RUY
Members-
Content count
481 -
Joined
-
Last visited
Community Reputation
2 ComumAbout RUY
- Birthday 09/15/1975
Informações Pessoais
-
Sexo
Masculino
-
Localização
Porto Alegre
Contato
-
Twitter
@ivansc
-
Facebook
ivansc
-
Site Pessoal
http://www.netvibes.com/ivansc
-
RUY started following MPDFT ajuíza 1ª ação civil pública com base na LGPD, Maquina lenta and Arquivo Suspeito - Autorum.ini
-
A maquina está lenta ao usar o anti virus foram detectados 4 trojan( imagem) usei as ferramentas do modelo FRST https://www.cjoint.com/c/LHjcUPvaR3o Addition https://www.cjoint.com/c/LHjcVYEMlJo
-
Ola Digiram segue o log WebSite: SafeZone.cc DateLog: 05.07.2021 21:00:24 Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: User VersionXML: 8.90is-03.07.2021 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x86) Professional Lang: Portuguese(0416) Installation date OS: 21.05.2006 05:37:38 LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files\Internet Explorer\iexplore.exe SystemDrive: C: FS: [NTFS] Capacity: [55.8 Gb] Used: [33.7 Gb] Free: [22.1 Gb] ——————————————————————————————— [ Windows ] ——————————————————————————————— Extended support has ended 14.01.2020, Your operating system may be vulnerable to new types of threats Internet Explorer 11.0.9600.17843 Warning! Download Update User Account Control enabled The elevation prompt for administrators disabled ^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^ Never check for updates Date install updates: 2020-05-04 15:08:52 Windows Update (wuauserv) - The service is running Central de Seguranзa (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped Descoberta SSDP (SSDPSRV) - The service is running Serviзos de Бrea de Trabalho Remota (TermService) - The service has stopped Windows Remote Management (WS-Management) (WinRM) - The service has stopped ——————————————————————————————— [ HotFix ] ———————————————————————————————— HotFix KB3177467 Warning! Download Update HotFix KB3125574 Warning! Download Update HotFix KB4012212 Warning! Download Update HotFix KB4499175 Warning! Download Update HotFix KB4539602 Warning! Download Update —————————————————————————————— [ MS Office ] —————————————————————————————— Microsoft Office 2010 x86 v.14.0.7015.1000 ———————————————————————————— [ Antivirus_WMI ] ———————————————————————————— Avira Antivirus (enabled and up to date) ——————————————————————————— [ FirewallWindows ] ——————————————————————————— Firewall do Windows (MpsSvc) - The service is running ——————————————————————————— [ AntiSpyware_WMI ] ——————————————————————————— Avira Antivirus (enabled and up to date) Windows Defender (disabled and out of date) —————————————————————— [ AntiVirusFirewallInstall ] ——————————————————————— Avira Antivirus v.15.0.2104.2083 Warning! Download Update Avira Security v.1.1.50.19847 Avira v.1.2.155.4877 —————————————————————————— [ SecurityUtilities ] —————————————————————————— UsbFix Anti-Malware Premium v.11.0.3.2 ——————————————————————————— [ OtherUtilities ] ———————————————————————————— Microsoft Office Professional Plus 2010 v.14.0.7015.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice Microsoft Silverlight v.5.1.50918.0 Microsoft .NET Framework 4.8 v.4.8.03761 Microsoft .NET Framework 4.8 (Portuguкs (Brasil)) v.4.8.03761 Microsoft .NET Framework 4.8 (PTB) v.4.8.03761 —————————————————————————————— [ ArchAndFM ] —————————————————————————————— WinRAR 5.21 (32-bit) v.5.21.0 Warning! Download Update ———————————————————————————— [ ProxyAndVPNs ] ————————————————————————————— Avira Phantom VPN v.2.37.4.17510 ———————————————————————————————— [ Media ] ———————————————————————————————— K-Lite Mega Codec Pack 11.3.6 v.11.3.6 Warning! Download Update ——————————————————————————— [ AdobeProduction ] ——————————————————————————— Adobe Acrobat Reader DC v.21.005.20048 ——————————————————————————————— [ Browser ] ——————————————————————————————— Google Chrome v.91.0.4472.124 Mozilla Firefox 64.0.2 (x86 pt-BR) v.64.0.2 Warning! Download Update —————————————————— [ AntivirusFirewallProcessServices ] ——————————————————— Avira Agendamento (AntiVirSchedulerService) - The service is running C:\Program Files\Avira\Antivirus\sched.exe v.15.0.2103.2080 Avira Real-Time Protection (AntiVirService) - The service is running C:\Program Files\Avira\Antivirus\avguard.exe v.15.0.2103.2080 Avira Mail Protection (AntiVirMailService) - The service has stopped Avira Web Protection (AntiVirWebService) - The service has stopped Avira Service Host (Avira.ServiceHost) - The service is running C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe v.1.2.155.4877 C:\Program Files\Avira\Launcher\Avira.Systray.exe v.1.2.155.4877 C:\Program Files\Avira\Antivirus\avshadow.exe v.15.0.2103.2080 C:\Program Files\Avira\Antivirus\avgnt.exe v.15.0.2103.2080 Windows Defender (WinDefend) - The service has stopped ———————————————————————————— [ UnwantedApps ] ————————————————————————————— Avira System Speedup v.6.9.0.11050 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. ————————————————————————————— [ End of Log ] —————————————————————————————— System Analysis - complete.
