Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa noite!
Estava trabalhando em um arquivo de um pendrive e ele ficou inacessível. Quando abri o pendrive vi que esse arquivo e outros estavam com datas de criação último acesso de 2030, 2040, entre outras. Outros arquivos ficaram corrompidos. Fiz uma varredura no pendrive e no computador e nada foi detectado. Será que há algum malware não detectado pelo Win Defender?
Seguem abaixo os logs da FRST:
https://www.cjoint.com/c/KBCxH5n7VaZ
https://www.cjoint.com/c/KBCxJaDfAGZ
Muito obrigada!
Obs.: O mesmo tópico foi possivelmente criado em local errado, peço que seja deletado.
Boa noite, DigRam!
Conforme orientações, seguem os relatórios.
Obrigada e desculpa pela demora!
Obs.: Após o evento de troca de datas dos arquivos e outros, eu fiz uma varredura com o Win Defender, copiei os arquivos que não foram corrompidos para outro local e formatei o pendrive.
# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : Windows
# User : Ivan (Administrator)
# Device : IVAN-PC
# Started : 24/03/2021 18:43:05
# ----------------------------------------------------
------------ | Analyzed disks |
C:\ NTFS (216GB/465GB) [Fixed]
------------ | Infected elements |
~ No element detected ~
------------ | Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade
04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe
04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
------------ | Tasks |
Task - Adobe Acrobat Update Task --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin
Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin
Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync
------------ | C:\ %SystemDrive% - Fixed drive (NTFS) |
[13/09/2016 - 21:50:20 | A | 1 Ko] - DelFix.txt
[24/03/2021 - 09:02:18 | ASH | 8 Ko] - DumpStack.log.tmp
[24/03/2021 - 09:02:17 | ASH | 3138180 Ko] - hiberfil.sys
[24/03/2021 - 09:02:18 | ASH | 262144 Ko] - swapfile.sys
[24/03/2021 - 16:05:38 | ASH | 2438768 Ko] - pagefile.sys
[06/10/2015 - 20:26:43 | A | 1 Ko] - .rnd
[10/06/2020 - 20:06:24 | SHD] - Config.Msi
[06/03/2017 - 22:23:55 | A | 2 Ko] - console.log
[20/02/2021 - 13:19:26 | ASH | 8 Ko] - DumpStack.log
[25/09/2018 - 12:02:57 | SH | 0 Ko] - bootTel.dat
[30/11/2020 - 22:43:52 | SHD] - $Recycle.Bin
[14/07/2009 - 02:08:56 | SHD] - Documents and Settings
[12/11/2013 - 09:06:26 | SHD] - Arquivos de Programas
[12/11/2013 - 10:20:06 | RHD] - MSOCache
[06/02/2014 - 12:56:19 | D] - Php2
[06/02/2014 - 13:13:19 | D] - PHP
[06/07/2014 - 15:26:11 | D] - ODF_MAINFRAME
[15/12/2014 - 09:21:55 | D] - temp
[06/02/2015 - 16:28:10 | D] - Level up
[01/09/2015 - 10:08:30 | D] - MySQL_1
[23/09/2015 - 01:08:37 | D] - 3aeb140115f410706a411c
[30/10/2015 - 04:18:34 | ASH | 0 Ko] - BOOTNXT
[07/09/2017 - 21:37:32 | D] - dosprog
[02/03/2018 - 14:47:49 | HD] - $SysReset
[03/03/2018 - 12:13:01 | RSHD] - Office Activation Technologies
[24/03/2018 - 15:36:46 | D] - Sierra
[25/01/2019 - 12:02:04 | D] - instaldor
[28/01/2019 - 22:05:43 | D] - Jogos
[26/05/2019 - 18:37:51 | HD] - VTRoot
[22/09/2019 - 20:11:51 | D] - Boruto
[07/12/2019 - 06:14:52 | D] - PerfLogs
[20/02/2020 - 17:16:08 | D] - Arquivos de Programas RFB
[11/07/2020 - 22:42:25 | D] - Python
[26/09/2020 - 18:38:31 | HD] - $WinREAgent
[29/09/2020 - 01:55:27 | SHD] - Recovery
[14/11/2020 - 21:30:44 | D] - SecurityCheck
[30/11/2020 - 16:58:48 | HD] - ProgramData
[28/02/2021 - 19:33:11 | D] - FRST
[12/03/2021 - 00:46:33 | D] - Windows
[22/03/2021 - 12:07:29 | RD] - Users
[22/03/2021 - 12:09:00 | RD] - Program Files
[24/03/2021 - 18:41:55 | RD] - Program Files (x86)
Infected elements : 0
Analyzed elements : 88788 in 00h 00m 51s
# UsbFix-Report-01.txt [6841B]
------------ | E.O.F |
# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :
# Contact : [https://www.usb-antivirus.com/contact](https://www.usb-antivirus.com/contact)
# ----------------------------------------------------
# Scan type : USB
# User : Ivan (Administrator)
# Device : IVAN-PC
# Started : 24/03/2021 18:48:14
# ----------------------------------------------------
------------ | Analyzed disks |
H:\ FAT32 (8GB/8GB) [Removable]
