Jump to content
RUY

Arquivo Suspeito - Autorum.ini

Recommended Posts

Foi encontrado um arquivo no modem de acesso a internet autorun.ini na unidade E: 

Foi feito um exame com USBfix , seguem os logs incluindo o FRST

 

Desde de já agradeço a atenção dada

 

FRST

Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 05-06-2021 01
Executado por User (administrador) em USER-PC (Standard L41II8 anf L41II9) (05-06-2021 16:19:27)
Executando a partir de C:\Users\User\Desktop
Perfis Carregados: User
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Idioma: Português (Brasil)
Navegador padrão: IE
Modo da Inicialização: Normal

==================== Processos (Whitelisted) =================

(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\VPN\Avira.VpnService.exe
(Google Inc -> Google Inc.) C:\Program Files\Google\Update\GoogleUpdate.exe <2>
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(Google LLC -> Google LLC) C:\Program Files\Google\Update\Install\{0EE6530F-1A84-4413-AA98-D1643A0EE2AD}\91.0.4472.77_90.0.4430.212_chrome_updater.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Update\Install\{0EE6530F-1A84-4413-AA98-D1643A0EE2AD}\CR_979D9.tmp\setup.exe <2>
(Google LLC -> Google) C:\Users\User\AppData\Local\Google\Chrome\User Data\SwReporter\90.262.200\software_reporter_tool.exe <4>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(MEDIATEK INC. -> Mediatek Inc.) [Arquivo não assinado] C:\Program Files\MediatekWiFi\Common\RaUI.exe
(MEDIATEK INC. -> Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> ) C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe
(SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> ) C:\Program Files\UsbFix\UsbFix.exe <4>
(ZTE CORPORATION -> ) C:\Program Files\Claro 3G\CMUpdater.exe
(ZTE CORPORATION -> ) C:\Program Files\Claro 3G\UIMain.exe

==================== Registro (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [706192 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [] => [X]
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {4e4d4976-a443-11eb-baec-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\Run: [] => [X]
HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-04-20] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2021-06-05]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files\MediatekWiFi\Common\RaUI.exe (MEDIATEK INC. -> Mediatek Inc.) [Arquivo não assinado]
====================================================================================================================================================

FRST-Addition

Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 05-06-2021 01
Executado por User (05-06-2021 16:24:16)
Executando a partir de C:\Users\User\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2006-05-21 05:37:38)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2968044519-3865384213-3263409630-500 - Administrator - Disabled)
Auditorio (S-1-5-21-2968044519-3865384213-3263409630-1005 - Limited - Disabled) => C:\Users\Auditorio
Aula (S-1-5-21-2968044519-3865384213-3263409630-1006 - Limited - Disabled) => C:\Users\Aula
Convidado (S-1-5-21-2968044519-3865384213-3263409630-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2968044519-3865384213-3263409630-1004 - Limited - Enabled)
secretaria (S-1-5-21-2968044519-3865384213-3263409630-1007 - Limited - Enabled) => C:\Users\secretaria
Teste (S-1-5-21-2968044519-3865384213-3263409630-1008 - Limited - Enabled) => C:\Users\Teste
User (S-1-5-21-2968044519-3865384213-3263409630-1000 - Administrator - Enabled) => C:\Users\User

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Avira Antivirus (Enabled - Up to date) {8EAC8D5C-B3AA-95AA-3DF1-2845CDD09CBE}
AS: Avira Antivirus (Enabled - Up to date) {35CD6CB8-9590-9A24-0741-1337B657D603}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Avira (HKLM\...\{21098ed5-59e9-4203-b79e-63f3c373e022}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM\...\{2CA8B2E7-B4B7-4553-83E6-448A543EA5AD}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.2104.2083 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM\...\Avira Phantom VPN) (Version: 2.37.4.17510 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM\...\Avira Security_is1) (Version: 1.1.49.18598 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM\...\AviraSecurityUninstaller) (Version:  - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM\...\Avira System Speedup_is1) (Version: 6.9.0.11050 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Claro 3G (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
D-Link DWA-131 - V5.02b04 (HKLM\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version: 5.00.0000 - D-Link)
Google Chrome (HKLM\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
K-Lite Mega Codec Pack 11.3.6 (HKLM\...\KLiteCodecPack_is1) (Version: 11.3.6 - )
Mediatek RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.101 - MediatekWiFi)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (Português (Brasil)) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x86 pt-BR) (HKLM\...\Mozilla Firefox 64.0.2 (x86 pt-BR)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
UsbFix Anti-Malware Premium (HKLM\...\Usbfix) (Version: 11.0.3.2 - SOSVirus (SOSVirus.Net))
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)

==================== Exame Personalizado CLSID (Whitelisted): ==============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-12-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-12-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-12-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3591680 2015-02-28] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [240128 2015-06-22] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112128 2015-08-03] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler) [Arquivo não assinado]

==================== Atalhos & WMI ========================

(As entradas podem ser listadas para serem restauradas ou removidas.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Módulos Carregados (Whitelisted) =============

2019-07-26 18:42 - 2009-05-01 11:51 - 001069056 _____ (Cisco Systems, Inc.) [Arquivo não assinado] C:\Program Files\MediatekWiFi\Common\CiscoEapFast.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Modo de Segurança (Whitelisted) ==================

==================== Associação (Whitelisted) =================

==================== Internet Explorer (Versão 11) (Whitelisted) ==========

HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/pt-br/?ocid=iehp
HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Conteúdo: =========================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2009-07-13 23:04 - 2009-06-10 18:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Outras Áreas ===========================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2968044519-3865384213-3263409630-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Auditorio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Aula\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\secretaria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2968044519-3865384213-3263409630-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Teste\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Se uma entrada for incluída na fixlist, será removida.)

MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

==================== Regras do Firewall (Whitelisted) ================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{693D4740-FB12-4B3F-B7BE-F7D883014547}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{DCB374FE-8789-471F-AADB-9394FC4DBD1B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{CE8CBC0B-07D1-4AAD-8FEF-1A9C43BAB48C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6FD5CA16-B1BA-4B62-B9B6-3421D210FA94}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{174D11B4-5251-4D07-A15E-9C9D5876A97A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B5697BB9-C96F-4A63-BCF5-E56E197B7BF2}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{FF056310-57AF-405E-A347-F356F222EBCC}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\PortableWiFi.exe (D-LINK CORPORATION -> D-Link Corp.)
FirewallRules: [{6AA5A65C-C670-40D3-9138-BF20056B41F8}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe (Ralink) [Arquivo não assinado]
FirewallRules: [{C2E38C2D-E9C2-45F2-8F8F-76BCE370F2B9}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe (Ralink) [Arquivo não assinado]
FirewallRules: [{D9632D92-5854-404D-8938-6D32B0C8F19C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6373FBFE-E103-4462-A4B5-5038ADCF9A1D}] => (Block) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{D82718DB-BD9B-4847-9D01-BE69D3949FD2}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{0A625BEB-BC15-4D53-91D8-AD2973329779}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Pontos de Restauração =========================

28-05-2021 12:06:35 Ponto de Verificação Agendado

==================== Dispositivos Apresentando Falhas No Gerenciador ============


==================== Erros no Log de eventos: ========================

Erros em Aplicativos:
==================
Error: (06/05/2021 03:59:14 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C7675311-F968-4D59-B80C-F1F04910A8F1}: o usuário User-PC\User discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 633.

Error: (06/05/2021 03:59:04 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3F1D5EB8-9F55-4145-A050-C2F1155DB138}: o usuário User-PC\User discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 633.

Error: (06/05/2021 03:21:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/02/2021 10:38:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/31/2021 02:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/28/2021 01:49:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/28/2021 10:55:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/28/2021 10:40:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Erros de Sistema:
=============
Error: (06/05/2021 04:16:52 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 70.

Error: (06/05/2021 04:03:51 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{4FD35F81-BB13-4102-90B0-385B371E2834} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.

Error: (06/05/2021 04:02:37 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{4FD35F81-BB13-4102-90B0-385B371E2834} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.

Error: (06/05/2021 04:01:31 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{4FD35F81-BB13-4102-90B0-385B371E2834} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.

Error: (06/05/2021 03:57:55 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7947425-9DE5-41EC-B41C-2433C7CDD62D} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.

Error: (06/05/2021 03:26:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Serviço de Compartilhamento de Rede do Windows Media Player devido ao seguinte erro: 
O serviço não respondeu à requisição de início ou controle em tempo hábil.

Error: (06/05/2021 03:26:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Serviço de Compartilhamento de Rede do Windows Media Player.

Error: (06/05/2021 03:25:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Microsoft .NET Framework NGEN v4.0.30319_X86.


==================== Informações da Memória =========================== 

BIOS: Standard 1.10 03/15/2007
placa-mãe: Standard L41II8 anf L41II9
Processador: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz
Percentagem de memória em uso: 89%
RAM física total: 2038.18 MB
RAM física disponível: 207.75 MB
Virtual Total: 4076.36 MB
Virtual disponível: 1334.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.79 GB) (Free:21.67 GB) NTFS
Drive e: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

\\?\Volume{94b629c0-e884-11da-8c87-806e6f6e6963}\ (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Tabela de Partições ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: 0001791D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== Fim de Addition.txt =======================

 

===========================================================================================

USB Fix -log 1

# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :  
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : USB
# User : User (Administrator)
# Device : USER-PC
# Started : 05/06/2021 15:46:59
# ----------------------------------------------------

------------ | Analyzed disks |

No devices detected for this scan type.

------------ | Infected elements |

~ No element detected ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Start.lnk : C:\Users\User\AppData\Roaming\skujmyc\avisyfw32.exe
04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe

------------ | Tasks |

Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall
Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe"
Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync

Infected elements : 0
Analyzed elements : 23109 in 00h 00m 20s

# UsbFix-Report-01.txt [2665B]

------------ | E.O.F  |
=====================================================================================================================

USB FIX log 2

------------ | Infected elements |

Deleted! C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe

------------ | Tasks |

Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall
Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe"
Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync

------------ | C:\ %SystemDrive% - Fixed drive (NTFS) |

[10/06/2009 - 18:42:20 | A | 0 Ko] - config.sys
[05/06/2021 - 15:19:46 | ASH | 1565320 Ko] - hiberfil.sys
[05/06/2021 - 15:19:49 | ASH | 2087096 Ko] - pagefile.sys
[12/05/2021 - 11:02:17 | SHD] - Config.Msi
[26/04/2021 - 10:10:37 | SHD] - $Recycle.Bin
[10/06/2009 - 18:42:20 | A | 0 Ko] - autoexec.bat
[10/04/2006 - 00:02:19 | SHD] - found.000
[21/05/2006 - 02:37:26 | SHD] - Arquivos de Programas
[21/05/2006 - 02:37:27 | SHD] - Recovery
[13/07/2009 - 23:37:05 | D] - PerfLogs
[14/07/2009 - 01:53:55 | SHD] - Documents and Settings
[28/03/2017 - 17:59:14 | RHD] - MSOCache
[27/09/2017 - 18:30:02 | D] - hp12c
[10/06/2019 - 17:53:24 | D] - a742de876fe6412155d5cb816aac101b
[19/04/2021 - 15:06:47 | HD] - ProgramData
[26/04/2021 - 10:10:18 | RD] - Users
[12/05/2021 - 11:00:13 | D] - Windows
[05/06/2021 - 15:45:04 | RD] - Program Files

Infected elements : 2
Analyzed elements : 30388 in 00h 00m 14s

# UsbFix-Report-03.txt [3570B]

------------ | E.O.F  |

Share this post


Link to post
Share on other sites

/!\ Boa Noite! RUY /!\


> Copie estas informações que estão no Spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as ao desktop! ( Área de trabalho ... )

 

7n1UbBWO_t.jpg

 

 

start::
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [] => [X]
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {4e4d4976-a443-11eb-baec-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\Run: [] => [X]
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
VirusTotal: C:\Users\User\AppData\Roaming\skujmyc\avisyfw32.exe
Folder: C:\Users\User\AppData\Roaming\skujmyc
EmptyTemp:
Reboot:
Hosts:
end::

 

IsRtnte.jpg

 

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde! 
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool". (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

 

< Este script foi elaborado exclusivamente para este computador,portanto peço aos visitantes que não o utilize em outras "máquinas". >

 

[]s

Share this post


Link to post
Share on other sites

Segue o log

 

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 01-07-2021
Executado por User (02-07-2021 09:27:07) Run:1
Executando a partir de C:\Users\User\Desktop
Perfis Carregados: User & Auditorio & Aula & secretaria & Teste
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [] => [X]
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {4e4d4976-a443-11eb-baec-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\Run: [] => [X]
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
VirusTotal: C:\Users\User\AppData\Roaming\skujmyc\avisyfw32.exe
Folder: C:\Users\User\AppData\Roaming\skujmyc
EmptyTemp:
Reboot:
Hosts:

*****************

Processos fechados com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso.
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\" => não encontrado (a)
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d6e9a60-3668-11ea-9d2d-00030d6d7281} => removido (a) com sucesso.
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e4d4976-a443-11eb-baec-00030d6d7281} => removido (a) com sucesso.
HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d6e9a60-3668-11ea-9d2d-00030d6d7281} => removido (a) com sucesso.
"HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\Software\Microsoft\Windows\CurrentVersion\Run\\" => removido (a) com sucesso.
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main\\"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => valor restaurado com sucesso
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removido (a) com sucesso.
"VirusTotal: C:\Users\User\AppData\Roaming\skujmyc\avisyfw32.exe" => não encontrado (a)

========================= Folder: C:\Users\User\AppData\Roaming\skujmyc ========================

não encontrado (a).