-
Boa Noite Digiran Avira-gpscan Free Antivirus Data do arquivo de relatório: 2021-07-04 15:10:59 Versão do Windows : 6.1.7601 Modo de inicialização: Normalmente inicializado Nome de usuário : SISTEMA Nome do computador : USER-PC Informações da versão: build.dat : 15.0.2104.2083 124402 Bytes 14/06/2021 16:15:48 scanui.exe : 15.0.2104.2083 3319296 Bytes 23/04/2021 15:10:55 scanuirc.dll : 1.0.2004.608 90488 Bytes 06/05/2020 01:32:04 gpscan.dll : 15.0.2104.2083 936672 Bytes 23/04/2021 15:10:52 remediation.dll : 1.0.2107.474 3395808 Bytes 03/07/2021 17:47:17 remediation.rdf : 1.0.2107.474 653918 Bytes 03/07/2021 17:47:19 avreg.dll : 15.0.2103.2080 640432 Bytes 19/03/2021 16:53:41 avlode.dll : 15.0.2104.2083 3679272 Bytes 23/04/2021 15:10:45 avlode.rdf : 15.0.2104.2083 216575 Bytes 23/04/2021 15:10:45 Versão do mecanismo : 8.3.62.220 xbv00061.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:42 xbv00062.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:42 xbv00063.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:42 xbv00064.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:42 xbv00065.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:42 xbv00066.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:43 xbv00067.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:43 xbv00068.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:43 xbv00069.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:43 xbv00070.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:43 xbv00071.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:44 xbv00072.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:44 xbv00073.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:44 xbv00074.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:44 xbv00075.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:44 xbv00076.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:44 xbv00077.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:45 xbv00078.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:45 xbv00079.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:45 xbv00080.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:45 xbv00081.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:45 xbv00082.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:45 xbv00083.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:46 xbv00084.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:46 xbv00085.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:46 xbv00086.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:46 xbv00087.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:46 xbv00088.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:46 xbv00089.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:47 xbv00090.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:47 xbv00091.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:47 xbv00092.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:47 xbv00093.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:47 xbv00094.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:47 xbv00095.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:48 xbv00096.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:48 xbv00097.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:48 xbv00098.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:48 xbv00099.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:48 xbv00100.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:48 xbv00101.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:49 xbv00102.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:49 xbv00103.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:49 xbv00104.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:49 xbv00105.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:50 xbv00106.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:50 xbv00107.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:50 xbv00108.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:50 xbv00109.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:50 xbv00110.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:50 xbv00111.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:51 xbv00112.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:51 xbv00113.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:51 xbv00114.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:51 xbv00115.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:51 xbv00116.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:52 xbv00117.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:52 xbv00118.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:52 xbv00119.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:52 xbv00120.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:52 xbv00121.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:52 xbv00122.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:53 xbv00123.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:53 xbv00124.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:53 xbv00125.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:53 xbv00126.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:53 xbv00127.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:54 xbv00128.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:54 xbv00129.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:54 xbv00130.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:54 xbv00131.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:55 xbv00132.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:55 xbv00133.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:55 xbv00134.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:55 xbv00135.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:55 xbv00136.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:55 xbv00137.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:56 xbv00138.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:56 xbv00139.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:56 xbv00140.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:56 xbv00141.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:56 xbv00142.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:57 xbv00143.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:57 xbv00144.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:57 xbv00145.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:57 xbv00146.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:57 xbv00147.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:57 xbv00148.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:58 xbv00149.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:58 xbv00150.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:58 xbv00151.