------------ | Infected elements |
~ No element detected ~
------------ | Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade
04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe
04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
------------ | Tasks |
Task - Adobe Acrobat Update Task --> C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin
Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin
Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync
------------ | H:\ - Removable drive (FAT32) |
Infected elements : 0
Analyzed elements : 65992 in 00h 00m 12s
# UsbFix-Report-01.txt [4912B]
------------ | E.O.F |/!\ Bom Dia! Annluciap /!\
------------ | Infected elements |
~ No element detected ~
>
> Não houve infecção ao sistema,segundo a UsbFix.
> Copie estas informações que estão no Spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as ao desktop! ( Área de trabalho ... )
start::
CloseProcesses:
Createrestorepoints:
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe"
HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe"
Task: {166C390A-1AC0-4A57-9FB9-89C3C873F4D9} - \Adobe Flash Player Updater -> Nenhum Arquivo <==== ATENÇÃO
Task: {D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6"
SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000 -> URL hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_25050030005_76.0.3809.132_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1004 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=82_25050004005_65.0.2.15_u_ds&p={searchTerms}
FirewallRules: [UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo
FirewallRules: [{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
EmptyTemp:
Reboot:
end::
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/IsRtnte.jpg&key=e02edae083edace15c6933c009d0a904d47de872b8951907e93617b0282d936c" class="ipsImage" alt="IsRtnte.jpg" data-imageproxy-source="https://imgur.com/IsRtnte.jpg" />
> Execute **FRST/FRST64** >> Clique "**Corrigir**" << *Aguarde!*
> Poste o **relatório** "*Resultado da Correção pela Farbar Recovery Scan Tool*". (**Fixlog.txt**)
> Este e **outros relatórios**,podem ser encontrados na **pasta**: Disco Local (**C**) > FRST > *Logs*
< Este script foi elaborado exclusivamente para este computador,portanto peço aos **visitantes** que **não** o utilize em outras "máquinas". >
[]sBoa tarde, DigRam!
Segue abaixo o relatório.
Obrigada.
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 28-03-2021
Executado por Ivan (28-03-2021 16:01:53) Run:4
Executando a partir de C:\Users\Ana\Desktop
Perfis Carregados: Ivan & Ana & postgres
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
CloseProcesses:
Createrestorepoints:
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe"
HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\...\MountPoints2: {25bb5ae4-8632-11ea-bc0c-00158307c667} - "E:\Windows/AutoRun.exe"
Task: {166C390A-1AC0-4A57-9FB9-89C3C873F4D9} - \Adobe Flash Player Updater -> Nenhum Arquivo <==== ATENÇÃO
Task: {D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
ShortcutWithArgument: C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 6"
SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1000 -> URL hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=81_25050030005_76.0.3809.132_u_ds&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1793361252-1642306814-3946400002-1004 -> {0AA24E16-07B3-4694-8357-3C21ACC5F516} URL = hxxps://br.search.yahoo.com/yhs/search?hspart=comodo&hsimp=yhs-com_chrome&type=82_25050004005_65.0.2.15_u_ds&p={searchTerms}
FirewallRules: [UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe] => (Allow) C:\program files (x86)\comodo\dragon\dragon.exe => Nenhum Arquivo
FirewallRules: [{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
FirewallRules: [{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}] => (Allow) C:\Users\Ivan\AppData\Roaming\Zoom\bin\airhost.exe => Nenhum Arquivo
EmptyTemp:
Reboot:
*****************
Processos fechados com sucesso.
Createrestorepoints: => Erro: Nenhuma correção automática foi encontrada para esta entrada.
HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso.
HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25bb5ae4-8632-11ea-bc0c-00158307c667} => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{166C390A-1AC0-4A57-9FB9-89C3C873F4D9}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D36AC41E-4056-4C76-A92A-BEE7ACC5CC7C}" => removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => movido com sucesso
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removido (a) com sucesso.
C:\Users\Ivan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\371b6590bc8d800\Pessoa 1 - Chrome.lnk => Atalho argumento removido (a) com sucesso.
"HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL" => removido (a) com sucesso.
HKU\S-1-5-21-1793361252-1642306814-3946400002-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516} => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{DC2E45F4-50AD-4C1C-9915-4AF0556F7AF7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7E4F4740-54D5-4D58-8AF7-CC2BFA0EC069}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8C4A0A8E-A43D-4232-BA28-5649BBA2DD08}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{99D6D03E-FC57-40D1-B950-9C748AB8FDD7}C:\program files (x86)\bsgo\launcher\launcher.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{62655275-AAB8-4D84-8FA8-449E58C3D0AF}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B8E728AC-69D2-4D7C-A389-34011778A0EA}C:\program files (x86)\comodo\dragon\dragon.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FCD38E26-CFEE-4F33-BA6C-48F6AF2142D9}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C7CF382D-71AC-45E2-9B8F-B05B36D84F7E}" => removido (a) com sucesso.
=========== EmptyTemp: ==========
BITS transfer queue => 12607488 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 195212909 B
Java, Flash, Steam htmlcache => 1095 B
Windows/system/drivers => 141098158 B
Edge => 0 B
Chrome => 2284501 B
Firefox => 1138797994 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9019374 B
Ivan => 1183767532 B
Ana => 1441549614 B
postgres => 1441549614 B
RecycleBin => 775424631 B
EmptyTemp: => 5.9 GB de dados temporários Removidos.
================================
O sistema precisou ser reiniciado.
==== Fim de Fixlog 16:08:56 ====/!\ Bom Dia! Annluciap /!\
**EmptyTemp: => 5.9 GB de dados temporários Removidos**.
A limpeza de **temporários** foi substancial,pelo visto.
Como está sua máquina!
Tudo **Ok**?
[]sBoa noite, DigRam!
O computador está menos lento pós limpeza!
O que aconteceu hoje foi de novo um malware em outro pendrive. Não usava esse pendrive há muito tempo.
Utilizando o UsbFix foi detectado um malware em um arquivo. Esse arquivo foi para a quarentena. Eu acabei não gerando o relatório.
Posteriormente, eu utilizei de novo a ferramenta UsbFix e seguem abaixo os relatórios.
Obrigada novamente!
# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : Windows
# User : Ivan (Administrator)
# Device : IVAN-PC
# Started : 21/04/2021 19:06:06
# ----------------------------------------------------
------------ | Analyzed disks |
C:\ NTFS (208GB/465GB) [Fixed]
------------ | Infected elements |
~ No element detected ~
------------ | Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade
04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe
04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
------------ | Tasks |
Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin
Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin
Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync
------------ | C:\ %SystemDrive% - Fixed drive (NTFS) |
[13/09/2016 - 21:50:20 | A | 1 Ko] - DelFix.txt
[21/04/2021 - 17:37:07 | ASH | 8 Ko] - DumpStack.log.tmp
[21/04/2021 - 17:37:06 | ASH | 3138180 Ko] - hiberfil.sys
[21/04/2021 - 17:37:07 | ASH | 2359296 Ko] - pagefile.sys
[21/04/2021 - 17:37:07 | ASH | 262144 Ko] - swapfile.sys