====== Fim de Folder: ======

Não pode ser movido "C:\Windows\System32\Drivers\etc\hosts" => Agendado para ser movido na reinicialização.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5365359 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 21816 B
Edge => 0 B
Chrome => 60260297 B
Firefox => 57062755 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 29733712 B
LocalService => 29865956 B
NetworkService => 29937160 B
User => 40014951 B
Auditorio => 63108124 B
Aula => 109510688 B
secretaria => 111162566 B
Teste => 128702250 B

RecycleBin => 0 B
EmptyTemp: => 642.1 MB de dados temporários Removidos.

================================

Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 02-07-2021 09:35:56)

"C:\Windows\System32\Drivers\etc\hosts" => Não pode ser movido.
Não foi possível restaurar Hosts.

==== Fim de Fixlog 09:35:57 ====

Share this post


Link to post
Share on other sites

/!\ Bom Dia! RUY /!\

 

Citar

"C:\Windows\System32\Drivers\etc\hosts" => Não pode ser movido.
Não foi possível restaurar Hosts.

==== Fim de Fixlog 09:35:57 ====

> Seria importante que o Hosts fosse restaurado.

 

start::

emptytemp:

hosts:

reboot:

end::

 

Copie estas informações ao Bloco de Notas.

Salve-as ao desktop,com o nome fixlist.

À seguir,abra a FRST e clique: Corrigir

Poste a Fixlog resultante!

 

[]s

 

Share this post


Link to post
Share on other sites

Boa tarde, DigRam!

 

Seguem os logs da FRST e do UsbFix. Para fazer a correção indicada, tive que desabilitar o antivírus. E quando fui utilizar o modem usb para acessar a internet, novamente foi identificado um arquivo autorun.inf.

 

Obrigado.

 

Fixlog:

 

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão: 03-07-2021
Executado por User (03-07-2021 15:46:42) Run:6
Executando a partir de C:\Users\User\Desktop
Perfis Carregados: User & Auditorio & Aula & secretaria & Teste
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
emptytemp:
hosts:
reboot:

*****************

C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9440488 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2975 B
Edge => 0 B
Chrome => 8616706 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
User => 7167388 B
Auditorio => 7167388 B
Aula => 7167388 B
secretaria => 7167388 B
Teste => 7167388 B

RecycleBin => 0 B
EmptyTemp: => 59.4 MB de dados temporários Removidos.

================================


O sistema precisou ser reiniciado.

==== Fim de Fixlog 15:46:50 ====

 

UsbFix log:

 

# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :  
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : USB [Monitor]
# User : User (Administrator)
# Device : USER-PC
# Started : 03/07/2021 15:56:29
# ----------------------------------------------------

------------ | Analyzed disks |

E:\    CDFS    (0GB/28GB)    [CDROM] 

------------ | Infected elements |

Not deleted ! E:\Windows\AutoRun.exe

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe

------------ | Tasks |

Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
Task - Avira_Security_Service_SCM_Watchdog --> C:\Program Files\Avira\Security\Avira.Spotlight.Service.Worker.exe HandleServiceControlManagerEvent 7000
Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall
Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe"
Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync

------------ | E:\ - CD-ROM (CDFS) |

[17/04/2013 - 10:45:09 | R | 0 Ko] - autorun.inf
[25/04/2013 - 12:58:44 | D] - Windows
[25/04/2013 - 13:07:06 | D] - Mac
[25/04/2013 - 14:00:40 | D] - Linux

Infected elements : 1
Analyzed elements : 9158 in 00h 00m 04s

# UsbFix-Report-63.txt [2960B]

------------ | E.O.F  |

 

 

# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :  
# Contact : https://www.usb-antivirus.com/contact
# ----------------------------------------------------
# Scan type : Windows
# User : User (Administrator)
# Device : USER-PC
# Started : 03/07/2021 16:28:45
# ----------------------------------------------------

------------ | Analyzed disks |

C:\    NTFS    (22GB/56GB)    [Fixed] 

------------ | Infected elements |

~ No element detected ~

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe

------------ | Tasks |

Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
Task - Avira_Security_Service_SCM_Watchdog --> C:\Program Files\Avira\Security\Avira.Spotlight.Service.Worker.exe HandleServiceControlManagerEvent 7000
Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall
Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe"
Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync

------------ | C:\ %SystemDrive% - Fixed drive (NTFS) |

[10/06/2009 - 18:42:20 | A | 0 Ko] - config.sys
[03/07/2021 - 15:48:04 | ASH | 1565320 Ko] - hiberfil.sys
[03/07/2021 - 15:48:07 | ASH | 2087096 Ko] - pagefile.sys
[10/06/2021 - 18:51:28 | SHD] - Config.Msi
[26/04/2021 - 10:10:37 | SHD] - $Recycle.Bin
[10/06/2009 - 18:42:20 | A | 0 Ko] - autoexec.bat
[10/04/2006 - 00:02:19 | SHD] - found.000
[21/05/2006 - 02:37:26 | SHD] - Arquivos de Programas
[21/05/2006 - 02:37:27 | SHD] - Recovery
[13/07/2009 - 23:37:05 | D] - PerfLogs
[14/07/2009 - 01:53:55 | SHD] - Documents and Settings
[28/03/2017 - 17:59:14 | RHD] - MSOCache
[27/09/2017 - 18:30:02 | D] - hp12c
[10/06/2019 - 17:53:24 | D] - a742de876fe6412155d5cb816aac101b
[19/04/2021 - 15:06:47 | HD] - ProgramData
[26/04/2021 - 10:10:18 | RD] - Users
[05/06/2021 - 17:14:55 | RD] - Program Files
[02/07/2021 - 09:32:55 | D] - Windows
[03/07/2021 - 15:51:03 | D] - FRST

Infected elements : 0
Analyzed elements : 30345 in 00h 00m 08s

# UsbFix-Report-64.txt [3691B]

------------ | E.O.F  |
 

 

Share this post


Link to post
Share on other sites

/!\ Olá! RUY /!\

 

------------ | Analyzed disks |

E:\    CDFS    (0GB/28GB)    [CDROM] 

------------ | Infected elements |

Not deleted ! E:\Windows\AutoRun.exe
---

---

> Configure seu antivírus (Avira),a executar escaneamento do AutoRun.exe. (Unidade E:\)

> Poste o resultado desse scan ou verificação!