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:58 xbv00152.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:58 xbv00153.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:59 xbv00154.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:59 xbv00155.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:59 xbv00156.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:59 xbv00157.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:59 xbv00158.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:00:59 xbv00159.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:00 xbv00160.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:00 xbv00161.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:00 xbv00162.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:00 xbv00163.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:00 xbv00164.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:00 xbv00165.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:01 xbv00166.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:01 xbv00167.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:01 xbv00168.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:01 xbv00169.vdf : 8.18.0.182 2408 Bytes 01/06/2020 23:01:01 xbv00246.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:14 xbv00247.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:14 xbv00248.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:14 xbv00249.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:14 xbv00250.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:14 xbv00251.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:15 xbv00252.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:15 xbv00253.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:15 xbv00254.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:15 xbv00255.vdf : 8.18.35.10 2408 Bytes 03/07/2021 17:47:15 xbv00000.vdf : 7.18.0.98 26622824 Bytes 01/06/2020 22:59:59 xbv00001.vdf : 8.18.0.150 5592936 Bytes 01/06/2020 23:00:07 xbv00002.vdf : 8.18.0.154 10489192 Bytes 01/06/2020 23:00:16 xbv00003.vdf : 8.18.0.182 3298664 Bytes 01/06/2020 23:00:21 xbv00004.vdf : 8.18.0.184 4118888 Bytes 01/06/2020 23:00:25 xbv00005.vdf : 8.18.0.204 6638440 Bytes 01/06/2020 23:00:31 xbv00006.vdf : 8.18.1.78 416616 Bytes 06/06/2020 19:39:37 xbv00007.vdf : 8.18.1.192 478568 Bytes 08/06/2020 14:53:54 xbv00008.vdf : 8.18.2.52 466792 Bytes 14/06/2020 22:54:46 xbv00009.vdf : 8.18.2.166 478056 Bytes 14/06/2020 22:54:47 xbv00010.vdf : 8.18.3.24 382312 Bytes 18/06/2020 21:42:35 xbv00011.vdf : 8.18.3.154 501608 Bytes 15/12/2020 19:00:49 xbv00012.vdf : 8.18.4.10 770408 Bytes 15/12/2020 19:00:52 xbv00013.vdf : 8.18.4.124 283496 Bytes 15/12/2020 19:00:53 xbv00014.vdf : 8.18.4.238 462696 Bytes 15/12/2020 19:00:59 xbv00015.vdf : 8.18.5.44 224616 Bytes 15/12/2020 19:01:06 xbv00016.vdf : 8.18.5.230 781160 Bytes 15/12/2020 19:01:12 xbv00017.vdf : 8.18.6.110 783208 Bytes 15/12/2020 19:01:14 xbv00018.vdf : 8.18.6.212 1197416 Bytes 15/12/2020 19:01:18 xbv00019.vdf : 8.18.7.104 1189224 Bytes 15/12/2020 19:01:20 xbv00020.vdf : 8.18.8.22 1059176 Bytes 15/12/2020 19:01:22 xbv00021.vdf : 8.18.8.184 1195880 Bytes 15/12/2020 19:01:25 xbv00022.vdf : 8.18.9.82 1190248 Bytes 15/12/2020 19:01:30 xbv00023.vdf : 8.18.9.220 1213288 Bytes 15/12/2020 19:01:37 xbv00024.vdf : 8.18.10.102 1269608 Bytes 15/12/2020 19:01:43 xbv00025.vdf : 8.18.10.240 1232232 Bytes 15/12/2020 19:01:47 xbv00026.vdf : 8.18.11.130 1225576 Bytes 15/12/2020 19:01:51 xbv00027.vdf : 8.18.12.56 1005416 Bytes 15/12/2020 19:01:53 xbv00028.vdf : 8.18.12.230 928104 Bytes 15/12/2020 19:01:55 xbv00029.vdf : 8.18.13.152 1101160 Bytes 15/12/2020 19:01:57 xbv00030.vdf : 8.18.14.78 1040232 Bytes 15/12/2020 19:01:59 xbv00031.vdf : 8.18.14.242 1272168 Bytes 15/12/2020 19:02:01 xbv00032.vdf : 8.18.15.166 916328 Bytes 15/12/2020 19:02:05 xbv00033.vdf : 8.18.16.88 1223016 Bytes 15/12/2020 19:02:13 xbv00034.vdf : 8.18.17.10 1170280 Bytes 15/12/2020 19:02:16 xbv00035.vdf : 8.18.17.186 1148776 Bytes 15/12/2020 19:02:18 xbv00036.vdf : 8.18.18.108 764776 Bytes 15/12/2020 19:02:20 xbv00037.vdf : 8.18.19.26 554344 Bytes 04/01/2021 15:04:44 xbv00038.vdf : 8.18.19.202 713064 Bytes 04/01/2021 15:04:44 xbv00039.vdf : 8.18.20.122 694632 Bytes 04/01/2021 15:04:45 xbv00040.vdf : 8.18.21.40 734056 Bytes 19/03/2021 16:54:30 xbv00041.vdf : 8.18.21.180 1218408 Bytes 19/03/2021 16:54:32 xbv00042.vdf : 8.18.22.102 1093992 Bytes 19/03/2021 16:54:33 xbv00043.vdf : 8.18.23.20 1113448 Bytes 19/03/2021 16:54:34 xbv00044.vdf : 8.18.23.174 1217896 Bytes 19/03/2021 16:54:35 xbv00045.vdf : 8.18.24.100 962408 Bytes 19/03/2021 16:54:36 xbv00046.vdf : 8.18.25.20 716136 Bytes 19/03/2021 16:54:37 xbv00047.vdf : 8.18.25.234 739688 Bytes 19/03/2021 16:54:37 xbv00048.vdf : 8.18.26.152 733544 Bytes 19/03/2021 16:54:38 xbv00049.vdf : 8.18.27.70 951656 Bytes 13/04/2021 19:46:58 xbv00050.vdf : 8.18.28.6 861544 Bytes 13/04/2021 19:47:00 xbv00051.vdf : 8.18.28.184 837480 Bytes 13/04/2021 19:47:01 xbv00052.vdf : 8.18.29.120 1113960 Bytes 19/04/2021 20:15:48 xbv00053.vdf : 8.18.30.40 892776 Bytes 29/04/2021 14:54:54 xbv00054.vdf : 8.18.30.214 1035112 Bytes 10/05/2021 19:15:51 xbv00055.vdf : 8.18.31.148 754536 Bytes 25/05/2021 00:46:46 xbv00056.vdf : 8.18.32.66 631656 Bytes 25/05/2021 00:46:48 xbv00057.vdf : 8.18.32.240 784232 Bytes 05/06/2021 18:34:39 xbv00058.vdf : 8.18.33.158 585064 Bytes 10/06/2021 18:15:06 xbv00059.vdf : 8.18.34.92 510824 Bytes 21/06/2021 12:29:39 xbv00060.vdf : 8.18.35.10 579944 Bytes 03/07/2021 17:47:05 xbv00170.vdf : 8.18.35.12 8552 Bytes 03/07/2021 17:47:05 xbv00171.vdf : 8.18.35.14 32104 Bytes 03/07/2021 17:47:05 xbv00172.vdf : 8.18.35.16 8040 Bytes 03/07/2021 17:47:05 xbv00173.vdf : 8.18.35.18 12136 Bytes 03/07/2021 17:47:05 xbv00174.vdf : 8.18.35.20 7016 Bytes 03/07/2021 17:47:05 xbv00175.vdf : 8.18.35.22 7016 Bytes 03/07/2021 17:47:06 xbv00176.vdf : 8.18.35.24 7528 Bytes 03/07/2021 17:47:06 xbv00177.vdf : 8.18.35.26 8040 Bytes 03/07/2021 17:47:06 xbv00178.vdf : 8.18.35.28 7016 Bytes 03/07/2021 17:47:06 xbv00179.vdf : 8.18.35.30 7016 Bytes 03/07/2021 17:47:06 xbv00180.vdf : 8.18.35.32 6504 Bytes 03/07/2021 17:47:06 xbv00181.vdf : 8.18.35.34 7528 Bytes 03/07/2021 17:47:06 xbv00182.vdf : 8.18.35.36 13160 Bytes 03/07/2021 17:47:06 xbv00183.vdf : 8.18.35.38 16232 Bytes 03/07/2021 17:47:06 xbv00184.vdf : 8.18.35.40 10600 Bytes 03/07/2021 17:47:06 xbv00185.vdf : 8.18.35.42 3432 Bytes 03/07/2021 17:47:06 xbv00186.vdf : 8.18.35.44 20328 Bytes 03/07/2021 17:47:07 xbv00187.vdf : 8.18.35.46 36712 Bytes 03/07/2021 17:47:07 xbv00188.vdf : 8.18.35.48 29544 Bytes 03/07/2021 17:47:07 xbv00189.vdf : 8.18.35.50 12136 Bytes 03/07/2021 17:47:07 xbv00190.vdf : 8.18.35.52 10600 Bytes 03/07/2021 17:47:07 xbv00191.vdf : 8.18.35.54 14184 Bytes 03/07/2021 17:47:07 xbv00192.vdf : 8.18.35.56 13672 Bytes 