[06/10/2015 - 20:26:43 | A | 1 Ko] - .rnd
[10/06/2020 - 20:06:24 | SHD] - Config.Msi
[06/03/2017 - 22:23:55 | A | 2 Ko] - console.log
[13/04/2021 - 11:10:37 | ASH | 8 Ko] - DumpStack.log
[25/09/2018 - 12:02:57 | SH | 0 Ko] - bootTel.dat
[30/11/2020 - 22:43:52 | SHD] - $Recycle.Bin
[14/07/2009 - 02:08:56 | SHD] - Documents and Settings
[12/11/2013 - 09:06:26 | SHD] - Arquivos de Programas
[12/11/2013 - 10:20:06 | RHD] - MSOCache
[06/02/2014 - 12:56:19 | D] - Php2
[06/02/2014 - 13:13:19 | D] - PHP
[06/07/2014 - 15:26:11 | D] - ODF_MAINFRAME
[15/12/2014 - 09:21:55 | D] - temp
[06/02/2015 - 16:28:10 | D] - Level up
[01/09/2015 - 10:08:30 | D] - MySQL_1
[23/09/2015 - 01:08:37 | D] - 3aeb140115f410706a411c
[30/10/2015 - 04:18:34 | ASH | 0 Ko] - BOOTNXT
[07/09/2017 - 21:37:32 | D] - dosprog
[02/03/2018 - 14:47:49 | HD] - $SysReset
[03/03/2018 - 12:13:01 | RSHD] - Office Activation Technologies
[24/03/2018 - 15:36:46 | D] - Sierra
[25/01/2019 - 12:02:04 | D] - instaldor
[28/01/2019 - 22:05:43 | D] - Jogos
[26/05/2019 - 18:37:51 | HD] - VTRoot
[22/09/2019 - 20:11:51 | D] - Boruto
[07/12/2019 - 06:14:52 | D] - PerfLogs
[11/07/2020 - 22:42:25 | D] - Python
[26/09/2020 - 18:38:31 | HD] - $WinREAgent
[29/09/2020 - 01:55:27 | SHD] - Recovery
[14/11/2020 - 21:30:44 | D] - SecurityCheck
[30/11/2020 - 16:58:48 | HD] - ProgramData
[22/03/2021 - 12:07:29 | RD] - Users
[22/03/2021 - 12:09:00 | RD] - Program Files
[26/03/2021 - 16:11:16 | RD] - Program Files (x86)
[28/03/2021 - 16:25:14 | D] - FRST
[10/04/2021 - 20:19:32 | D] - Arquivos de Programas RFB
[20/04/2021 - 18:30:01 | D] - Windows
Infected elements : 0
Analyzed elements : 86318 in 00h 00m 23s
# UsbFix-Report-47.txt [6740B]
------------ | E.O.F |
# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : Shell Menu
# User : Ivan (Administrator)
# Device : IVAN-PC
# Started : 21/04/2021 19:29:24
# ----------------------------------------------------
------------ | Analyzed disks |
H:\ FAT32 (2GB/4GB) [Removable]
------------ | Infected elements |
~ No element detected ~
------------ | Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKCU\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKCU\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKCU\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKLM\..\Run : [IseUI] C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SecurityHealth] %windir%\system32\SecurityHealthSystray.exe
04 - [x64] HKLM\..\Run : [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [OneDrive] "C:\Users\Ivan\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Discord] C:\Users\Ivan\AppData\Local\Discord\app-0.0.306\Discord.exe
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [Gaijin.Net Updater] "C:\Users\Ivan\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe"
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [CiscoMeetingDaemon] "C:\Users\Ivan\AppData\Local\WebEx\ciscowebexstart.exe" /daemon /from=autorun
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1000\..\Run : [ApacheTomcatMonitor7.0_Tomcat7] "C:\Program Files\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7w.exe" //MS//Tomcat7
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1793361252-1642306814-3946400002-1008\..\RunOnce : [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade
04GS - AnyDesk.lnk : C:\Program Files (x86)\AnyDesk\AnyDesk.exe
04GS - Monitor Apache Servers.lnk : C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
04GS - Monitor Biblivre 5.lnk : C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
------------ | Tasks |
Task - Adobe Flash Player NPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe -check plugin
Task - Adobe Flash Player PPAPI Notifier --> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_pepper.exe -check pepperplugin
Task - CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