> Tratando-se de falso positivo, você pode configurar o Avira a aceitar o arquivo em sua regra de exceção.

 

eqRQXOgw_t.jpg

 

Outro caminho,seria a verificação com a ferramenta da Kaspersky. (avz5rn)

"A arma secreta de Kaspersky
AVZ Antiviral Toolkit é um software gratuito e incrível disponível apenas para Windows, que faz parte da categoria Software de Segurança com subcategoria Antivírus."

 

Citar

 

DafPVeyr_t.jpg

 

Ao baixar a ferramenta,tire-a do Zip e encaminhe seu executável ao desktop.

Atualize-a clicando em "Database Update".

Ao concluir,dê início ao scan,clicando em "Start".

 

FxhH7C9t_t.jpg

 

Poste o relatório,disponibilizando-o ao desktop,ao clicar em "Save log".

 

[]s

Share this post


Link to post
Share on other sites

Boa Noite Digiran

 Avira-gpscan


Free Antivirus
Data do arquivo de relatório: 2021-07-04 15:10:59

Versão do Windows    : 6.1.7601
Modo de inicialização: Normalmente inicializado
Nome de usuário      : SISTEMA
Nome do computador   : USER-PC

Informações da versão:
build.dat            : 15.0.2104.2083   124402 Bytes  14/06/2021 16:15:48
scanui.exe           : 15.0.2104.2083  3319296 Bytes  23/04/2021 15:10:55
scanuirc.dll         : 1.0.2004.608    90488 Bytes  06/05/2020 01:32:04
gpscan.dll           : 15.0.2104.2083   936672 Bytes  23/04/2021 15:10:52
remediation.dll      : 1.0.2107.474  3395808 Bytes  03/07/2021 17:47:17
remediation.rdf      : 1.0.2107.474   653918 Bytes  03/07/2021 17:47:19
avreg.dll            : 15.0.2103.2080   640432 Bytes  19/03/2021 16:53:41
avlode.dll           : 15.0.2104.2083  3679272 Bytes  23/04/2021 15:10:45
avlode.rdf           : 15.0.2104.2083   216575 Bytes  23/04/2021 15:10:45
Versão do mecanismo  : 8.3.62.220
xbv00061.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:42
xbv00062.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:42
xbv00063.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:42
xbv00064.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:42
xbv00065.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:42
xbv00066.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:43
xbv00067.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:43
xbv00068.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:43
xbv00069.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:43
xbv00070.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:43
xbv00071.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:44
xbv00072.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:44
xbv00073.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:44
xbv00074.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:44
xbv00075.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:44
xbv00076.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:44
xbv00077.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:45
xbv00078.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:45
xbv00079.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:45
xbv00080.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:45
xbv00081.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:45
xbv00082.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:45
xbv00083.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:46
xbv00084.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:46
xbv00085.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:46
xbv00086.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:46
xbv00087.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:46
xbv00088.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:46
xbv00089.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:47
xbv00090.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:47
xbv00091.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:47
xbv00092.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:47
xbv00093.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:47
xbv00094.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:47
xbv00095.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:48
xbv00096.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:48
xbv00097.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:48
xbv00098.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:48
xbv00099.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:48
xbv00100.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:48
xbv00101.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:49
xbv00102.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:49
xbv00103.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:49
xbv00104.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:49
xbv00105.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:50
xbv00106.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:50
xbv00107.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:50
xbv00108.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:50
xbv00109.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:50
xbv00110.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:50
xbv00111.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:51
xbv00112.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:51
xbv00113.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:51
xbv00114.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:51
xbv00115.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:51
xbv00116.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:52
xbv00117.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:52
xbv00118.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:52
xbv00119.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:52
xbv00120.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:52
xbv00121.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:52
xbv00122.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:53
xbv00123.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:53
xbv00124.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:53
xbv00125.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:53
xbv00126.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:53
xbv00127.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:54
xbv00128.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:54
xbv00129.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:54
xbv00130.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:54
xbv00131.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:55
xbv00132.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:55
xbv00133.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:55
xbv00134.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:55
xbv00135.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:55
xbv00136.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:55
xbv00137.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:56
xbv00138.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:56
xbv00139.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:56
