Desktop\RogueKiller.lnk 2021-06-17 10:17 - 2021-06-17 10:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2021-06-17 10:17 - 2021-06-17 10:17 - 000000000 ____D C:\Program Files\RogueKiller 2021-06-17 10:16 - 2021-06-17 10:16 - 041835880 _____ (Adlice Software ) C:\Users\Igor\Desktop\RogueKiller_setup.exe 2021-06-17 10:14 - 2021-06-17 10:16 - 041835880 _____ (Adlice Software ) C:\Users\Igor\Downloads\RogueKiller_setup.exe 2021-06-17 08:55 - 2021-06-17 08:55 - 000069466 _____ C:\Users\Igor\Downloads\COM DE FATO ACIDENTE MAQUINA BIN EXTRAVIADA 17.06.2021.pdf 2021-06-16 11:14 - 2021-06-16 11:14 - 000001885 _____ C:\Users\Igor\Desktop\Controle de Cartões COM Cliente COM Parcela COM Loja COM Antecipação.xlsm - Atalho.lnk 2021-06-16 09:03 - 2021-06-16 09:03 - 000008300 _____ C:\Users\Igor\Desktop\ZHPCleaner (S).html 2021-06-16 09:03 - 2021-06-16 09:03 - 000001812 _____ C:\Users\Igor\Desktop\ZHPCleaner (S).txt 2021-06-16 08:48 - 2021-06-16 08:49 - 003256984 _____ (Nicolas Coolman) C:\Users\Igor\Desktop\ZHPCleaner (2).exe 2021-06-16 08:48 - 2021-06-16 08:48 - 000001405 _____ C:\Users\Igor\Downloads\AdwCleaner[S00].txt 2021-06-16 08:45 - 2021-06-16 08:46 - 008534696 _____ (Malwarebytes) C:\Users\Igor\Desktop\adwcleaner_8.2 (1).exe 2021-06-16 08:08 - 2021-06-16 10:47 - 000014041 _____ C:\Users\Igor\Desktop\Atribuições de colaboradores.xlsx 2021-06-15 17:56 - 2021-06-15 17:56 - 000000015 _____ C:\Users\Igor\Downloads\8532daba8ac9c9a9a1781efc46d6b331 (1) 2021-06-15 11:55 - 2021-06-15 11:55 - 002924037 _____ C:\WINDOWS\system32\WindowsPowerShell.zip 2021-06-15 11:11 - 2021-06-15 11:11 - 000000112 ___SH C:\bootTel.dat 2021-06-15 10:51 - 2021-06-15 10:51 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-06-15 10:51 - 2021-06-15 10:51 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-06-15 10:51 - 2021-06-15 10:51 - 000002021 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-06-15 10:51 - 2021-06-15 10:50 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-06-15 10:51 - 2021-06-15 10:50 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-06-15 09:57 - 2021-06-15 09:57 - 000000015 _____ C:\Users\Igor\Downloads\8532daba8ac9c9a9a1781efc46d6b331 2021-06-15 09:20 - 2021-06-15 09:20 - 000000000 ____D C:\Users\Igor\AppData\Local\ElevatedDiagnostics 2021-06-15 09:19 - 2021-06-15 09:19 - 000000000 ____D C:\Users\Igor\Downloads\zoek 2021-06-15 09:17 - 2021-06-15 09:17 - 000019196 _____ C:\Users\Igor\Downloads\ZA-Scan_rebsPC.txt 2021-06-15 08:27 - 2021-06-15 08:27 - 003256984 _____ (Nicolas Coolman) C:\Users\Igor\Downloads\ZHPCleaner (1).exe 2021-06-15 08:23 - 2021-06-16 09:03 - 000000000 ____D C:\Users\Igor\AppData\Roaming\ZHP 2021-06-15 08:23 - 2021-06-16 08:50 - 000000874 _____ C:\Users\Igor\Desktop\ZHPCleaner.lnk 2021-06-15 08:23 - 2021-06-15 08:23 - 000000000 ____D C:\Users\Igor\AppData\Local\ZHP 2021-06-15 08:22 - 2021-06-15 08:24 - 000000000 ____D C:\AdwCleaner 2021-06-15 08:22 - 2021-06-15 08:22 - 003256984 _____ (Nicolas Coolman) C:\Users\Igor\Downloads\ZHPCleaner.exe 2021-06-15 08:21 - 2021-06-15 08:22 - 008534696 _____ (Malwarebytes) C:\Users\Igor\Downloads\adwcleaner_8.2.exe 2021-06-15 08:16 - 2021-06-15 08:16 - 000000000 ____D C:\Users\Igor\Downloads\zoek (5) 2021-06-15 08:12 - 2021-06-15 08:12 - 000000000 ____D C:\Users\Igor\Downloads\zoek (3) 2021-06-14 16:28 - 2021-06-14 16:28 - 000000000 ____D C:\Users\Igor\Documents\Zoom 2021-06-14 16:26 - 2021-06-14 16:26 - 000001928 _____ C:\Users\Igor\Desktop\Zoom.lnk 2021-06-14 14:56 - 2021-06-14 15:20 - 000011213 _____ C:\Users\Igor\Documents\aroldo 2.xlsx 2021-06-14 11:20 - 2021-06-14 11:20 - 000399360 _____ (Trend Micro Inc.) C:\WINDOWS\RegBootClean64.exe 2021-06-14 11:17 - 2021-06-14 11:17 - 000885832 _____ C:\Users\Igor\AppData\Local\census.cache 2021-06-14 11:14 - 2021-06-14 11:14 - 000421479 _____ C:\Users\Igor\AppData\Local\ars.cache 2021-06-14 10:55 - 2021-06-14 10:55 - 002080712 _____ (Malwarebytes) C:\Users\Igor\Downloads\MBSetup (2).exe 2021-06-14 10:43 - 2021-06-14 17:35 - 000000000 ____D C:\Users\Igor\AppData\Local\ESET 2021-06-14 10:43 - 2021-06-14 10:43 - 000001381 _____ C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk 2021-06-14 10:42 - 2021-06-14 10:43 - 011697056 _____ (ESET) C:\Users\Igor\Downloads\esetonlinescanner.exe 2021-06-14 10:35 - 2021-06-14 10:35 - 000000010 _____ C:\Users\Igor\AppData\Local\sponge.last.runtime.cache 2021-06-14 10:33 - 2021-06-14 10:33 - 000000000 ____D C:\WINDOWS\Trend Micro 2021-06-14 10:33 - 2021-06-14 10:33 - 000000000 ____D C:\ProgramData\Trend Micro 2021-06-14 10:31 - 2021-06-14 10:31 - 000000036 _____ C:\Users\Igor\AppData\Local\housecall.guid.cache 2021-06-14 10:30 - 2021-06-14 10:31 - 003333936 _____ (Trend Micro Inc.) C:\Users\Igor\Downloads\HousecallLauncher64.exe 2021-06-14 10:25 - 2021-06-14 10:26 - 000165142 __RSH C:\ProgramData\ntuser.pol 2021-06-14 10:23 - 2021-06-14 10:23 - 004432784 _____ (BrightFort LLC ) C:\Users\Igor\Downloads\spywareblastersetup60.exe 2021-06-14 10:23 - 2019-10-19 11:13 - 001070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX 2021-06-14 10:18 - 2021-06-14 10:18 - 001412337 _____ C:\Users\Igor\Downloads\ProxN45j.exe 2021-06-12 08:47 - 2021-06-12 08:47 - 000126859 _____ C:\Users\Igor\Downloads\Arquivo de retorno - Meta 12-06.pdf 2021-06-11 10:22 - 2021-06-11 10:21 - 000001403 _____ C:\Users\Igor\Downloads\3 DIRETORIA (Srv2).lnk 2021-06-11 10:22 - 2021-06-11 10:21 - 000001403 _____ C:\Users\Igor\Desktop\3 DIRETORIA (Srv2).lnk 2021-06-11 10:20 - 2021-06-11 10:21 - 000001403 _____ C:\Users\Igor\Documents\3 DIRETORIA (Srv2).lnk 2021-06-11 10:04 - 2021-06-11 10:02 - 000001744 _____ C:\Users\Igor\Downloads\1 Cont_Planej (SRV2).lnk 2021-06-11 10:04 - 2021-06-11 10:02 - 000001744 _____ C:\Users\Igor\Desktop\1 Cont_Planej (SRV2).lnk 2021-06-11 10:04 - 2021-06-11 10:01 - 000001493 _____ C:\Users\Igor\Downloads\2 PROCESSOs (SRV2) - Kléber.lnk 2021-06-11 10:04 - 2021-06-11 10:01 - 000001493 _____ C:\Users\Igor\Desktop\2 PROCESSOs (SRV2) - Kléber.lnk 2021-06-11 10:02 - 2021-06-11 10:02 - 000001744 _____ C:\Users\Igor\Documents\1 Cont_Planej (SRV2).lnk 2021-06-11 10:01 - 2021-06-11 10:01 - 000001493 _____ C:\Users\Igor\Documents\2 PROCESSOs (SRV2) - Kléber.lnk 2021-06-10 14:13 - 2021-06-16 11:01 - 013320358 _____ C:\Users\Igor\Downloads\Backup de Controle de Cartões COM Cliente COM Parcela COM Loja COM Antecipação.xlk 2021-06-10 14:13 - 2021-06-10 14:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-06-10 14:13 - 2021-06-10 14:13 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-06-10 14:13 - 2021-06-10 14:13 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-06-10 14:13 - 2021-06-10 14:13 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-06-10 14:13 - 2021-06-10 14:13 