03/07/2021 17:47:07 xbv00193.vdf : 8.18.35.58 5480 Bytes 03/07/2021 17:47:07 xbv00194.vdf : 8.18.35.60 19816 Bytes 03/07/2021 17:47:08 xbv00195.vdf : 8.18.35.62 36200 Bytes 03/07/2021 17:47:08 xbv00196.vdf : 8.18.35.64 10088 Bytes 03/07/2021 17:47:08 xbv00197.vdf : 8.18.35.66 42856 Bytes 03/07/2021 17:47:08 xbv00198.vdf : 8.18.35.68 35688 Bytes 03/07/2021 17:47:08 xbv00199.vdf : 8.18.35.70 9576 Bytes 03/07/2021 17:47:08 xbv00200.vdf : 8.18.35.72 2920 Bytes 03/07/2021 17:47:08 xbv00201.vdf : 8.18.35.74 3432 Bytes 03/07/2021 17:47:09 xbv00202.vdf : 8.18.35.76 31080 Bytes 03/07/2021 17:47:09 xbv00203.vdf : 8.18.35.78 2920 Bytes 03/07/2021 17:47:09 xbv00204.vdf : 8.18.35.80 15208 Bytes 03/07/2021 17:47:09 xbv00205.vdf : 8.18.35.84 34152 Bytes 03/07/2021 17:47:09 xbv00206.vdf : 8.18.35.86 8552 Bytes 03/07/2021 17:47:09 xbv00207.vdf : 8.18.35.88 7016 Bytes 03/07/2021 17:47:09 xbv00208.vdf : 8.18.35.90 9064 Bytes 03/07/2021 17:47:09 xbv00209.vdf : 8.18.35.92 41832 Bytes 03/07/2021 17:47:09 xbv00210.vdf : 8.18.35.94 33640 Bytes 03/07/2021 17:47:10 xbv00211.vdf : 8.18.35.96 11624 Bytes 03/07/2021 17:47:10 xbv00212.vdf : 8.18.35.98 2920 Bytes 03/07/2021 17:47:10 xbv00213.vdf : 8.18.35.100 21864 Bytes 03/07/2021 17:47:10 xbv00214.vdf : 8.18.35.102 2920 Bytes 03/07/2021 17:47:10 xbv00215.vdf : 8.18.35.104 18280 Bytes 03/07/2021 17:47:10 xbv00216.vdf : 8.18.35.106 11624 Bytes 03/07/2021 17:47:10 xbv00217.vdf : 8.18.35.108 43368 Bytes 03/07/2021 17:47:10 xbv00218.vdf : 8.18.35.110 13160 Bytes 03/07/2021 17:47:10 xbv00219.vdf : 8.18.35.112 31080 Bytes 03/07/2021 17:47:11 xbv00220.vdf : 8.18.35.114 38248 Bytes 03/07/2021 17:47:11 xbv00221.vdf : 8.18.35.116 3944 Bytes 03/07/2021 17:47:11 xbv00222.vdf : 8.18.35.118 22376 Bytes 03/07/2021 17:47:11 xbv00223.vdf : 8.18.35.120 3432 Bytes 03/07/2021 17:47:11 xbv00224.vdf : 8.18.35.122 24936 Bytes 03/07/2021 17:47:11 xbv00225.vdf : 8.18.35.124 15720 Bytes 03/07/2021 17:47:11 xbv00226.vdf : 8.18.35.126 7016 Bytes 03/07/2021 17:47:11 xbv00227.vdf : 8.18.35.128 12136 Bytes 03/07/2021 17:47:12 xbv00228.vdf : 8.18.35.130 35688 Bytes 03/07/2021 17:47:12 xbv00229.vdf : 8.18.35.132 31080 Bytes 03/07/2021 17:47:12 xbv00230.vdf : 8.18.35.134 13672 Bytes 03/07/2021 17:47:12 xbv00231.vdf : 8.18.35.136 8552 Bytes 03/07/2021 17:47:12 xbv00232.vdf : 8.18.35.138 11624 Bytes 03/07/2021 17:47:12 xbv00233.vdf : 8.18.35.140 3432 Bytes 03/07/2021 17:47:12 xbv00234.vdf : 8.18.35.142 22888 Bytes 03/07/2021 17:47:12 xbv00235.vdf : 8.18.35.144 9064 Bytes 04/07/2021 17:59:58 xbv00236.vdf : 8.18.35.146 46952 Bytes 04/07/2021 17:59:59 xbv00237.vdf : 8.18.35.148 11624 Bytes 04/07/2021 17:59:59 xbv00238.vdf : 8.18.35.150 6504 Bytes 04/07/2021 17:59:59 xbv00239.vdf : 8.18.35.152 8552 Bytes 04/07/2021 18:00:00 xbv00240.vdf : 8.18.35.154 7016 Bytes 04/07/2021 18:00:00 xbv00241.vdf : 8.18.35.156 10600 Bytes 04/07/2021 18:00:01 xbv00242.vdf : 8.18.35.158 3432 Bytes 04/07/2021 18:00:01 xbv00243.vdf : 8.18.35.160 20328 Bytes 04/07/2021 18:00:01 xbv00244.vdf : 8.18.35.162 8552 Bytes 04/07/2021 18:00:02 xbv00245.vdf : 8.18.35.164 7016 Bytes 04/07/2021 18:00:02 local001.vdf : 8.18.35.164 93596672 Bytes 04/07/2021 18:01:58 aebb.dll : 8.1.4.2021 72944 Bytes 19/03/2021 16:54:19 aecore.dll : 8.3.24.2021 290784 Bytes 17/06/2021 02:12:40 aecrypto.dll : 8.2.1.2021 145184 Bytes 19/03/2021 16:54:19 aedroid.dll : 8.4.14.2021 2821952 Bytes 19/03/2021 16:54:20 aeemu.dll : 8.1.3.2021 422032 Bytes 19/03/2021 16:54:20 aeexp.dll : 8.4.6.2021 407144 Bytes 23/04/2021 15:10:55 aegen.dll : 8.1.9.2021 743064 Bytes 17/06/2021 02:12:40 aehelp.dll : 8.3.7.2021 303112 Bytes 19/03/2021 16:54:21 aeheur.dll : 8.1.9.2021 11182144 Bytes 03/07/2021 17:46:58 aelibinf.dll : 8.2.1.2021 81248 Bytes 13/04/2021 19:46:55 aeml.dll : 8.0.2.2021 348488 Bytes 19/03/2021 16:54:27 aemobile.dll : 8.1.22.2021 364504 Bytes 13/04/2021 19:46:56 aeoffice.dll : 8.5.3.2021 879928 Bytes 03/07/2021 17:47:03 aepack.dll : 8.5.2.2021 844064 Bytes 21/06/2021 12:29:37 aerdl.dll : 8.2.3.2021 1291432 Bytes 28/04/2021 14:22:12 aesbx.dll : 8.2.22.2021 1669488 Bytes 19/03/2021 16:54:29 aescn.dll : 8.3.10.2021 166936 Bytes 05/06/2021 18:34:38 aescript.dll : 8.3.7.2021 1293288 Bytes 17/06/2021 02:12:49 aevdf.dll : 8.3.3.2021 157640 Bytes 19/03/2021 16:54:29 Configuration settings for the scan: AutoActionOnDetection: off Network scanning enabled: on Upload to cloud enabled: on Upload to cloud confirmation needed: off DetectionUnpackedGen: off DetectionDamagedGen: off Maximum number of clients: 10 Heuristic macro: 1 Heuristic files: 2 Scan archives: on Smart extensions: on Archive scan types: Limit recursion depth: on Recursion depth: 20 Maximum unpack size: 1073741824 Unpack ratio: 250 Excluded files: Início da varredura: 2021-07-04 15:11:01 --------------------------------------------------------- End of scan : 2021-07-04 15:11:20 Duration : 00m:18s:626ms The scan has been done completely. 73 Scanned directories 4 Scanned archives 135 Scanned files 0 Skipped files 0 Ignored files 0 Detected files 0 Infected files cleaned 0 Warnings --------------------------------------------------------- avz_log AVZ Toolkit log; AVZ version is 5.50 Scanning started at 04.07.2021 15:21:46 Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 04.07.2021 16:00 Heuristic microprograms loaded: 416 PVS microprograms loaded: 10 Digital signatures of system files loaded: 1213596 Heuristic analyzer mode: Medium heuristics mode Malware removal mode: disabled Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Professional" () x32, install date 21.05.2006 02:37:38 System Restore: enabled 1. Searching for Rootkits and other software intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Error searching KeServiceDescriptorTable in ntkrnlpa.exe Error searching KeServiceDescriptorTable in ntkrnlpa.exe Error searching KeServiceDescriptorTable in ntkrnlpa.exe 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed 1.5 Checking IRP handlers Error loading driver - operation interrupted [C0000061] 2. Scanning RAM Number of processes found: 25 Number of modules loaded: 356 Scanning RAM - complete 3. Scanning disks 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) C:\PROGRA~1\MICROS~1\Office14\1046\GrooveIntlResource.dll --> Suspicion for Keylogger or Trojan DLL C:\PROGRA~1\MICROS~1\Office14\1046\GrooveIntlResource.dll>>> Behaviour analysis Behaviour typical for keyloggers was not detected Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs 6. Searching for opened TCP/UDP ports used by malicious software Checking - disabled by user 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: TermService (Serviços de Área de Trabalho Remota) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled >> Security: sending Remote Assistant queries is enabled >> Windows Explorer - show extensions of known file types Checking - complete 9. Troubleshooting wizard >> HDD autorun is allowed >> Network drives autorun is allowed >> Removable media autorun is allowed Checking - complete Files scanned: 394, extracted from archives: 0, malicious software found 0, suspicions - 0 Scanning finished at 04.07.2021 15:23:21 Time of scanning: 00:01:39