xbv00140.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:56
xbv00141.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:56
xbv00142.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:57
xbv00143.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:57
xbv00144.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:57
xbv00145.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:57
xbv00146.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:57
xbv00147.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:57
xbv00148.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:58
xbv00149.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:58
xbv00150.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:58
xbv00151.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:58
xbv00152.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:58
xbv00153.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:59
xbv00154.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:59
xbv00155.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:59
xbv00156.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:59
xbv00157.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:59
xbv00158.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:00:59
xbv00159.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:00
xbv00160.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:00
xbv00161.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:00
xbv00162.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:00
xbv00163.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:00
xbv00164.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:00
xbv00165.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:01
xbv00166.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:01
xbv00167.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:01
xbv00168.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:01
xbv00169.vdf         : 8.18.0.182      2408 Bytes  01/06/2020 23:01:01
xbv00246.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:14
xbv00247.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:14
xbv00248.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:14
xbv00249.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:14
xbv00250.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:14
xbv00251.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:15
xbv00252.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:15
xbv00253.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:15
xbv00254.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:15
xbv00255.vdf         : 8.18.35.10      2408 Bytes  03/07/2021 17:47:15
xbv00000.vdf         : 7.18.0.98   26622824 Bytes  01/06/2020 22:59:59
xbv00001.vdf         : 8.18.0.150   5592936 Bytes  01/06/2020 23:00:07
xbv00002.vdf         : 8.18.0.154  10489192 Bytes  01/06/2020 23:00:16
xbv00003.vdf         : 8.18.0.182   3298664 Bytes  01/06/2020 23:00:21
xbv00004.vdf         : 8.18.0.184   4118888 Bytes  01/06/2020 23:00:25
xbv00005.vdf         : 8.18.0.204   6638440 Bytes  01/06/2020 23:00:31
xbv00006.vdf         : 8.18.1.78     416616 Bytes  06/06/2020 19:39:37
xbv00007.vdf         : 8.18.1.192    478568 Bytes  08/06/2020 14:53:54
xbv00008.vdf         : 8.18.2.52     466792 Bytes  14/06/2020 22:54:46
xbv00009.vdf         : 8.18.2.166    478056 Bytes  14/06/2020 22:54:47
xbv00010.vdf         : 8.18.3.24     382312 Bytes  18/06/2020 21:42:35
xbv00011.vdf         : 8.18.3.154    501608 Bytes  15/12/2020 19:00:49
xbv00012.vdf         : 8.18.4.10     770408 Bytes  15/12/2020 19:00:52
xbv00013.vdf         : 8.18.4.124    283496 Bytes  15/12/2020 19:00:53
xbv00014.vdf         : 8.18.4.238    462696 Bytes  15/12/2020 19:00:59
xbv00015.vdf         : 8.18.5.44     224616 Bytes  15/12/2020 19:01:06
xbv00016.vdf         : 8.18.5.230    781160 Bytes  15/12/2020 19:01:12
xbv00017.vdf         : 8.18.6.110    783208 Bytes  15/12/2020 19:01:14
xbv00018.vdf         : 8.18.6.212   1197416 Bytes  15/12/2020 19:01:18
xbv00019.vdf         : 8.18.7.104   1189224 Bytes  15/12/2020 19:01:20
xbv00020.vdf         : 8.18.8.22    1059176 Bytes  15/12/2020 19:01:22
xbv00021.vdf         : 8.18.8.184   1195880 Bytes  15/12/2020 19:01:25
xbv00022.vdf         : 8.18.9.82    1190248 Bytes  15/12/2020 19:01:30
xbv00023.vdf         : 8.18.9.220   1213288 Bytes  15/12/2020 19:01:37
xbv00024.vdf         : 8.18.10.102  1269608 Bytes  15/12/2020 19:01:43
xbv00025.vdf         : 8.18.10.240  1232232 Bytes  15/12/2020 19:01:47
xbv00026.vdf         : 8.18.11.130  1225576 Bytes  15/12/2020 19:01:51
xbv00027.vdf         : 8.18.12.56   1005416 Bytes  15/12/2020 19:01:53
xbv00028.vdf         : 8.18.12.230   928104 Bytes  15/12/2020 19:01:55
xbv00029.vdf         : 8.18.13.152  1101160 Bytes  15/12/2020 19:01:57
xbv00030.vdf         : 8.18.14.78   1040232 Bytes  15/12/2020 19:01:59
xbv00031.vdf         : 8.18.14.242  1272168 Bytes  15/12/2020 19:02:01
xbv00032.vdf         : 8.18.15.166   916328 Bytes  15/12/2020 19:02:05
xbv00033.vdf         : 8.18.16.88   1223016 Bytes  15/12/2020 19:02:13
xbv00034.vdf         : 8.18.17.10   1170280 Bytes  15/12/2020 19:02:16
xbv00035.vdf         : 8.18.17.186  1148776 Bytes  15/12/2020 19:02:18
xbv00036.vdf         : 8.18.18.108   764776 Bytes  15/12/2020 19:02:20
xbv00037.vdf         : 8.18.19.26    554344 Bytes  04/01/2021 15:04:44
xbv00038.vdf         : 8.18.19.202   713064 Bytes  04/01/2021 15:04:44
xbv00039.vdf         : 8.18.20.122   694632 Bytes  04/01/2021 15:04:45
xbv00040.vdf         : 8.18.21.40    734056 Bytes  19/03/2021 16:54:30
xbv00041.vdf         : 8.18.21.180  1218408 Bytes  19/03/2021 16:54:32
xbv00042.vdf         : 8.18.22.102  1093992 Bytes  19/03/2021 16:54:33
xbv00043.vdf         : 8.18.23.20   1113448 Bytes  19/03/2021 16:54:34
xbv00044.vdf         : 8.18.23.174  1217896 Bytes  19/03/2021 16:54:35
xbv00045.vdf         : 8.18.24.100   962408 Bytes  19/03/2021 16:54:36
xbv00046.vdf         : 8.18.25.20    716136 Bytes  19/03/2021 16:54:37
xbv00047.vdf         : 8.18.25.234   739688 Bytes  19/03/2021 16:54:37
xbv00048.vdf         : 8.18.26.152   733544 Bytes  19/03/2021 16:54:38
xbv00049.vdf         : 8.18.27.70    951656 Bytes  13/04/2021 19:46:58
xbv00050.vdf         : 8.18.28.6     861544 Bytes  13/04/2021 19:47:00
xbv00051.vdf         : 8.18.28.184   837480 Bytes  13/04/2021 19:47:01
xbv00052.vdf         : 8.18.29.120  1113960 Bytes  19/04/2021 20:15:48
xbv00053.vdf         : 8.18.30.40    892776 Bytes  29/04/2021 14:54:54
xbv00054.vdf         : 8.18.30.214  1035112 Bytes  10/05/2021 19:15:51
xbv00055.vdf         : 8.18.31.148   754536 Bytes  25/05/2021 00:46:46
xbv00056.vdf         : 8.18.32.66    631656 Bytes  25/05/2021 00:46:48
xbv00057.vdf         : 8.18.32.240   784232 Bytes  05/06/2021 18:34:39
xbv00058.vdf         : 8.18.33.158   585064 Bytes  10/06/2021 18:15:06
xbv00059.vdf         : 8.18.34.92    510824 Bytes  21/06/2021 12:29:39