Task - GoogleUpdateTaskMachineCore --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - MicrosoftEdgeUpdateTaskMachineCore --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
Task - MicrosoftEdgeUpdateTaskMachineUA --> C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1000 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - OneDrive Standalone Update Task-S-1-5-21-1793361252-1642306814-3946400002-1004 --> %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{37BA45BF-BFCF-4431-A92D-C5E9AB481B69} --> C:\WINDOWS\system32\msfeedssync.exe sync
------------ | H:\ - Removable drive (FAT32) |
[15/06/2013 - 09:35:56 | N | 0 Ko] - ~$Fromages_2013.pptx
[10/04/2021 - 20:32:02 | D] - autorun.inf
[12/04/2012 - 21:33:58 | D] - Backup pen drive
[12/04/2012 - 21:34:48 | D] - Backup pendrive
[12/04/2012 - 21:34:50 | D] - Arquivos 15
[12/04/2012 - 21:34:52 | D] - Arquivos 14
[12/04/2012 - 21:34:56 | D] - Arquivos 13
[17/11/2012 - 14:47:46 | D] - Arquivos 12
[17/11/2012 - 14:48:48 | D] - Arquivos 11
[17/11/2012 - 14:49:08 | D] - Arquivos 10
[19/11/2013 - 15:29:16 | D] - Arquivos 9
[25/02/2014 - 15:46:00 | D] - Arquivos 8
[24/11/2014 - 19:41:56 | D] - Arquivos 6
[27/02/2015 - 13:15:48 | D] - Arquivos 5
[23/09/2015 - 18:11:04 | D] - Arquivos 4
[06/06/2017 - 13:59:10 | D] - Arquivos 3
[10/08/2017 - 17:06:52 | D] - Arquivos 2
[19/09/2019 - 10:43:26 | D] - Arquivos 1
[21/04/2021 - 19:28:30 | RD] - Desktop
Infected elements : 0
Analyzed elements : 9227 in 00h 00m 01s
# UsbFix-Report-52.txt [5648B]
------------ | E.O.F |/!\ Boa Noite! Annluciap /!\
> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1377.photobucket.com/albums/ah43/caedurodrigues/Removal%2520Tools/SFT_Icon_zpsf8e1bf56.png&key=50ea599a4148658ca55b3ee0c7481356f54733c2bc24a6e3f86d76dad34561da" />SFTGC > ( ... de Pierre13 )
< Ou Aqui > << Link!
> Desabilite seu antivírus!
> Tendo dificuldades no download,utilize o navegador Internet Explorer.
> Feche programas que estejam abertos!
> Para Windows 10,8.1 e 7,execute "SFTGC.exe" como administrador!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/SFTGC_Go_zps151dad06.jpg&key=1b6242bb716a1a228385ec3e75d2bd83e0dff6646ff08e4d73d5097c9c6f66c5" />
> Execute-o e clique "Go".
> Aguarde seu término,que é rápido.
> Poste o relatório! ( SFT.txt )
> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
> Acesse,para esta tarefa! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" /> >
>
Citar
> Ou aqui,em Up.Security-x.fr
[Abs]
Boa noite, DigRam!
Desculpa pela demora.
Minha máquina parou de funcionar. Problema com a placa mãe e não teve como consertar. Restou apenas o HD interno que com um case agora é um HD externo.
Por isso peço, por favor, para arquivar esse tópico, ok?
Obrigada!
/!\ Ok! Annluciap /!\
O Tópico será MOVIDO para setor adequado.
[]s
Tópico Arquivado
Conforme petição do autor,este Tópico foi arquivado.
/!\ Boa Tarde! Annluciap /!\
>
Citar
https://www.fosshub.com/UsbFix.html?dwl=UsbFix_2019_11.022.exe
> Baixe esta ferramenta (UsbFix),e a execute .
> Faça-o com o pendrive infectado inserido!
> Ps: Feche a janela que pede a atualização da mesma.
/applications/core/interface/imageproxy/imageproxy.php?img=https://thumbs2.imgbox.com/0e/d4/0512G1uy_t.jpg&key=4183ec448b96937fd888629f490d4e250a11d8be1f4754e3cbf3641f0cc8576e" />
> Clique Run an Analysis.
/applications/core/interface/imageproxy/imageproxy.php?img=https://thumbs2.imgbox.com/da/69/TGdkaHXd_t.jpg&key=321d84cb156c2ceccd6e10af82282a8ad625863bab6809341d621c74805f163e" />
> Dentre as opções,escolha "Analyze Windows".
/applications/core/interface/imageproxy/imageproxy.php?img=https://thumbs2.imgbox.com/c7/76/B45hHpOY_t.jpg&key=17cf89b9f82d0dc10cc6d36125628af33ab540b9cf3ebb9a4459a9fd8dd4d437" />
> Ao concluir,clique "Report".
> Poste o relatório! (UsbFix_Report)
> Agora,abra novamente a ferramenta e clique em "Scan USB Disks".
> Ao concluir,você pode remover o pendrive!
> Poste também este relatório!
[]s