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-06-10 14:13 - 2021-06-10 14:13 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-06-10 14:12 - 2021-06-10 14:12 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-06-10 14:12 - 2021-06-10 14:12 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-06-10 14:11 - 2021-06-10 14:11 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-06-10 14:11 - 2021-06-10 14:11 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-06-10 14:11 - 2021-06-10 14:11 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-06-10 14:11 - 2021-06-10 14:11 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-06-10 14:10 - 2021-06-10 14:10 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-06-10 14:10 - 2021-06-10 14:10 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-06-10 14:10 - 2021-06-10 14:10 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-06-10 14:09 - 2021-06-10 14:09 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-06-10 14:09 - 2021-06-10 14:09 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-06-10 14:09 - 2021-06-10 14:09 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-06-10 09:13 - 2021-06-10 14:19 - 010036590 _____ C:\Users\Igor\Downloads\PLANILHA TESTE Controle de Cartões.xlsm 2021-06-09 17:42 - 2021-06-09 17:52 - 003619348 _____ C:\Users\Igor\Downloads\1566925625Controle-Cartoes.xlsx 2021-06-09 16:41 - 2021-06-09 16:41 - 003593394 _____ C:\Users\Igor\Downloads\Planilha-de-Controle-de-Cartoes-4.0-Demo (1) (1).xlsm 2021-06-09 16:26 - 2021-06-09 16:33 - 000000000 ____D C:\Users\Igor\AppData\Roaming\Code 2021-06-09 16:26 - 2021-06-09 16:26 - 000000000 ____D C:\Users\Igor\.vscode 2021-06-09 16:25 - 2021-06-09 16:25 - 000000000 ____D C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code 2021-06-09 16:20 - 2021-06-09 16:21 - 000000000 ____D C:\Users\Igor\Downloads\Planilha-de-Controle-de-Cartoes-4.0-Demo 2021-06-09 16:09 - 2021-06-09 16:09 - 004325338 _____ C:\Users\Igor\Downloads\Planilha-de-Controle-de-Cartoes-4.0-Demo (1).xlsm 2021-06-09 14:40 - 2021-06-09 14:51 - 004323822 _____ C:\Users\Igor\Downloads\Planilha-de-Controle-de-Cartoes-4.0-Demo.zip 2021-06-09 14:30 - 2021-06-09 14:30 - 000410572 _____ C:\Users\Igor\Downloads\Planilha_Controle_Vendas_Saipos.xlsx 2021-06-09 08:19 - 2021-06-09 08:19 - 000000000 ____D C:\Users\Igor\AppData\Local\Avast Software 2021-06-09 08:18 - 2021-06-09 08:18 - 000002164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2021-06-09 08:18 - 2021-06-09 08:18 - 000002152 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2021-06-09 08:18 - 2021-06-09 08:18 - 000002152 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk 2021-06-09 08:16 - 2021-06-18 14:10 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update 2021-06-09 08:16 - 2021-06-09 08:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software 2021-06-09 08:15 - 2021-06-09 08:16 - 000522864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000851144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000471352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000365536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000339680 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2021-06-09 08:15 - 2021-06-09 08:15 - 000326976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000250336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000216360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000215336 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000180944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000099296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000082856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000041296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000035664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArDisk.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000017328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys 2021-06-09 08:15 - 2021-06-09 08:15 - 000000000 ____D C:\Program Files\Common Files\Avast Software 2021-06-09 08:14 - 2021-06-09 08:14 - 000000000 ____D C:\Program Files\Avast Software 2021-06-08 17:09 - 2021-06-08 17:09 - 000148612 _____ C:\Users\Igor\Documents\cc_20210608_170933.reg 2021-06-08 10:05 - 2021-06-08 10:05 - 000043299 _____ C:\Users\Igor\Downloads\ExtratoContaCorrente_20210608.pdf 2021-06-03 17:39 - 2021-06-03 17:41 - 000000000 ____D C:\Users\Igor\Desktop\contas a receber 2021-06-03 17:39 - 2021-06-03 17:39 - 000000000 ____D C:\Users\Igor\Downloads\Nova pasta 2021-06-03 17:33 - 2021-06-03 17:33 - 000026029 _____ C:\Users\Igor\Downloads\Contas_Receber_EM_03062021173232.xls 2021-06-03 17:30 - 2021-06-03 17:30 - 000053456 _____ C:\Users\Igor\Downloads\Relatório.TXT 2021-06-03 17:24 - 2021-06-03 17:24 - 000563645 _____ C:\Users\Igor\Downloads\PLANO DE AÇÃO DESIGNAÇÃO.docx.pdf 2021-06-03 16:55 - 2021-06-03 16:55 - 000248868 _____ C:\Users\Igor\Downloads\WhatsApp Image 2021-06-03 at 16.51.45.jpeg 2021-06-03 14:53 - 2021-06-03 17:39 - 000031744 _____ C:\Users\Igor\Downloads\BIN_A_20210603195344.xls 2021-06-03 14:43 - 2021-06-03 14:49 - 000228352 _____ C:\Users\Igor\Downloads\BIN_T_20210603194323.xls 2021-06-03 11:11 - 2021-06-03 11:11 - 000503704 _____ C:\Users\Igor\Downloads\6e5f25449561e4f36c4b2f13b26ba054.pdf 2021-06-03 10:12 - 2021-06-03 10:12 - 000004550 _____ C:\Users\Igor\Downloads\ExtratoContaCorrente__20210603.txt 2021-06-03 09:41 - 2021-06-03 09:41 - 000049664 _____ C:\Users\Igor\Downloads\recebiveis-2021-06-03-2022-04-30 (1).xls 2021-06-03 08:50 - 2021-06-04 17:34 - 000028672 _____ C:\Users\Igor\Downloads\historico-de-vendas-2021-06-02-2021-06-02.xls 2021-06-03 08:46 - 2021-06-03 08:46 - 000031232 _____ C:\Users\Igor\Downloads\calendario-recebiveis-2022-03-01-2022-03-31.xls 2021-06-03 08:41 - 2021-06-04 18:07 - 000100352 _____ C:\Users\Igor\Downloads\calendario-recebiveis-2021-06-01-2021-06-30.xls 2021-06-03 08:19 - 2021-06-03 08:19 - 000271584 _____ C:\Users\Igor\Downloads\15519697561535464954CONCIL-PLANILHA_CONCILIACAO_CARTAO.xlsx 2021-06-03 08:19 - 2021-06-03 08:19 - 000271584 _____ C:\Users\Igor\Downloads\15519697561535464954CONCIL-PLANILHA_CONCILIACAO_CARTAO (1).xlsx 2021-06-03 08:16 - 2021-06-03 08:16 - 000101480 _____ C:\Users\Igor\Downloads\contaazul-planilha-conciliacao-cartao.xlsx 2021-06-02 16:29 - 2021-06-02 16:34 - 000120832 _____ C:\Users\Igor\Downloads\recebiveis-2021-06-03-2022-04-30.xls 2021-06-02 16:12 - 2021-06-02 16:12 - 000030208 _____ C:\Users\Igor\Downloads\recebiveis-2021-06-03-2021-06-03.xls 2021-06-02 15:33 - 2021-06-04 18:07 - 000230400 _____ C:\Users\Igor\Downloads\BIN_T_20210602203315.xls 2021-06-02 15:30 - 2021-06-04 18:07 - 000223744 _____ C:\Users\Igor\Downloads\BIN_T_20210602203009.xls 2021-06-02 14:31 - 2021-06-02 17:10 - 000003922 