xbv00060.vdf         : 8.18.35.10    579944 Bytes  03/07/2021 17:47:05
xbv00170.vdf         : 8.18.35.12      8552 Bytes  03/07/2021 17:47:05
xbv00171.vdf         : 8.18.35.14     32104 Bytes  03/07/2021 17:47:05
xbv00172.vdf         : 8.18.35.16      8040 Bytes  03/07/2021 17:47:05
xbv00173.vdf         : 8.18.35.18     12136 Bytes  03/07/2021 17:47:05
xbv00174.vdf         : 8.18.35.20      7016 Bytes  03/07/2021 17:47:05
xbv00175.vdf         : 8.18.35.22      7016 Bytes  03/07/2021 17:47:06
xbv00176.vdf         : 8.18.35.24      7528 Bytes  03/07/2021 17:47:06
xbv00177.vdf         : 8.18.35.26      8040 Bytes  03/07/2021 17:47:06
xbv00178.vdf         : 8.18.35.28      7016 Bytes  03/07/2021 17:47:06
xbv00179.vdf         : 8.18.35.30      7016 Bytes  03/07/2021 17:47:06
xbv00180.vdf         : 8.18.35.32      6504 Bytes  03/07/2021 17:47:06
xbv00181.vdf         : 8.18.35.34      7528 Bytes  03/07/2021 17:47:06
xbv00182.vdf         : 8.18.35.36     13160 Bytes  03/07/2021 17:47:06
xbv00183.vdf         : 8.18.35.38     16232 Bytes  03/07/2021 17:47:06
xbv00184.vdf         : 8.18.35.40     10600 Bytes  03/07/2021 17:47:06
xbv00185.vdf         : 8.18.35.42      3432 Bytes  03/07/2021 17:47:06
xbv00186.vdf         : 8.18.35.44     20328 Bytes  03/07/2021 17:47:07
xbv00187.vdf         : 8.18.35.46     36712 Bytes  03/07/2021 17:47:07
xbv00188.vdf         : 8.18.35.48     29544 Bytes  03/07/2021 17:47:07
xbv00189.vdf         : 8.18.35.50     12136 Bytes  03/07/2021 17:47:07
xbv00190.vdf         : 8.18.35.52     10600 Bytes  03/07/2021 17:47:07
xbv00191.vdf         : 8.18.35.54     14184 Bytes  03/07/2021 17:47:07
xbv00192.vdf         : 8.18.35.56     13672 Bytes  03/07/2021 17:47:07
xbv00193.vdf         : 8.18.35.58      5480 Bytes  03/07/2021 17:47:07
xbv00194.vdf         : 8.18.35.60     19816 Bytes  03/07/2021 17:47:08
xbv00195.vdf         : 8.18.35.62     36200 Bytes  03/07/2021 17:47:08
xbv00196.vdf         : 8.18.35.64     10088 Bytes  03/07/2021 17:47:08
xbv00197.vdf         : 8.18.35.66     42856 Bytes  03/07/2021 17:47:08
xbv00198.vdf         : 8.18.35.68     35688 Bytes  03/07/2021 17:47:08
xbv00199.vdf         : 8.18.35.70      9576 Bytes  03/07/2021 17:47:08
xbv00200.vdf         : 8.18.35.72      2920 Bytes  03/07/2021 17:47:08
xbv00201.vdf         : 8.18.35.74      3432 Bytes  03/07/2021 17:47:09
xbv00202.vdf         : 8.18.35.76     31080 Bytes  03/07/2021 17:47:09
xbv00203.vdf         : 8.18.35.78      2920 Bytes  03/07/2021 17:47:09
xbv00204.vdf         : 8.18.35.80     15208 Bytes  03/07/2021 17:47:09
xbv00205.vdf         : 8.18.35.84     34152 Bytes  03/07/2021 17:47:09
xbv00206.vdf         : 8.18.35.86      8552 Bytes  03/07/2021 17:47:09
xbv00207.vdf         : 8.18.35.88      7016 Bytes  03/07/2021 17:47:09
xbv00208.vdf         : 8.18.35.90      9064 Bytes  03/07/2021 17:47:09
xbv00209.vdf         : 8.18.35.92     41832 Bytes  03/07/2021 17:47:09
xbv00210.vdf         : 8.18.35.94     33640 Bytes  03/07/2021 17:47:10
xbv00211.vdf         : 8.18.35.96     11624 Bytes  03/07/2021 17:47:10
xbv00212.vdf         : 8.18.35.98      2920 Bytes  03/07/2021 17:47:10
xbv00213.vdf         : 8.18.35.100    21864 Bytes  03/07/2021 17:47:10
xbv00214.vdf         : 8.18.35.102     2920 Bytes  03/07/2021 17:47:10
xbv00215.vdf         : 8.18.35.104    18280 Bytes  03/07/2021 17:47:10
xbv00216.vdf         : 8.18.35.106    11624 Bytes  03/07/2021 17:47:10
xbv00217.vdf         : 8.18.35.108    43368 Bytes  03/07/2021 17:47:10
xbv00218.vdf         : 8.18.35.110    13160 Bytes  03/07/2021 17:47:10
xbv00219.vdf         : 8.18.35.112    31080 Bytes  03/07/2021 17:47:11
xbv00220.vdf         : 8.18.35.114    38248 Bytes  03/07/2021 17:47:11
xbv00221.vdf         : 8.18.35.116     3944 Bytes  03/07/2021 17:47:11
xbv00222.vdf         : 8.18.35.118    22376 Bytes  03/07/2021 17:47:11
xbv00223.vdf         : 8.18.35.120     3432 Bytes  03/07/2021 17:47:11
xbv00224.vdf         : 8.18.35.122    24936 Bytes  03/07/2021 17:47:11
xbv00225.vdf         : 8.18.35.124    15720 Bytes  03/07/2021 17:47:11
xbv00226.vdf         : 8.18.35.126     7016 Bytes  03/07/2021 17:47:11
xbv00227.vdf         : 8.18.35.128    12136 Bytes  03/07/2021 17:47:12
xbv00228.vdf         : 8.18.35.130    35688 Bytes  03/07/2021 17:47:12
xbv00229.vdf         : 8.18.35.132    31080 Bytes  03/07/2021 17:47:12
xbv00230.vdf         : 8.18.35.134    13672 Bytes  03/07/2021 17:47:12
xbv00231.vdf         : 8.18.35.136     8552 Bytes  03/07/2021 17:47:12
xbv00232.vdf         : 8.18.35.138    11624 Bytes  03/07/2021 17:47:12
xbv00233.vdf         : 8.18.35.140     3432 Bytes  03/07/2021 17:47:12
xbv00234.vdf         : 8.18.35.142    22888 Bytes  03/07/2021 17:47:12
xbv00235.vdf         : 8.18.35.144     9064 Bytes  04/07/2021 17:59:58
xbv00236.vdf         : 8.18.35.146    46952 Bytes  04/07/2021 17:59:59
xbv00237.vdf         : 8.18.35.148    11624 Bytes  04/07/2021 17:59:59
xbv00238.vdf         : 8.18.35.150     6504 Bytes  04/07/2021 17:59:59
xbv00239.vdf         : 8.18.35.152     8552 Bytes  04/07/2021 18:00:00
xbv00240.vdf         : 8.18.35.154     7016 Bytes  04/07/2021 18:00:00
xbv00241.vdf         : 8.18.35.156    10600 Bytes  04/07/2021 18:00:01
xbv00242.vdf         : 8.18.35.158     3432 Bytes  04/07/2021 18:00:01
xbv00243.vdf         : 8.18.35.160    20328 Bytes  04/07/2021 18:00:01
xbv00244.vdf         : 8.18.35.162     8552 Bytes  04/07/2021 18:00:02
xbv00245.vdf         : 8.18.35.164     7016 Bytes  04/07/2021 18:00:02
local001.vdf         : 8.18.35.164 93596672 Bytes  04/07/2021 18:01:58
aebb.dll             : 8.1.4.2021     72944 Bytes  19/03/2021 16:54:19
aecore.dll           : 8.3.24.2021   290784 Bytes  17/06/2021 02:12:40
aecrypto.dll         : 8.2.1.2021    145184 Bytes  19/03/2021 16:54:19
aedroid.dll          : 8.4.14.2021  2821952 Bytes  19/03/2021 16:54:20
aeemu.dll            : 8.1.3.2021    422032 Bytes  19/03/2021 16:54:20
aeexp.dll            : 8.4.6.2021    407144 Bytes  23/04/2021 15:10:55
aegen.dll            : 8.1.9.2021    743064 Bytes  17/06/2021 02:12:40
aehelp.dll           : 8.3.7.2021    303112 Bytes  19/03/2021 16:54:21
aeheur.dll           : 8.1.9.2021  11182144 Bytes  03/07/2021 17:46:58
aelibinf.dll         : 8.2.1.2021     81248 Bytes  13/04/2021 19:46:55
aeml.dll             : 8.0.2.2021    348488 Bytes  19/03/2021 16:54:27
aemobile.dll         : 8.1.22.2021   364504 Bytes  13/04/2021 19:46:56
aeoffice.dll         : 8.5.3.2021    879928 Bytes  03/07/2021 17:47:03
aepack.dll           : 8.5.2.2021    844064 Bytes  21/06/2021 12:29:37
aerdl.dll            : 8.2.3.2021   1291432 Bytes  28/04/2021 14:22:12
aesbx.dll            : 8.2.22.2021  1669488 Bytes  19/03/2021 16:54:29
aescn.dll            : 8.3.10.2021   166936 Bytes  05/06/2021 18:34:38
aescript.dll         : 8.3.7.2021   1293288 Bytes  17/06/2021 02:12:49
aevdf.dll            : 8.3.3.2021    157640 Bytes  19/03/2021 16:54:29