-
Boa tarde, DigRam! Seguem os logs da FRST e do UsbFix. Para fazer a correção indicada, tive que desabilitar o antivírus. E quando fui utilizar o modem usb para acessar a internet, novamente foi identificado um arquivo autorun.inf. Obrigado. Fixlog: Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 03-07-2021 Executado por User (03-07-2021 15:46:42) Run:6 Executando a partir de C:\Users\User\Desktop Perfis Carregados: User & Auditorio & Aula & secretaria & Teste Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** emptytemp: hosts: reboot: ***************** C:\Windows\System32\Drivers\etc\hosts => movido com sucesso Hosts restaurado com sucesso. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9440488 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 2975 B Edge => 0 B Chrome => 8616706 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 0 B LocalService => 0 B NetworkService => 0 B User => 7167388 B Auditorio => 7167388 B Aula => 7167388 B secretaria => 7167388 B Teste => 7167388 B RecycleBin => 0 B EmptyTemp: => 59.4 MB de dados temporários Removidos. ================================ O sistema precisou ser reiniciado. ==== Fim de Fixlog 15:46:50 ==== UsbFix log: # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : USB [Monitor] # User : User (Administrator) # Device : USER-PC # Started : 03/07/2021 15:56:29 # ---------------------------------------------------- ------------ | Analyzed disks | E:\ CDFS (0GB/28GB) [CDROM] ------------ | Infected elements | Not deleted ! E:\Windows\AutoRun.exe ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe, 04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" 04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min Task - Avira_Security_Service_SCM_Watchdog --> C:\Program Files\Avira\Security\Avira.Spotlight.Service.Worker.exe HandleServiceControlManagerEvent 7000 Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe" Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync ------------ | E:\ - CD-ROM (CDFS) | [17/04/2013 - 10:45:09 | R | 0 Ko] - autorun.inf [25/04/2013 - 12:58:44 | D] - Windows [25/04/2013 - 13:07:06 | D] - Mac [25/04/2013 - 14:00:40 | D] - Linux Infected elements : 1 Analyzed elements : 9158 in 00h 00m 04s # UsbFix-Report-63.txt [2960B] ------------ | E.O.F | # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : Windows # User : User (Administrator) # Device : USER-PC # Started : 03/07/2021 16:28:45 # ---------------------------------------------------- ------------ | Analyzed disks | C:\ NTFS (22GB/56GB) [Fixed] ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe, 04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" 04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min Task - Avira_Security_Service_SCM_Watchdog --> C:\Program Files\Avira\Security\Avira.Spotlight.Service.Worker.exe HandleServiceControlManagerEvent 7000 Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe" Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync ------------ | C:\ %SystemDrive% - Fixed drive (NTFS) | [10/06/2009 - 18:42:20 | A | 0 Ko] - config.sys [03/07/2021 - 15:48:04 | ASH | 1565320 Ko] - hiberfil.sys [03/07/2021 - 15:48:07 | ASH | 2087096 Ko] - pagefile.sys [10/06/2021 - 18:51:28 | SHD] - Config.Msi [26/04/2021 - 10:10:37 | SHD] - $Recycle.Bin [10/06/2009 - 18:42:20 | A | 0 Ko] - autoexec.bat [10/04/2006 - 00:02:19 | SHD] - found.000 [21/05/2006 - 02:37:26 | SHD] - Arquivos de Programas [21/05/2006 - 02:37:27 | SHD] - Recovery [13/07/2009 - 23:37:05 | D] - PerfLogs [14/07/2009 - 01:53:55 | SHD] - Documents and Settings [28/03/2017 - 17:59:14 | RHD] - MSOCache [27/09/2017 - 18:30:02 | D] - hp12c [10/06/2019 - 17:53:24 | D] - a742de876fe6412155d5cb816aac101b [19/04/2021 - 15:06:47 | HD] - ProgramData [26/04/2021 - 10:10:18 | RD] - Users [05/06/2021 - 17:14:55 | RD] - Program Files [02/07/2021 - 09:32:55 | D] - Windows [03/07/2021 - 15:51:03 | D] - FRST Infected elements : 0 Analyzed elements : 30345 in 00h 00m 08s # UsbFix-Report-64.txt [3691B] ------------ | E.O.F |
-
Segue o log Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 01-07-2021 Executado por User (02-07-2021 09:27:07) Run:1 Executando a partir de C:\Users\User\Desktop Perfis Carregados: User & Auditorio & Aula & secretaria & Teste Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** CloseProcesses: HKLM\...\Run: [] => [X] HKLM\...\RunOnce: [] => [X] HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {4e4d4976-a443-11eb-baec-00030d6d7281} - E:\Windows/AutoRun.exe HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\Run: [] => [X] HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = VirusTotal: C:\Users\User\AppData\Roaming\skujmyc\avisyfw32.exe Folder: C:\Users\User\AppData\Roaming\skujmyc EmptyTemp: Reboot: Hosts: ***************** Processos fechados com sucesso. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso. "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\" => não encontrado (a) HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d6e9a60-3668-11ea-9d2d-00030d6d7281} => removido (a) com sucesso. HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e4d4976-a443-11eb-baec-00030d6d7281} => removido (a) com sucesso. HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d6e9a60-3668-11ea-9d2d-00030d6d7281} => removido (a) com sucesso. "HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\Software\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso. HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => valor restaurado com sucesso HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removido (a) com sucesso. "VirusTotal: C:\Users\User\AppData\Roaming\skujmyc\avisyfw32.exe" => não encontrado (a) ========================= Folder: C:\Users\User\AppData\Roaming\skujmyc ======================== não encontrado (a). ====== Fim de Folder: ====== Não pode ser movido "C:\Windows\System32\Drivers\etc\hosts" => Agendado para ser movido na reinicialização. =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5365359 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 21816 B Edge => 0 B Chrome => 60260297 B Firefox => 57062755 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 66228 B Public => 66228 B ProgramData => 66228 B systemprofile => 29733712 B LocalService => 29865956 B NetworkService => 29937160 B User => 40014951 B Auditorio => 63108124 B Aula => 109510688 B secretaria => 111162566 B Teste => 128702250 B RecycleBin => 0 B EmptyTemp: => 642.1 MB de dados temporários Removidos. ================================ Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 02-07-2021 09:35:56) "C:\Windows\System32\Drivers\etc\hosts" => Não pode ser movido. Não foi possível restaurar Hosts. ==== Fim de Fixlog 09:35:57 ====