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineEULA 2021-06-02 14:31 - 2021-06-02 17:10 - 000003908 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineEULA 2021-06-02 14:31 - 2021-06-02 17:10 - 000003746 _____ C:\WINDOWS\system32\Tasks\BatteryBoostCheckOnLogon_{B2HP0844-0772-46L7-BAED-A80BD35AC5B8} 2021-06-02 14:31 - 2021-06-02 17:10 - 000003692 _____ C:\WINDOWS\system32\Tasks\Warsaw's CoreFixer 2021-06-02 14:31 - 2021-06-02 17:10 - 000003674 _____ C:\WINDOWS\system32\Tasks\Win Manager 2021-06-02 14:28 - 2021-06-02 14:28 - 003410464 _____ (Common Apps) C:\Users\Igor\Downloads\InstaPrivateViewer.exe 2021-06-02 14:28 - 2021-06-02 14:28 - 003409256 _____ (Common Apps) C:\Users\Igor\Downloads\InstaPrivateViewer (1).exe 2021-06-02 10:00 - 2021-06-02 10:00 - 000537988 _____ C:\Users\Igor\Downloads\PROPOSTA PREÇO EMPRESA.pdf 2021-06-02 10:00 - 2021-06-02 10:00 - 000081793 _____ C:\Users\Igor\Downloads\APRESENTAÇÃO DA EMPRESA.pdf 2021-06-02 08:58 - 2021-06-02 08:58 - 000231424 _____ C:\Users\Igor\Downloads\BIN_T_20210602135834.xls 2021-06-02 08:22 - 2021-06-02 08:22 - 000198656 _____ C:\Users\Igor\Downloads\BIN_T_20210602132211.xls 2021-06-01 15:48 - 2021-06-01 15:48 - 000010060 _____ C:\Users\Igor\Downloads\PAGAMENTO 31 05 2021 (2).htm 2021-06-01 15:47 - 2021-06-01 15:47 - 000010060 _____ C:\Users\Igor\Downloads\PAGAMENTO 31 05 2021.htm 2021-06-01 15:47 - 2021-06-01 15:47 - 000010060 _____ C:\Users\Igor\Downloads\PAGAMENTO 31 05 2021 (1).htm 2021-06-01 15:38 - 2021-06-18 14:14 - 000000000 ____D C:\Users\Igor\Documents\CARTÕES 2021-06-01 15:10 - 2021-06-01 15:10 - 000030720 _____ C:\Users\Igor\Downloads\recebiveis-2021-05-31-2021-05-31.xls 2021-06-01 15:04 - 2021-06-01 15:04 - 000013323 _____ C:\Users\Igor\Downloads\dirf-01-06-2021-1504.pdf 2021-06-01 14:58 - 2021-06-01 14:58 - 000034816 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1458.XLS 2021-06-01 14:57 - 2021-06-01 14:57 - 000034816 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1457.XLS 2021-06-01 14:57 - 2021-06-01 14:57 - 000034816 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1457 (1).XLS 2021-06-01 14:56 - 2021-06-01 14:56 - 000035328 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1456.XLS 2021-06-01 14:55 - 2021-06-01 14:56 - 000034816 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1455 (1).XLS 2021-06-01 14:55 - 2021-06-01 14:55 - 000035328 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1455.XLS 2021-06-01 14:54 - 2021-06-01 14:54 - 000035840 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1454.XLS 2021-06-01 14:54 - 2021-06-01 14:54 - 000035840 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1454 (1).XLS 2021-06-01 14:53 - 2021-06-01 14:53 - 000036352 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1453.XLS 2021-06-01 14:52 - 2021-06-01 14:52 - 000036352 _____ C:\Users\Igor\Downloads\balanco-meus-recebimentos-cielo-01-06-2021-1452.XLS 2021-05-29 08:36 - 2021-06-08 17:04 - 000000000 ____D C:\WINDOWS\Minidump 2021-05-28 09:26 - 2021-05-28 09:26 - 000104627 _____ C:\Users\Igor\Downloads\boleto cef.jpeg 2021-05-28 09:08 - 2021-05-28 09:08 - 000055825 _____ C:\Users\Igor\Downloads\boleto (4).pdf 2021-05-27 14:53 - 2021-05-27 14:53 - 000055787 _____ C:\Users\Igor\Downloads\boleto (3).pdf 2021-05-27 14:45 - 2021-05-27 14:45 - 000055575 _____ C:\Users\Igor\Downloads\boleto (2).pdf 2021-05-26 11:18 - 2021-05-26 11:18 - 004023783 _____ C:\Users\Igor\Downloads\Declaração de Residencia.pdf 2021-05-26 11:18 - 2021-05-26 11:18 - 003899762 _____ C:\Users\Igor\Downloads\Ficha de Atendimento 1.pdf 2021-05-26 11:18 - 2021-05-26 11:18 - 003824473 _____ C:\Users\Igor\Downloads\Ficha de Atendimento 2.pdf 2021-05-26 11:03 - 2021-05-26 11:03 - 000232921 _____ C:\Users\Igor\Downloads\FICHA DE ATENDIMENTO PROCON.pdf 2021-05-25 08:26 - 2021-05-25 08:26 - 000096033 _____ C:\Users\Igor\Downloads\fatura mes 04.pdf 2021-05-25 08:25 - 2021-05-25 08:25 - 000095896 _____ C:\Users\Igor\Downloads\fatura mes 05.pdf 2021-05-25 08:25 - 2021-05-25 08:25 - 000075120 _____ C:\Users\Igor\Downloads\fatura mes 01.pdf 2021-05-25 08:24 - 2021-05-25 08:24 - 000075158 _____ C:\Users\Igor\Downloads\fatura mes 02.pdf 2021-05-25 08:23 - 2021-05-25 08:23 - 000075113 _____ C:\Users\Igor\Downloads\fatura mes 03.pdf 2021-05-25 08:13 - 2021-05-25 08:13 - 002976754 _____ C:\Users\Igor\Downloads\FGTS.pdf 2021-05-25 08:05 - 2021-05-25 08:05 - 007159759 _____ C:\Users\Igor\Downloads\Carteira 3.pdf 2021-05-25 08:05 - 2021-05-25 08:05 - 005996441 _____ C:\Users\Igor\Downloads\Carteira 2.pdf 2021-05-25 08:04 - 2021-05-25 08:04 - 014418180 _____ C:\Users\Igor\Downloads\Documento CNH.pdf 2021-05-25 08:04 - 2021-05-25 08:04 - 006845607 _____ C:\Users\Igor\Downloads\Carteira 1.pdf 2021-05-24 18:02 - 2021-05-24 18:02 - 002893503 _____ C:\Users\Igor\Downloads\Cartão Banco.pdf 2021-05-24 16:26 - 2021-05-24 16:26 - 002044707 _____ C:\Users\Igor\Downloads\Vistoria_122 - ENTRADA CASA 1204 SUL.pdf 2021-05-24 16:20 - 2021-05-24 16:20 - 000129663 _____ C:\Users\Igor\Downloads\WhatsApp Image 2021-05-24 at 08.48.47.jpeg 2021-05-24 16:19 - 2021-05-24 16:19 - 000457347 _____ C:\Users\Igor\Downloads\CONTRATO LOCAÇÃO- GLEICIANY.docx - Clicksign (1).pdf 2021-05-24 16:19 - 2021-05-24 16:19 - 000152472 _____ C:\Users\Igor\Downloads\Carteira de Habilitação.jpeg 2021-05-24 15:39 - 2021-05-24 15:39 - 004362349 _____ C:\Users\Igor\Downloads\Contra Cheque 2.pdf 2021-05-24 15:39 - 2021-05-24 15:39 - 004304643 _____ C:\Users\Igor\Downloads\Contra Cheque3.pdf 2021-05-24 15:39 - 2021-05-24 15:39 - 004060521 _____ C:\Users\Igor\Downloads\Contra Cheque1.pdf 2021-05-24 15:38 - 2021-05-24 15:38 - 005001577 _____ C:\Users\Igor\Downloads\Requerimento .pdf 2021-05-24 15:38 - 2021-05-24 15:38 - 004500121 _____ C:\Users\Igor\Downloads\Termo de Rescisão.pdf 2021-05-24 15:38 - 2021-05-24 15:38 - 004200219 _____ C:\Users\Igor\Downloads\Termo de Homologação.pdf 2021-05-24 15:38 - 2021-05-24 15:38 - 002928479 _____ C:\Users\Igor\Downloads\Comunicação Dispensa.pdf 2021-05-24 10:26 - 2021-05-24 10:27 - 000072318 _____ C:\Users\Igor\Downloads\Termo.pdf 2021-05-24 10:26 - 2021-05-24 10:27 - 000072318 _____ C:\Users\Igor\Downloads\Termo (1).pdf 2021-05-24 09:04 - 2021-05-24 09:04 - 000425390 _____ C:\Users\Igor\Downloads\6 - DESPESA GURUPI.xlsx 2021-05-24 09:04 - 2021-05-24 09:04 - 000425390 _____ C:\Users\Igor\Downloads\6 - DESPESA GURUPI (2).xlsx 2021-05-24 09:04 - 2021-05-24 09:04 - 000425390 _____ C:\Users\Igor\Downloads\6 - DESPESA GURUPI (1).xlsx 2021-05-24 09:03 - 2021-05-24 09:03 - 000853964 _____ C:\Users\Igor\Downloads\3 - DESPESA ARAGUAINA.xlsx 2021-05-24 09:03 - 2021-05-24 09:03 - 000560390 _____ C:\Users\Igor\Downloads\2 - DESPESA TAQUARALTO.xlsx 2021-05-24 09:03 - 2021-05-24 09:03 - 000446949 _____ C:\Users\Igor\Downloads\4 - DESPESA PARAISO.xlsx 2021-05-24 08:46 - 2021-06-18 14:42 - 000000000 ____D C:\Users\Igor\Desktop\CUSTO 2021-05-21 16:16 - 2021-05-21 16:16 - 000457347 _____ C:\Users\Igor\Downloads\CONTRATO LOCAÇÃO- GLEICIANY.docx - Clicksign.pdf 2021-05-20 12:01 - 2021-05-20 12:01 - 000005670 _____ C:\Users\Igor\Downloads\Google Passwords2.csv 2021-05-20 11:55 - 2021-05-20 11:55 - 000005610 _____ C:\Users\Igor\Downloads\Google Passwords.csv 2021-05-20 10:47 - 2021-05-20 10:47 - 000024408 _____ C:\Users\Igor\Downloads\Comprovante de assinatura do documento_ CONTRATO LOCAÇÃO- GLEICIANY.docx.eml 2021-05-19 10:25 - 2021-05-19 10:25 - 000429299 _____ C:\Users\Igor\Downloads\comp endereço.PDF 2021-05-19 10:23 - 2021-05-19 10:23 - 000195564 _____ C:\Users\Igor\Downloads\WhatsApp Image 2021-05-19 at 10.23.11.jpeg ==================== Um mês (modificados) ================== (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) 2021-06-18 16:02 - 2019-12-07 06:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-06-18 15:58 - 2020-09-02 14:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-18 14:27 - 2019-12-07 06:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-06-18 14:27 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-06-18 14:14 - 2019-10-02 21:40 - 000000000 ____D C:\Users\Igor\AppData\Local\Packages 2021-06-18 14:07 - 2020-03-19 15:38 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-06-18 14:07 - 2020-03-19 14:53 - 000047800 _____ (GAS Tecnologia) C:\WINDOWS\system32\Drivers\wsddfac.sys 2021-06-18 07:59 - 2020-04-19 22:10 - 000000000 ____D C:\Program Files\CCleaner 2021-06-17 18:06 - 2019-10-02 19:05 - 000000000 ____D C:\ProgramData\AVAST Software 2021-06-17 18:04 - 2020-09-02 15:27 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-17 18:04 - 2020-09-02 14:47 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-17 18:03 - 2019-12-07 06:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-06-17 17:01 - 2020-03-19 15:45 - 000002232 ____H C:\Users\Igor\Documents\Default.rdp 2021-06-17 10:37 - 2020-03-21 10:44 - 000000000 ____D C:\Users\Igor\AppData\Local\CrashDumps 2021-06-17 10:36 - 2020-09-02 15:27 - 000003394 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4172972481-2685928953-3407284005-1001 2021-06-17 10:35 - 2019-11-15 08:57 - 000000000 ___RD C:\Users\Igor\OneDrive 2021-06-17 10:33 - 2020-09-02 14:54 - 000002370 _____ C:\Users\Igor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-06-17 08:24 - 2019-10-02 19:01 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-06-15 14:31 - 2020-09-02 15:27 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update 2021-06-15 12:03 - 2019-10-03 14:52 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-06-15 12:00 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\zWindowsPowerShell 2021-06-15 11:59 - 2021-04-30 10:49 - 000000000 ____D C:\Users\Igor\Documents\WPS Cloud Files 2021-06-15 11:24 - 2019-12-07 06:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-06-15 10:51 - 2020-04-18 14:28 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-06-15 10:51 - 2019-12-07 06:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-06-15 08:52 - 2020-09-02 15:15 - 001741824 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-15 08:52 - 2019-12-07 11:53 - 000752646 _____ C:\WINDOWS\system32\prfh0416.dat 2021-06-15 08:52 - 2019-12-07 11:53 - 000148760 _____ C:\WINDOWS\system32\prfc0416.dat 2021-06-15 08:52 - 2019-12-07 06:13 - 000000000 ____D C:\WINDOWS\INF 2021-06-14 14:03 - 2020-04-09 17:41 - 000000000 ____D C:\Users\Igor\Downloads\Texto para ativar 2021-06-14 10:26 - 2020-03-19 14:52 - 000000000 ____D C:\ProgramData\Temp 2021-06-14 10:25 - 2017-03-18 18:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-06-14 10:23 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2021-06-14 08:27 - 2020-07-10 14:54 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-06-11 20:49 - 2020-11-25 21:45 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-06-11 18:51 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-06-11 18:45 - 2020-09-02 14:47 - 000448104 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-06-11 18:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-06-11 18:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-06-11 18:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2021-06-11 18:40 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-06-11 18:39 - 2019-12-07 11:56 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-06-11 18:39 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-06-11 15:34 - 2020-07-30 11:20 - 000000000 ____D C:\Users\Igor\Downloads\Q8TS6HF_SETUP 2021-06-10 13:08 - 2019-10-03 08:40 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-06-10 13:03 - 2019-10-03 08:40 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-06-10 09:11 - 2019-10-02 18:48 - 000002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-06-09 16:26 - 2020-09-02 14:54 - 000000000 ____D C:\Users\Igor 2021-06-09 08:18 - 2019-10-05 14:07 - 000000000 ____D C:\Users\Igor\AppData\Roaming\AVAST Software 2021-06-08 17:05 - 2019-10-03 14:52 - 000000000 ____D C:\Users\Igor\AppData\Roaming\TeamViewer 2021-06-08 17:04 - 2021-05-17 09:12 - 001729032 _____ C:\Users\Igor\Desktop\CAIXA ATSI TESTE 17.05.xlsm 2021-06-08 17:04 - 2020-08-29 15:25 - 000000000 ___DC C:\WINDOWS\Panther 2021-06-08 17:04 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-06-07 08:11 - 2019-11-15 08:33 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-05-29 12:04 - 2019-12-14 19:24 - 000000000 ____D C:\Users\Igor\AppData\Local\Spotify 2021-05-29 11:49 - 2019-12-14 19:22 - 000000000 ____D C:\Users\Igor\AppData\Roaming\Spotify 2021-05-29 08:36 - 2019-12-07 06:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-05-25 07:48 - 2020-11-25 21:45 - 000725304 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll 2021-05-25 07:48 - 2020-11-25 21:45 - 000470328 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll 2021-05-20 10:52 - 2019-10-03 08:32 - 000000000 ____D C:\Users\Igor\AppData\Local\Comms ==================== Arquivos na raiz de alguns diretórios ======== 2021-06-14 11:14 - 2021-06-14 11:14 - 000421479 _____ () C:\Users\Igor\AppData\Local\ars.cache 2021-06-14 11:17 - 2021-06-14 11:17 - 000885832 _____ () C:\Users\Igor\AppData\Local\census.cache 2021-06-14 10:31 - 2021-06-14 10:31 - 000000036 _____ () C:\Users\Igor\AppData\Local\housecall.guid.cache 2021-06-14 10:35 - 2021-06-14 10:35 - 000000010 _____ () C:\Users\Igor\AppData\Local\sponge.last.runtime.cache ==================== FCheck ================================ (Se uma entrada for incluída na fixlist, o arquivo/pasta será movido.) FCheck: C:\WINDOWS\SysWOW64\sbtrl.dll [2021-05-09] <==== ATENÇÃO (zero byte