Configuration settings for the scan:
AutoActionOnDetection: off
Network scanning enabled: on
Upload to cloud enabled: on
Upload to cloud confirmation needed: off
DetectionUnpackedGen: off
DetectionDamagedGen: off
Maximum number of clients: 10
Heuristic macro: 1
Heuristic files: 2
Scan archives: on
Smart extensions: on
Archive scan types: 
Limit recursion depth: on
Recursion depth: 20
Maximum unpack size: 1073741824
Unpack ratio: 250
Excluded files:

Início da varredura: 2021-07-04 15:11:01

---------------------------------------------------------

End of scan : 2021-07-04 15:11:20
Duration : 00m:18s:626ms

The scan has been done completely.

     73 Scanned directories
      4 Scanned archives
    135 Scanned files
      0 Skipped files
      0 Ignored files
      0 Detected files
      0 Infected files cleaned
      0 Warnings

---------------------------------------------------------
avz_log

 

AVZ Toolkit log; AVZ version is 5.50
Scanning started at 04.07.2021 15:21:46
Database loaded: signatures - 297569, NN profile(s) - 2, malware removal microprograms - 56, signature database released 04.07.2021 16:00
Heuristic microprograms loaded: 416
PVS microprograms loaded: 10
Digital signatures of system files loaded: 1213596
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: disabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Professional" () x32, install date 21.05.2006 02:37:38 
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error searching KeServiceDescriptorTable in ntkrnlpa.exe
 Error searching KeServiceDescriptorTable in ntkrnlpa.exe
 Error searching KeServiceDescriptorTable in ntkrnlpa.exe
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C0000061]
2. Scanning RAM
 Number of processes found: 25
 Number of modules loaded: 356
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
C:\PROGRA~1\MICROS~1\Office14\1046\GrooveIntlResource.dll --> Suspicion for Keylogger or Trojan DLL
C:\PROGRA~1\MICROS~1\Office14\1046\GrooveIntlResource.dll>>> Behaviour analysis 
 Behaviour typical for keyloggers was not detected
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Serviços de Área de Trabalho Remota)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 394, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 04.07.2021 15:23:21
Time of scanning: 00:01:39

Share this post


Link to post
Share on other sites

/!\ Bom Dia! RUY /!\

 

A verificação com a ferramenta da Kaspersky,não encontrou malwares,o que nos leva ao objeto AutoRun.ini ser detecção "falso positivo".

 

Citar

8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Serviços de Área de Trabalho Remota)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Windows Explorer - show extensions of known file types

 

Mas estas vulnerabilidades foram detectadas,onde recomendo que sejam atenuadas à fim de blindar sua máquina contra ataques externos.

 

> Acesse: < lmAKaMi.jpg Security Check > ( ... by glax24 & Severnyj )

 

> Clique: S2sZwmZ.jpg << Download!