-
Foi encontrado um arquivo no modem de acesso a internet autorun.ini na unidade E: Foi feito um exame com USBfix , seguem os logs incluindo o FRST Desde de já agradeço a atenção dada FRST Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 05-06-2021 01 Executado por User (administrador) em USER-PC (Standard L41II8 anf L41II9) (05-06-2021 16:19:27) Executando a partir de C:\Users\User\Desktop Perfis Carregados: User Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil) Navegador padrão: IE Modo da Inicialização: Normal ==================== Processos (Whitelisted) ================= (Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Security\Avira.Spotlight.Service.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\VPN\Avira.VpnService.exe (Google Inc -> Google Inc.) C:\Program Files\Google\Update\GoogleUpdate.exe <2> (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10> (Google LLC -> Google LLC) C:\Program Files\Google\Update\Install\{0EE6530F-1A84-4413-AA98-D1643A0EE2AD}\91.0.4472.77_90.0.4430.212_chrome_updater.exe (Google LLC -> Google LLC) C:\Program Files\Google\Update\Install\{0EE6530F-1A84-4413-AA98-D1643A0EE2AD}\CR_979D9.tmp\setup.exe <2> (Google LLC -> Google) C:\Users\User\AppData\Local\Google\Chrome\User Data\SwReporter\90.262.200\software_reporter_tool.exe <4> (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe (MEDIATEK INC. -> Mediatek Inc.) [Arquivo não assinado] C:\Program Files\MediatekWiFi\Common\RaUI.exe (MEDIATEK INC. -> Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaRegistry.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\lpksetup.exe (SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> ) C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe (SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> ) C:\Program Files\UsbFix\UsbFix.exe <4> (ZTE CORPORATION -> ) C:\Program Files\Claro 3G\CMUpdater.exe (ZTE CORPORATION -> ) C:\Program Files\Claro 3G\UIMain.exe ==================== Registro (Whitelisted) =================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [706192 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) HKLM\...\Run: [] => [X] HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\RunOnce: [] => [X] HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {4e4d4976-a443-11eb-baec-00030d6d7281} - E:\Windows/AutoRun.exe HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\Run: [] => [X] HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd -> Piriform Ltd) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC) HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-04-20] (Adobe Inc. -> Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2021-06-05] ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files\MediatekWiFi\Common\RaUI.exe (MEDIATEK INC. -> Mediatek Inc.) [Arquivo não assinado] ==================================================================================================================================================== FRST-Addition Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 05-06-2021 01 Executado por User (05-06-2021 16:24:16) Executando a partir de C:\Users\User\Desktop Microsoft Windows 7 Professional Service Pack 1 (X86) (2006-05-21 05:37:38) Modo da Inicialização: Normal ========================================================== ==================== Contas: ============================= Administrador (S-1-5-21-2968044519-3865384213-3263409630-500 - Administrator - Disabled) Auditorio (S-1-5-21-2968044519-3865384213-3263409630-1005 - Limited - Disabled) => C:\Users\Auditorio Aula (S-1-5-21-2968044519-3865384213-3263409630-1006 - Limited - Disabled) => C:\Users\Aula Convidado (S-1-5-21-2968044519-3865384213-3263409630-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2968044519-3865384213-3263409630-1004 - Limited - Enabled) secretaria (S-1-5-21-2968044519-3865384213-3263409630-1007 - Limited - Enabled) => C:\Users\secretaria Teste (S-1-5-21-2968044519-3865384213-3263409630-1008 - Limited - Enabled) => C:\Users\Teste User (S-1-5-21-2968044519-3865384213-3263409630-1000 - Administrator - Enabled) => C:\Users\User ==================== Central de Segurança ======================== (Se uma entrada for incluída na fixlist, será removida.) AV: Avira Antivirus (Enabled - Up to date) {8EAC8D5C-B3AA-95AA-3DF1-2845CDD09CBE} AS: Avira Antivirus (Enabled - Up to date) {35CD6CB8-9590-9A24-0741-1337B657D603} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Programas Instalados ====================== (Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated) Avira (HKLM\...\{21098ed5-59e9-4203-b79e-63f3c373e022}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden Avira (HKLM\...\{2CA8B2E7-B4B7-4553-83E6-448A543EA5AD}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.2104.2083 - Avira Operations GmbH & Co. KG) Hidden Avira Phantom VPN (HKLM\...\Avira Phantom VPN) (Version: 2.37.4.17510 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM\...\Avira Security_is1) (Version: 1.1.49.18598 - Avira Operations GmbH & Co. KG) Hidden Avira Security (HKLM\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;) Avira Software Updater (HKLM\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG) Hidden Avira System Speedup (HKLM\...\Avira System Speedup_is1) (Version: 6.9.0.11050 - Avira Operations GmbH & Co. KG) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform) Claro 3G (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) D-Link DWA-131 - V5.02b04 (HKLM\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version: 5.00.0000 - D-Link) Google Chrome (HKLM\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC) Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) K-Lite Mega Codec Pack 11.3.6 (HKLM\...\KLiteCodecPack_is1) (Version: 11.3.6 - ) Mediatek RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.101 - MediatekWiFi) Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation) Microsoft .NET Framework 4.8 (Português (Brasil)) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.8.03761 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 64.0.2 (x86 pt-BR) (HKLM\...\Mozilla Firefox 64.0.2 (x86 pt-BR)) (Version: 64.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla) Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) UsbFix Anti-Malware Premium (HKLM\...