Arquivo/Pasta) ==================== SigCheck ============================ (Não há correção automática para arquivos que não passaram na verificação.) ==================== Fim de FRST.txt ======================== Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 16-06-2021 Executado por Carlos Roque (18-06-2021 16:21:29) Executando a partir de C:\Users\Igor\Desktop Windows 10 Pro Versão 2004 19041.1052 (X64) (2020-09-02 18:29:02) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-4172972481-2685928953-3407284005-500 - Administrator - Disabled) Carlos Roque (S-1-5-21-4172972481-2685928953-3407284005-1001 - Administrator - Enabled) => C:\Users\Igor Convidado (S-1-5-21-4172972481-2685928953-3407284005-501 - Limited - Disabled) DefaultAccount (S-1-5-21-4172972481-2685928953-3407284005-503 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-4172972481-2685928953-3407284005-504 - Limited - Disabled) ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Disabled - Up to date) {EB19B86E-3998-C706-90EF-92B41EB091AF} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated) Apple Mobile Device Support (HKLM\...\{74CC99EB-7DC0-4CB0-847A-F8C2FE39690C}) (Version: 14.5.0.7 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 21.4.2464 - Avast Software) AVG Secure Browser (HKLM-x32\...\AVG Secure Browser) (Version: 84.1.5542.137 - Autores do AVG Secure Browser) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.81 - Piriform) CISSPoder 20 (HKLM-x32\...\CISSPoder_is1) (Version: 20.0.2.409 - CISS S.A - Gesto para o Varejo) Componente de Segurança Bradesco (HKLM-x32\...\scpbrad) (Version: 1.0.0.49 - Banco Bradesco S.A.) DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3020 - Acer Incorporated) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden GnuWin32: OpenSSL-0.9.8h-1 (HKLM-x32\...\OpenSSL-0.9.8h-1_is1) (Version: 0.9.8h-1 - GnuWin32) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.106 - Google LLC) GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.) GSKit8 Crypt 32-bit (HKLM-x32\...\{DA82404B-7767-43DB-9DA0-790BE2006AF6}) (Version: 8.0.50.89 - IBM) GSKit8 Crypt 64-bit (HKLM\...\{DA3033FE-D62C-4C1F-8B4A-0E00A69DC929}) (Version: 8.0.50.89 - IBM) GSKit8 SSL 32-bit (HKLM-x32\...\{6FACA056-274E-43D7-B63E-BD92FE6B40C1}) (Version: 8.0.50.89 - IBM) GSKit8 SSL 64-bit (HKLM\...\{9CCB3BD6-DBBB-48AA-AB00-22468C8D23B8}) (Version: 8.0.50.89 - IBM) IBM Data Server Runtime Client - DB2COPY1 (HKLM\...\{36DAE68E-6D8E-479C-BE52-D1D8E2A81E64}) (Version: 11.1.3030.239 - Nome de sua empresa:) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4815 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1725.1 - Intel Corporation) iTunes (HKLM\...\{88781001-E828-40DD-9E64-A5F8B5A9C97E}) (Version: 12.11.3.17 - Apple Inc.) Java 8 Update 261 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180261F0}) (Version: 8.0.2610.12 - Oracle Corporation) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.48 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.12527.20880 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Visual Studio Code (User) (HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.56.2 - Microsoft Corporation) Mozilla Firefox 88.0 (x64 pt-BR) (HKLM\...\Mozilla Firefox 88.0 (x64 pt-BR)) (Version: 88.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0 - Mozilla) MySQL Connector/ODBC 5.1 (HKLM-x32\...\{6F206B58-E2F7-4A70-ACAC-8E0ABFBC62F6}) (Version: 5.1.8 - Oracle Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20720 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20720 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20720 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.12527.20720 - Microsoft Corporation) Hidden OpenVPN 2.5-beta1 amd64 (HKLM\...\{E5931AF4-2A8F-48A5-AFC8-D10D05782988}) (Version: 2.5.010 - OpenVPN, Inc.) psqlODBC (HKLM-x32\...\{838E187D-8B7A-473D-B93C-C8E970B15D2B}) (Version: 09.01.0100 - PostgreSQL Global Development Group) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.17134.21306 - Realtek Semiconductor Corp.) RogueKiller version 15.0.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.3.0 - Adlice Software) Sistema Quantum (HKLM-x32\...\{669A497D-A7F5-4DAC-93E1-B94C17982B6F}_is1) (Version: - QUANTUM SERVIÇOS DE INFORMÁTICA LTDA) Software de dispositivo do Chipset Intel® (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden Spotify (HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\Spotify) (Version: 1.1.39.612.g1e7e78a4 - Spotify AB) Sybase DataWindow PS (HKLM-x32\...\Sybase DataWindow PS_is1) (Version: 1.0.2 - ) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.13.6 - TeamViewer) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.14 - VideoLAN) Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - LunarG, Inc.) Hidden Warsaw 2.18.0.65 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.18.0.65 - Diebold Nixdorf) WinRAR 5.60 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.60.0 - win.rar GmbH) wkhtmltox 0.12.4 (HKLM\...\wkhtmltopdf) (Version: - ) Zoom (HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.) Packages: ========= Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-25] (Microsoft Corporation) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_127.1.115.0_x64__v10z8vjag6ke6 [2021-05-17] (HP Inc.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-03] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-03] (Microsoft Corporation) [MS Ad] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-07-04] (Realtek Semiconductor Corp) ==================== Exame Personalizado CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Arquivo não assinado] ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-15] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Arquivo não assinado] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Nenhum Arquivo ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6190efbd5855552a\igfxDTCM.dll [2018-03-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-06-09] (Avast Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-15] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2018-06-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1_S-1-5-21-4172972481-2685928953-3407284005-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo ContextMenuHandlers4_S-1-5-21-4172972481-2685928953-3407284005-1001: [ kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => -> Nenhum Arquivo ==================== Codecs (Whitelisted) ==================== ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) ShortcutWithArgument: C:\Users\Igor\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default ==================== Módulos Carregados (Whitelisted) ============= 2019-06-24 17:01 - 2012-12-07 11:42 - 001236992 _____ () [Arquivo não