 

> Salve-o ao desktop!
> Execute "SecurityCheck.exe",como administrador! ( Windows Vista, 7, 8, 8.1 )
> Clique "Ok",na mensagem!
> Copie e poste o relatório! ( C:\SecurityCheck\*.log)

 

[]s

Edited by DigRam

Share this post


Link to post
Share on other sites

Ola Digiram

 

segue o log

 


WebSite: SafeZone.cc
DateLog: 05.07.2021 21:00:24
Path starting: C:\Users\User\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: User
VersionXML: 8.90is-03.07.2021
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x86) Professional Lang: Portuguese(0416)
Installation date OS: 21.05.2006 05:37:38
LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
SystemDrive: C: FS: [NTFS] Capacity: [55.8 Gb] Used: [33.7 Gb] Free: [22.1 Gb]
——————————————————————————————— [ Windows ] ———————————————————————————————
Extended support has ended 14.01.2020, Your operating system may be vulnerable to new types of threats
Internet Explorer 11.0.9600.17843 Warning! Download Update
User Account Control enabled
The elevation prompt for administrators disabled
^It is recommended to enable (default): Win+R typing UserAccountControlSettings and Enter^
Never check for updates
Date install updates: 2020-05-04 15:08:52
Windows Update (wuauserv) - The service is running
Central de Seguranзa (wscsvc) - The service is running
Registro remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviзos de Бrea de Trabalho Remota (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
——————————————————————————————— [ HotFix ] ————————————————————————————————
HotFix KB3177467 Warning! Download Update
HotFix KB3125574 Warning! Download Update
HotFix KB4012212 Warning! Download Update
HotFix KB4499175 Warning! Download Update
HotFix KB4539602 Warning! Download Update
—————————————————————————————— [ MS Office ] ——————————————————————————————
Microsoft Office 2010 x86 v.14.0.7015.1000
———————————————————————————— [ Antivirus_WMI ] ————————————————————————————
Avira Antivirus (enabled and up to date)
——————————————————————————— [ FirewallWindows ] ———————————————————————————
Firewall do Windows (MpsSvc) - The service is running
——————————————————————————— [ AntiSpyware_WMI ] ———————————————————————————
Avira Antivirus (enabled and up to date)
Windows Defender (disabled and out of date)
—————————————————————— [ AntiVirusFirewallInstall ] ———————————————————————
Avira Antivirus v.15.0.2104.2083 Warning! Download Update
Avira Security v.1.1.50.19847
Avira v.1.2.155.4877
—————————————————————————— [ SecurityUtilities ] ——————————————————————————
UsbFix Anti-Malware Premium v.11.0.3.2
——————————————————————————— [ OtherUtilities ] ————————————————————————————
Microsoft Office Professional Plus 2010 v.14.0.7015.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice
Microsoft Silverlight v.5.1.50918.0
Microsoft .NET Framework 4.8 v.4.8.03761
Microsoft .NET Framework 4.8 (Portuguкs (Brasil)) v.4.8.03761
Microsoft .NET Framework 4.8 (PTB) v.4.8.03761
—————————————————————————————— [ ArchAndFM ] ——————————————————————————————
WinRAR 5.21 (32-bit) v.5.21.0 Warning! Download Update
———————————————————————————— [ ProxyAndVPNs ] —————————————————————————————
Avira Phantom VPN v.2.37.4.17510
———————————————————————————————— [ Media ] ————————————————————————————————
K-Lite Mega Codec Pack 11.3.6 v.11.3.6 Warning! Download Update
——————————————————————————— [ AdobeProduction ] ———————————————————————————
Adobe Acrobat Reader DC v.21.005.20048
——————————————————————————————— [ Browser ] ———————————————————————————————
Google Chrome v.91.0.4472.124
Mozilla Firefox 64.0.2 (x86 pt-BR) v.64.0.2 Warning! Download Update
—————————————————— [ AntivirusFirewallProcessServices ] ———————————————————
Avira Agendamento (AntiVirSchedulerService) - The service is running
C:\Program Files\Avira\Antivirus\sched.exe v.15.0.2103.2080
Avira Real-Time Protection (AntiVirService) - The service is running
C:\Program Files\Avira\Antivirus\avguard.exe v.15.0.2103.2080
Avira Mail Protection (AntiVirMailService) - The service has stopped
Avira Web Protection (AntiVirWebService) - The service has stopped
Avira Service Host (Avira.ServiceHost) - The service is running
C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe v.1.2.155.4877
C:\Program Files\Avira\Launcher\Avira.Systray.exe v.1.2.155.4877
C:\Program Files\Avira\Antivirus\avshadow.exe v.15.0.2103.2080
C:\Program Files\Avira\Antivirus\avgnt.exe v.15.0.2103.2080
Windows Defender (WinDefend) - The service has stopped
———————————————————————————— [ UnwantedApps ] —————————————————————————————
Avira System Speedup v.6.9.0.11050 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering.
————————————————————————————— [ End of Log ] ——————————————————————————————

System Analysis - complete.

Share this post


Link to post
Share on other sites

/!\ Bom Dia! RUY /!\

 

> Aperte "Windows+R" e acesse o "Executar".

 

Mi5daVSv_t.jpg

 

> Na caixa Abrir, digite ou cole: UserAccountControlSettings
> Clique "OK".

 

ELZB6gyw_t.jpg

 

> Estando no "Controle de Conta de Usuário",ajuste o cursor para "Nunca notificar!"
> Dê OK >> Sim, para reiniciar o computador!

——————————————————————————————— [ HotFix ] ————————————————————————————————
HotFix KB3177467 Warning! Download Update
HotFix KB3125574 Warning! Download Update
HotFix KB4012212 Warning! Download Update
HotFix KB4499175 Warning! Download Update
HotFix KB4539602 Warning! Download Update
-----
-----
> Caso queira,baixe uma à uma estas atualizações ao seu Windows7.

 

—————————————————————— [ AntiVirusFirewallInstall ] ———————————————————————
Avira Antivirus v.15.0.2104.2083 Warning! Download Update
-----
-----

Avira Mail Protection (AntiVirMailService) - The service has stopped
Avira Web Protection (AntiVirWebService) - The service has stopped

-----

-----

> Reative estes serviços indo indo ao suporte Avira.

 

Citar


> Seu antivírus Avira, está desatualizado!
> Clique em "Download Update", para buscar a versão mais recente.

——————————————————————————————— [ Browser ] ———————————————————————————————
Mozilla Firefox 64.0.2 (x86 pt-BR) v.64.0.2 Warning! Download Update
-----
-----
> O Firefox também está desatualizado!

———————————————————————————— [ UnwantedApps ] —————————————————————————————
Avira System Speedup v.6.9.0.11050 << Hidden Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering.

-----

-----

> O Avira System Speedup, nesta versão instalada, está oculta!

 

Avira System Speedup Pro para Windows

Citar


Ps: A Avira lhe fornece este utilitário por apenas R$ 56,99 de assinatura anual.

 

"Aumenta o desempenho, deixando o PC mais rápido
Limpa automaticamente o lixo e arquivos desnecessários
Inclui 30 ferramentas premium de otimização
"
-----
-----
> Pessoalmente,nunca o utilizei ou testei.
> Portanto,fica à sua escolha adquirir este utilitário.
> Informe!

 

[]s

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

Ao usar o fórum, você concorda com nossos Terms of Use.