\Usbfix) (Version: 11.0.3.2 - SOSVirus (SOSVirus.Net)) WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) ==================== Exame Personalizado CLSID (Whitelisted): ============== (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-12-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-12-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-12-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (win.rar GmbH -> Alexander Roshal) ==================== Codecs (Whitelisted) ==================== (Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.) HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3591680 2015-02-28] (x264vfw project) [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [240128 2015-06-22] () [Arquivo não assinado] HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112128 2015-08-03] () [Arquivo não assinado] HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler) [Arquivo não assinado] ==================== Atalhos & WMI ======================== (As entradas podem ser listadas para serem restauradas ou removidas.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Módulos Carregados (Whitelisted) ============= 2019-07-26 18:42 - 2009-05-01 11:51 - 001069056 _____ (Cisco Systems, Inc.) [Arquivo não assinado] C:\Program Files\MediatekWiFi\Common\CiscoEapFast.dll 2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ==================== Alternate Data Streams (Whitelisted) ======== ==================== Modo de Segurança (Whitelisted) ================== ==================== Associação (Whitelisted) ================= ==================== Internet Explorer (Versão 11) (Whitelisted) ========== HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/ HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/pt-br/?ocid=iehp HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts Conteúdo: ========================= (Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.) 2009-07-13 23:04 - 2009-06-10 18:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Outras Áreas =========================== (Atualmente não há nenhuma correção automática para esta seção.) HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2968044519-3865384213-3263409630-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Auditorio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Aula\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\secretaria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2968044519-3865384213-3263409630-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Teste\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.43.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Firewall do Windows está habilitado. ==================== MSCONFIG/TASK MANAGER ítens desabilitados == (Se uma entrada for incluída na fixlist, será removida.) MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR ==================== Regras do Firewall (Whitelisted) ================ (Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.) FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [{693D4740-FB12-4B3F-B7BE-F7D883014547}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{DCB374FE-8789-471F-AADB-9394FC4DBD1B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{CE8CBC0B-07D1-4AAD-8FEF-1A9C43BAB48C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{6FD5CA16-B1BA-4B62-B9B6-3421D210FA94}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{174D11B4-5251-4D07-A15E-9C9D5876A97A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{B5697BB9-C96F-4A63-BCF5-E56E197B7BF2}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek) FirewallRules: [{FF056310-57AF-405E-A347-F356F222EBCC}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\PortableWiFi.exe (D-LINK CORPORATION -> D-Link Corp.) FirewallRules: [{6AA5A65C-C670-40D3-9138-BF20056B41F8}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe (Ralink) [Arquivo não assinado] FirewallRules: [{C2E38C2D-E9C2-45F2-8F8F-76BCE370F2B9}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe (Ralink) [Arquivo não assinado] FirewallRules: [{D9632D92-5854-404D-8938-6D32B0C8F19C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{6373FBFE-E103-4462-A4B5-5038ADCF9A1D}] => (Block) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{D82718DB-BD9B-4847-9D01-BE69D3949FD2}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) FirewallRules: [{0A625BEB-BC15-4D53-91D8-AD2973329779}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) ==================== Pontos de Restauração ========================= 28-05-2021 12:06:35 Ponto de Verificação Agendado ==================== Dispositivos Apresentando Falhas No Gerenciador ============ ==================== Erros no Log de eventos: ======================== Erros em Aplicativos: ================== Error: (06/05/2021 03:59:14 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={C7675311-F968-4D59-B80C-F1F04910A8F1}: o usuário User-PC\User discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 633. Error: (06/05/2021 03:59:04 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={3F1D5EB8-9F55-4145-A050-C2F1155DB138}: o usuário User-PC\User discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 633. Error: (06/05/2021 03:21:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (06/02/2021 10:38:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/31/2021 02:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/28/2021 01:49:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/28/2021 10:55:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (05/28/2021 10:40:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Erros de Sistema: ============= Error: (06/05/2021 04:16:52 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT) Description: O seguinte alerta fatal foi recebido: 70. Error: (06/05/2021 04:03:51 PM) (Source: Server) (EventID: 2505) (User: ) Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{4FD35F81-BB13-4102-90B0-385B371E2834} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor. Error: (06/05/2021 04:02:37 PM) (Source: Server) (EventID: 2505) (User: ) Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{4FD35F81-BB13-4102-90B0-385B371E2834} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor. Error: (06/05/2021 04:01:31 PM) (Source: Server) (EventID: 2505) (User: ) Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{4FD35F81-BB13-4102-90B0-385B371E2834} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor. Error: (06/05/2021 03:57:55 PM) (Source: Server) (EventID: 2505) (User: ) Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7947425-9DE5-41EC-B41C-2433C7CDD62D} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor. Error: (06/05/2021 03:26:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Não foi possível iniciar o serviço Serviço de Compartilhamento de Rede do Windows Media Player devido ao seguinte erro: O serviço não respondeu à requisição de início ou controle em tempo hábil. Error: (06/05/2021 03:26:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Serviço de Compartilhamento de Rede do Windows Media Player. Error: (06/05/2021 03:25:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Microsoft .NET Framework NGEN v4.0.30319_X86. ==================== Informações da Memória =========================== BIOS: Standard 1.10 03/15/2007 placa-mãe: Standard L41II8 anf L41II9 Processador: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz Percentagem de memória em uso: 89% RAM física total: 2038.18 MB RAM física disponível: 207.75 MB Virtual Total: 4076.36 MB Virtual disponível: 1334.96 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.79 GB) (Free:21.67 GB) NTFS Drive e: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS \\?