assinado] C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1120GC.dll 2019-06-24 17:01 - 2012-12-07 11:43 - 000396288 _____ () [Arquivo não assinado] C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1120SD.DLL 2019-06-24 17:01 - 2012-12-07 11:42 - 003695616 _____ () [Arquivo não assinado] C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1120SU.DLL 2019-07-04 09:17 - 2012-12-13 13:00 - 001985024 _____ (Brother Industries, Ltd.) [Arquivo não assinado] C:\WINDOWS\system32\spool\DRIVERS\x64\3\BRUIM12A.DLL 2020-07-30 10:03 - 2020-07-30 10:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll 2020-07-30 10:03 - 2020-07-30 10:03 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll ==================== Alternate Data Streams (Whitelisted) ======== (Se uma entrada for incluída na fixlist, somente o ADS será removido.) AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [1980] AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410] AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [1980] AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [1980] AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [1980] AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [274] ==================== Modo de Segurança (Whitelisted) ================== (Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://cemar.promaxcloud.com.br/pw/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&PC=UE04 SearchScopes: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001 -> {BE025866-59A3-438D-87DA-F5E8936ACCDE} URL = hxxp://www.nav-qo.com/search?q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-07-30] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\ssv.dll [2020-07-29] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\jp2ssv.dll [2020-07-29] (Oracle America, Inc. -> Oracle Corporation) IE Session Restore: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001 -> está habilitado. Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-30] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-07-30] (Microsoft Corporation -> Microsoft Corporation) (Se uma entrada for incluída na fixlist, será removida do Registro.) IE trusted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\promaxcloud.com.br -> promaxcloud.com.br IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\1001movie.com -> 1001movie.com Existem ainda 6091 sites a mais. ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2017-03-18 18:03 - 2019-10-02 19:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %CISS_JAVA8_X86%;C:\Program Files (x86)\IBM\gsk8\bin;C:\Program Files (x86)\IBM\gsk8\lib;C:\Program Files (x86)\IBM\gsk8\bin;C:\Program Files\IBM\gsk8\bin;C:\Program Files (x86)\IBM\gsk8\lib;C:\Program Files\IBM\gsk8\lib64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\PROGRA~1\IBM\SQLLIB\BIN;C:\PROGRA~1\IBM\SQLLIB\FUNCTION HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 10.1.1.99 - 10.1.1.253 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Firewall do Windows está habilitado. Network Binding: ============= Wi-Fi: Diebold Network Monitor -> nt_wsddntf (enabled) Ethernet: Diebold Network Monitor -> nt_wsddntf (enabled) Conexão Local: Diebold Network Monitor -> nt_wsddntf (enabled) ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: AtherosSvc => 2 MSCONFIG\Services: avast! Tools => 2 MSCONFIG\Services: avg => 2 MSCONFIG\Services: avgm => 3 MSCONFIG\Services: AVGSecureBrowserElevationService => 3 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: cplspcon => 2 MSCONFIG\Services: DB2MGMTSVC_DB2COPY1 => 2 MSCONFIG\Services: GoogleChromeElevationService => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: igfxCUIService2.0.0.0 => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: OpenVPNServiceInteractive => 2 MSCONFIG\Services: OpenVPNServiceLegacy => 3 MSCONFIG\Services: rkrtservice => 2 MSCONFIG\Services: RtkAudioUniversalService => 2 MSCONFIG\Services: TeamViewer => 2 HKLM\...\StartupApproved\Run: => "RtkAudUService" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\StartupApproved\StartupFolder: => "Google Crash Handler.lnk" HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\StartupApproved\StartupFolder: => "Google Crash Handler (x64).lnk" HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\StartupApproved\Run: => "Chromium" HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\StartupApproved\Run: => "OPENVPN-GUI" HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning" HKU\S-1-5-21-4172972481-2685928953-3407284005-1001\...\StartupApproved\Run: => "AVGBrowserAutoLaunch_53555997F69ACAAC90C8D6BFEE795FCB" ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [{04552FC9-9F7F-435E-84E4-ABB03BAA186F}] => (Allow) C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe (AVG Technologies USA, LLC -> AVG Technologies) FirewallRules: [{95536077-19B5-4632-9823-981285C01881}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{570BBA3F-FC12-46A3-9B2C-933BF23118AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{BE7842AB-27FA-4A53-9893-29C0F8B64D6A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F2164AA9-D2BA-4F3E-933E-1DECC3714C66}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{C5E6A593-A4E1-48DA-B037-36413228BF58}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{1D32ECFB-30A0-4072-879B-227CDEACBFF2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{C90E86EF-90FB-4DAE-9E21-125EB0F10C7F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{4E620C42-4D56-4094-BAF7-06AE10D75EFD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{18D70EEB-1B3B-45C6-9635-9237DE86013C}] => (Allow) C:\Users\Igor\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{D7C588F8-04D4-45CE-B136-F357917542F4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{65D5B287-E177-4C16-987B-38EF0177BE3A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{15B8811C-486C-48E0-93D0-B3A4F04FD879}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe (PROCOMP INDUSTRIA ELETRONICA LTDA -> Diebold Nixdorf) FirewallRules: [UDP Query User{54EEFA42-FBFF-4943-BCEC-F1CD61CCB239}C:\users\igor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\igor\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{4C59FD82-3C24-478D-B29E-9506C3974200}C:\users\igor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\igor\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [UDP Query User{1D71BDDA-9945-45F3-9960-812A483A4C33}C:\users\igor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\igor\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [TCP Query User{4F4C9F9D-FE8B-47ED-96D8-9138E8C9BC42}C:\users\igor\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\igor\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CCB6B8DB-2E85-4FEE-B871-73AAEEB12F9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{C05A7C93-A455-42D8-AE8F-CB7AFC3E5AA6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{0810C248-B263-46DB-824D-3548FB2DBF7D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{E7FADBEC-BA9E-4844-B9AA-4E346916C84E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{4C51EF57-CBB5-4C24-BEB8-95DF88755538}] => (Allow) C:\Users\Igor\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{7D99AF0F-279A-46FE-8623-3EEB512BEE69}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B9E23A49-3905-4556-9DC0-3617DFFA19D6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{8FDCEF8F-7E33-430A-9A9E-98BAF9F3DC3D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C6849F99-842B-4A69-AC9C-2A50ABBB5629}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5F2164D8-8485-40D4-B7D0-E2FC96886445}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1CB86B8B-D467-4C8D-9B62-44E53980E0D8}] => (Allow) C:\Users\Igor\AppData\Local\Temp\HouseCall\tmase\nmap\nmap.exe (Insecure.Org) [Arquivo não assinado] FirewallRules: [{8C825BD0-EA7B-47D4-9C30-39C2213DB572}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Pontos de Restauração ========================= 15-06-2021 10:30:51 ZHPcleaner 15-06-2021 10:57:09 BKP 15-06-2021 11:19:03 Instalador de Módulos do Windows 17-06-2021 17:57:10 BACKUP 1706 ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (06/17/2021 06:02:35 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Error: (06/17/2021 06:02:35 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado. ] Error: (06/17/2021 06:02:35 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Erro do serviço de cópias de sombra de volume: erro inesperado ao chamar a rotina CoCreateInstance. hr = 0x8007045b, O sistema está sendo desligado. . Error: (06/17/2021 06:02:35 PM) (Source: VSS) (EventID: 13) (User: ) Description: Informações sobre o Serviço de Cópias de Sombra de Volume: não é possível iniciar o Servidor COM com CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} e nome CEventSystem. [0x8007045b, O sistema está sendo desligado. ] Error: (06/17/2021 12:08:18 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome do aplicativo com falha: bad_module_info, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Nome do módulo com falha: unknown, versão: 0.0.0.0, carimbo de data/hora: 0x00000000 Código de exceção: 0x00000000 Deslocamento da falha: 0x0000000000000000 ID do processo com falha: 0x3040 Hora de início do aplicativo com falha: 0x01d763689fe33f72 Caminho do aplicativo com falha: bad_module_info Caminho do módulo com falha: unknown ID do Relatório: 47048ca0-0f86-46bf-ba34-c24c801f3e4f Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Error: (06/17/2021 12:07:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Quantum.exe versão 1.2800.4.585 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 3928 Hora de Início: 01d76384ee312039 Hora de Término: 55 Caminho do Aplicativo: \\10.1.1.190\sistema\SISTEMA-Q-LOCAL\Quantum.exe ID do Relatório: daa831b0-ae38-48a0-ae25-db1d8b5628d9 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Tipo com falha: Unknown Error: (06/17/2021 11:05:01 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Quantum.exe versão 1.2800.4.585 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 30dc Hora de Início: 01d7637ecb90e215 Hora de Término: 48 Caminho do Aplicativo: \\10.1.1.190\sistema\SISTEMA-Q-LOCAL\Quantum.exe ID do Relatório: 371f4fc0-63fe-4e45-8d08-96898a918dc4 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Tipo com falha: Cross-thread Error: (06/17/2021 11:04:54 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: O programa Quantum.exe versão 1.2800.4.585 parou de interagir com o Windows e foi fechado. Para ver se mais informações sobre o problema estão disponíveis, verifique o histórico de problemas no painel de controle Segurança e Manutenção. ID do Processo: 44bc Hora de Início: 01d7637eb8b66cfa Hora de Término: 54 Caminho do Aplicativo: \\10.1.1.190\sistema\SISTEMA-Q-LOCAL\Quantum.exe ID do Relatório: 7d9273b7-c843-43cb-a239-729d7cc2c737 Nome completo do pacote com falha: ID do aplicativo relativo ao pacote com falha: Tipo com falha: Cross-thread Erros de Sistema: ============= Error: (06/18/2021 07:52:37 AM) (Source: TPM) (EventID: 15) (User: ) Description: O driver de dispositivo do TPM (Trusted Platform Module) encontrou um erro irrecuperável no hardware TPM, o que impede que os serviços do TPM (como criptografia de dados) sejam usados. Para obter mais ajuda, contate o fabricante do computador. Error: (06/17/2021 06:04:04 PM) (Source: TPM) (EventID: 15) (User: AUTORIDADE NT) Description: O driver de dispositivo do TPM (Trusted Platform Module) encontrou um erro irrecuperável no hardware TPM, o que impede que os serviços do TPM (como criptografia de dados) sejam usados. Para obter mais ajuda, contate o fabricante do computador. Error: (06/17/2021 04:46:32 PM) (Source: LsaSrv) (EventID: 6041) (User: ) Description: Uma autenticação CredSSP para TERMSRV/10.1.1.99 não negociou uma versão de protocolo comum. O host remoto ofereceu a versão 2, que não é permitida pela Correção do Oráculo de Criptografia. Consulte https://go.microsoft.com/fwlink/?linkid=866660 para obter mais informações. Error: (06/17/2021 12:08:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço. Error: (06/16/2021 06:01:32 PM) (Source: Schannel) (EventID: 4103) (User: AUTORIDADE NT) Description: Erro fatal ao criar uma credencial TLS cliente. O estado do erro interno é 10013. Error: (06/16/2021 06:01:26 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: O nome "WORKGROUP :1d" não pôde ser registrado na interface com o endereço IP 10.1.1.227. O computador de endereço IP 10.1.1.190 não permitiu que o nome fosse reivindicado por este computador. Error: (06/16/2021 05:59:09 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: O nome "WORKGROUP :1d" não pôde ser registrado na interface com o endereço IP 10.1.1.227. O computador de endereço IP 10.1.1.190 não permitiu que o nome fosse reivindicado por este computador. Error: (06/16/2021 08:39:29 AM) (Source: TPM) (EventID: 15) (User: ) Description: O driver de dispositivo do TPM (Trusted Platform Module) encontrou um erro irrecuperável no hardware TPM, o que impede que os serviços do TPM (como criptografia de dados) sejam usados. Para obter mais ajuda, contate o fabricante do computador. Windows Defender: ================ Date: 2021-06-08 10:32:47 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {5F121F65-24E1-4D5F-9B22-D170E49FF6EC} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-06-05 08:18:39 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {2126F7B1-CAF6-488D-8E84-7465ED3B87ED} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-06-04 