\Volume{94b629c0-e884-11da-8c87-806e6f6e6963}\ (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Tabela de Partições ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: 0001791D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS) ==================== Fim de Addition.txt ======================= =========================================================================================== USB Fix -log 1 # ---------------------------------------------------- # UsbFix Antivirus Premium # ---------------------------------------------------- # Version : 11.032 # Database : # Contact : https://www.usb-antivirus.com/contact # ---------------------------------------------------- # Scan type : USB # User : User (Administrator) # Device : USER-PC # Started : 05/06/2021 15:46:59 # ---------------------------------------------------- ------------ | Analyzed disks | No devices detected for this scan type. ------------ | Infected elements | ~ No element detected ~ ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe, 04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" 04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04GS - Start.lnk : C:\Users\User\AppData\Roaming\skujmyc\avisyfw32.exe 04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe" Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync Infected elements : 0 Analyzed elements : 23109 in 00h 00m 20s # UsbFix-Report-01.txt [2665B] ------------ | E.O.F | ===================================================================================================================== USB FIX log 2 ------------ | Infected elements | Deleted! C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk ------------ | Run | F2 - HKLM\..\Winlogon : [Shell] explorer.exe F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe, 04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" 04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe 04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe 04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices 04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun 04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe 04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe ------------ | Tasks | Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe" Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe" Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync ------------ | C:\ %SystemDrive% - Fixed drive (NTFS) | [10/06/2009 - 18:42:20 | A | 0 Ko] - config.sys [05/06/2021 - 15:19:46 | ASH | 1565320 Ko] - hiberfil.sys [05/06/2021 - 15:19:49 | ASH | 2087096 Ko] - pagefile.sys [12/05/2021 - 11:02:17 | SHD] - Config.Msi [26/04/2021 - 10:10:37 | SHD] - $Recycle.Bin [10/06/2009 - 18:42:20 | A | 0 Ko] - autoexec.bat [10/04/2006 - 00:02:19 | SHD] - found.000 [21/05/2006 - 02:37:26 | SHD] - Arquivos de Programas [21/05/2006 - 02:37:27 | SHD] - Recovery [13/07/2009 - 23:37:05 | D] - PerfLogs [14/07/2009 - 01:53:55 | SHD] - Documents and Settings [28/03/2017 - 17:59:14 | RHD] - MSOCache [27/09/2017 - 18:30:02 | D] - hp12c [10/06/2019 - 17:53:24 | D] - a742de876fe6412155d5cb816aac101b [19/04/2021 - 15:06:47 | HD] - ProgramData [26/04/2021 - 10:10:18 | RD] - Users [12/05/2021 - 11:00:13 | D] - Windows [05/06/2021 - 15:45:04 | RD] - Program Files Infected elements : 2 Analyzed elements : 30388 in 00h 00m 14s # UsbFix-Report-03.txt [3570B] ------------ | E.O.F |
-
Segue a primeira ação com base na LGPD, uma das ações punitivas foi o cancelamento do domínio o que em tempos atuais é vital https://www.mpdft.mp.br/portal/index.php/comunicacao-menu/sala-de-imprensa/noticias/noticias-2020/12384-mpdft-ajuiza-1-acao-civil-publica-com-base-na-lgpd#:~:text=O%20Minist%C3%A9rio%20P%C3%BAblico%20do%20Distrito,%2Dfeira%2C%2021%20de%20agosto.
-
lucianouru started following RUY
-
RUY started following [Resolvido] Carregando janelas com dados processados em PHP, [Resolvido] Erro com T_wile, [Resolvido!] Computar infectado 23 vezes and and 1 other
-
Na verdade a promoção acabou hoje
-
Garçom, libera todas hoje a rodada é por minha conta
-
O que é bom para eles ?! As letras do Bonde do role ?! A MTV não conta. Para eles só é bom o que ta na moda http://forum.imasters.com.br/public/style_emoticons/default/thumbsup.gif Um dos milhares de motivos do por que não assisto televisão. De acordo Aproveitando:Thelon você e Isa(já que não estão bebendo) estaõ convidados a conhecer me casebre pré-fabricado na foto vocês vão entender por que os demais não poderão ir.
-
To pagando uma rodada especial pelo aniversário do Imasters
-
Onde você que tomar umas? Na paróquia ou na irlanda
-
Garçom mais uma hoje eu vou pegar meu RG já tive uma quinta sem energia eletrica olha como eu to
-
Ouve a história toda Joãozinho estava brincando no playground da escola, qdo viu o carro do seu pai passando em direção ao mato atrás da escola... Ele seguiu o carro e viu seu pai e tia Jane, se abraçando apaixonadamente!! Joãozinho achou isso tão excitante, que não se conteve e correu pra casa para contar pra sua mãe o que tinha visto ... — Mamãe, mamãe, eu estava no playground DA escola, qdo vi o carro do papai Indo pro mato com a tia Jane dentro ... Eu fui atrás pra ver e ele tava dando o maior beijo na tia Jane....depois ele a ajudou a tirar sua blusa .. aí a tia Jane ajudou o papai a tirar suas calças e depois a tia Jane ...' Nesse ponto a Mamãe o interrompeu e disse : — Joãozinho, essa é uma estória tão interessante, que tal você guardar o resto dela pra hora do jantar?....Eu quero ver a cara do seu pai, qdo você contar tudo isso hoje à noite.'...... Na hora do jantar, a Mamãe pediu pro Joãozinho pra contar sua estória ... Joãozinho começou a sua estória: — Eu tava brincando no playground DA escola, qdo vi o carro do papai Indo pro mato com a tia Jane dentro ... aí, fui correndo atrás pra ver e ele tava dando o maior beijo na tia Jane... aí ele a ajudou a tirar sua blusa .. aí a tia Jane ajudou o papai a tirar suas calcas e depois a tia Jane e o Papai começaram a fazer as mesmas coisas que a Mamãe e o tio Bill faziam, quando o Papai estava no exército ... A mamãe desmaiou! Moral da estória : As vezes, é preciso ouvir toda a estória, antes de interrompermos