00:37:17 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {80582E80-D412-4F33-8E60-44CC28FA665E} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-06-03 07:58:32 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {ACB123CF-59BC-4B6C-864E-D2162C3B220B} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-06-02 07:56:55 Description: O exame do Microsoft Defender Antivírus foi interrompido antes da conclusão. ID do Exame: {224C3807-F224-4A14-9718-55766C2D55EF} Tipo de Exame: Antimalware Parâmetros do Exame: Verificação Rápida Usuário: AUTORIDADE NT\SISTEMA Date: 2021-06-04 12:42:54 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: 1.341.40.0 Versão da Inteligência de Segurança anterior: 1.339.1972.0 Fonte da Atualização: Usuário Tipo da Inteligência de Segurança: Anti-spyware Tipo da atualização: Delta Usuário: AUTORIDADE NT\SISTEMA Versão Atual do Mecanismo: 1.1.18200.4 Versão Anterior do Mecanismo: 1.1.18100.6 Código de Erro: 0x80070666 Descrição do Erro: Outra versão deste produto já está instalada. A instalação desta versão não pode continuar. Para configurar ou remover a versão existente deste produto, use 'Adicionar ou remover programas' no Painel de Controle. Date: 2021-06-04 12:42:54 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: 1.341.40.0 Versão da Inteligência de Segurança anterior: 1.339.1972.0 Fonte da Atualização: Usuário Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Delta Usuário: AUTORIDADE NT\SISTEMA Versão Atual do Mecanismo: 1.1.18200.4 Versão Anterior do Mecanismo: 1.1.18100.6 Código de Erro: 0x80070666 Descrição do Erro: Outra versão deste produto já está instalada. A instalação desta versão não pode continuar. Para configurar ou remover a versão existente deste produto, use 'Adicionar ou remover programas' no Painel de Controle. Date: 2021-06-04 12:42:54 Description: O Microsoft Defender Antivírus encontrou um erro ao tentar atualizar o mecanismo. Nova Versão do Mecanismo: 1.1.18200.4 Versão Anterior do Mecanismo: 1.1.18100.6 Usuário: AUTORIDADE NT\SISTEMA Código do Erro: 0x80070666 Descrição do erro: Outra versão deste produto já está instalada. A instalação desta versão não pode continuar. Para configurar ou remover a versão existente deste produto, use 'Adicionar ou remover programas' no Painel de Controle. Date: 2021-06-04 06:44:02 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: 1.341.40.0 Versão da Inteligência de Segurança anterior: 1.339.1972.0 Fonte da Atualização: Usuário Tipo da Inteligência de Segurança: Anti-spyware Tipo da atualização: Delta Usuário: AUTORIDADE NT\SISTEMA Versão Atual do Mecanismo: 1.1.18200.4 Versão Anterior do Mecanismo: 1.1.18100.6 Código de Erro: 0x80070666 Descrição do Erro: Outra versão deste produto já está instalada. A instalação desta versão não pode continuar. Para configurar ou remover a versão existente deste produto, use 'Adicionar ou remover programas' no Painel de Controle. Date: 2021-06-04 06:44:02 Description: Microsoft Defender Antivírus encontrou um erro ao tentar atualizar a inteligência de segurança. Nova Versão da Inteligência de Segurança: 1.341.40.0 Versão da Inteligência de Segurança anterior: 1.339.1972.0 Fonte da Atualização: Usuário Tipo da Inteligência de Segurança: Antivírus Tipo da atualização: Delta Usuário: AUTORIDADE NT\SISTEMA Versão Atual do Mecanismo: 1.1.18200.4 Versão Anterior do Mecanismo: 1.1.18100.6 Código de Erro: 0x80070666 Descrição do Erro: Outra versão deste produto já está instalada. A instalação desta versão não pode continuar. Para configurar ou remover a versão existente deste produto, use 'Adicionar ou remover programas' no Painel de Controle. CodeIntegrity: =============== Date: 2021-06-18 16:22:37 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2021-06-18 16:20:40 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Microsoft signing level requirements. Date: 2021-06-18 16:18:13 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Avast Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Informações da Memória =========================== BIOS: Insyde Corp. V2.02 01/03/2019 placa-mãe: KBL Metapod_KL Processador: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Percentagem de memória em uso: 53% RAM física total: 12163.6 MB RAM física disponível: 5640.53 MB Virtual Total: 14019.6 MB Virtual disponível: 7609.13 MB ==================== Drives ================================ Drive () (Fixed) (Total:930.51 GB) (Free:462.27 GB) NTFS \\?\Volume{bf1677ce-0000-0000-0000-100000000000}\ (Reservado pelo Sistema) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS \\?\Volume{bf1677ce-0000-0000-0000-40c0e8000000}\ () (Fixed) (Total:0.51 GB) (Free:0.07 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: BF1677CE) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=519 MB) - (Type=27) ==================== Fim de Addition.txt =======================
  6. Aparentemente tudo ok. Reiniciou demorado mas normal.
  7. Bom dia, Segue ogueKiller Anti-Malware V15.0.3.0 (x64) [Jun 15 2021] (Free) by Adlice Software mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19041) 64 bits Started in : Normal mode User : Carlos Roque [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Signatures : 20210615_000001, Driver : Loaded Mode : Standard Scan, Scan -- Date : 2021/06/17 10:18:43 (Duration : 00:19:33) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [Suspicious.Path (Potentially Malicious)] \Rerun Warsaw's CoreFixer -- C:\WINDOWS\TEMP\is-GK4OE.tmp\corefixer.exe [/norerun] -> Found [Suspicious.Path (Potentially Malicious)] \Win Manager -- GoogleCrashHandler.exe -> Found [Suspicious.Path (Potentially Malicious)] \Warsaw's CoreFixer -- GoogleCrashHandler64.exe -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ >>>>>> XX - Software [PUP.Gen1 (Potentially Malicious)] (X64) HKEY_USERS\S-1-5-21-4172972481-2685928953-3407284005-1001\Software\Tencent -- N/A -> Found >>>>>> XX - System Policies [PUM.Policies (Potentially Malicious)] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- 0 -> Found ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
  8. bom dia Na minha ignorância eu havia rodado esses 2 arquivos anteriormente e não salvei seus logs. Havia sim, detectado alguns problemas mas como disse não os salver, peço desculpas pelo fato. Segue arquivos em anexo da nova verificação. AdwCleaner[S00].txt ZHPCleaner (S).txt
  9. Bom dia, Meu notebook esta infectado com alguma coisa que o Avast não pega. Não consegui rodar o ZA-scan Poderiam me ajudar??

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas comunidades sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...

Curso de Hacker Ético

LANÇAMENTO!

CLIQUE AQUI E CONFIRA!

* Este curso não é ministrado pela equipe do Clube do Hardware.