Arquivo Suspeito - Autorum.ini
Foi encontrado um arquivo no modem de acesso a internet autorun.ini na unidade E:
Foi feito um exame com USBfix , seguem os logs incluindo o FRST
Desde de já agradeço a atenção dada
FRST
Resultado do exame da Farbar Recovery Scan Tool (FRST) (x86) Versão: 05-06-2021 01
Executado por User (administrador) em USER-PC (Standard L41II8 anf L41II9) (05-06-2021 16:19:27)
Executando a partir de C:\Users\User\Desktop
Perfis Carregados: User
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Idioma: Português (Brasil)
Navegador padrão: IE
Modo da Inicialização: Normal
==================== Processos (Whitelisted) =================
(Se uma entrada for incluída na fixlist, o processo será fechado. O arquivo não será movido.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files\Avira\VPN\Avira.VpnService.exe
(Google Inc -> Google Inc.) C:\Program Files\Google\Update\GoogleUpdate.exe <2>
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(Google LLC -> Google LLC) C:\Program Files\Google\Update\Install\{0EE6530F-1A84-4413-AA98-D1643A0EE2AD}\91.0.4472.77_90.0.4430.212_chrome_updater.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Update\Install\{0EE6530F-1A84-4413-AA98-D1643A0EE2AD}\CR_979D9.tmp\setup.exe <2>
(Google LLC -> Google) C:\Users\User\AppData\Local\Google\Chrome\User Data\SwReporter\90.262.200\software_reporter_tool.exe <4>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(MEDIATEK INC. -> Mediatek Inc.) [Arquivo não assinado] C:\Program Files\MediatekWiFi\Common\RaUI.exe
(MEDIATEK INC. -> Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> ) C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe
(SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> ) C:\Program Files\UsbFix\UsbFix.exe <4>
(ZTE CORPORATION -> ) C:\Program Files\Claro 3G\CMUpdater.exe
(ZTE CORPORATION -> ) C:\Program Files\Claro 3G\UIMain.exe
==================== Registro (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [706192 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [] => [X]
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\...\MountPoints2: {4e4d4976-a443-11eb-baec-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\...\MountPoints2: {0d6e9a60-3668-11ea-9d2d-00030d6d7281} - E:\Windows/AutoRun.exe
HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\Run: [] => [X]
HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6490904 2015-08-19] (Piriform Ltd -> Piriform Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.212\Installer\chrmstp.exe [2021-05-12] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2021-04-20] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2021-06-05]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files\MediatekWiFi\Common\RaUI.exe (MEDIATEK INC. -> Mediatek Inc.) [Arquivo não assinado]
====================================================================================================================================================
**FRST-Addition**
Resultado do exame Adicional Farbar Recovery Scan Tool (x86) Versão: 05-06-2021 01
Executado por User (05-06-2021 16:24:16)
Executando a partir de C:\Users\User\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) (2006-05-21 05:37:38)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-2968044519-3865384213-3263409630-500 - Administrator - Disabled)
Auditorio (S-1-5-21-2968044519-3865384213-3263409630-1005 - Limited - Disabled) => C:\Users\Auditorio
Aula (S-1-5-21-2968044519-3865384213-3263409630-1006 - Limited - Disabled) => C:\Users\Aula
Convidado (S-1-5-21-2968044519-3865384213-3263409630-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2968044519-3865384213-3263409630-1004 - Limited - Enabled)
secretaria (S-1-5-21-2968044519-3865384213-3263409630-1007 - Limited - Enabled) => C:\Users\secretaria
Teste (S-1-5-21-2968044519-3865384213-3263409630-1008 - Limited - Enabled) => C:\Users\Teste
User (S-1-5-21-2968044519-3865384213-3263409630-1000 - Administrator - Enabled) => C:\Users\User
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Avira Antivirus (Enabled - Up to date) {8EAC8D5C-B3AA-95AA-3DF1-2845CDD09CBE}
AS: Avira Antivirus (Enabled - Up to date) {35CD6CB8-9590-9A24-0741-1337B657D603}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 21.001.20155 - Adobe Systems Incorporated)
Avira (HKLM\...\{21098ed5-59e9-4203-b79e-63f3c373e022}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM\...\{2CA8B2E7-B4B7-4553-83E6-448A543EA5AD}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.2104.2083 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM\...\Avira Phantom VPN) (Version: 2.37.4.17510 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM\...\Avira Security_is1) (Version: 1.1.49.18598 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM\...\Avira System Speedup_is1) (Version: 6.9.0.11050 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Claro 3G (HKLM\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
D-Link DWA-131 - V5.02b04 (HKLM\...\{B7C11488-750D-4E48-A9A4-7207A335984D}) (Version: 5.00.0000 - D-Link)
Google Chrome (HKLM\...\Google Chrome) (Version: 90.0.4430.212 - Google LLC)
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
K-Lite Mega Codec Pack 11.3.6 (HKLM\...\KLiteCodecPack_is1) (Version: 11.3.6 - )
Mediatek RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.38.101 - MediatekWiFi)
Microsoft .NET Framework 4.8 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft .NET Framework 4.8 (Português (Brasil)) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.8.03761 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x86 pt-BR) (HKLM\...\Mozilla Firefox 64.0.2 (x86 pt-BR)) (Version: 64.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0.2.6947 - Mozilla)
Pacote de Idiomas do Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - Português (Brasil) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - PTB) (Version: 10.0.50903 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
UsbFix Anti-Malware Premium (HKLM\...\Usbfix) (Version: 11.0.3.2 - SOSVirus (SOSVirus.Net))
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
==================== Exame Personalizado CLSID (Whitelisted): ==============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-12-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-12-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2009-09-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-12-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-16] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido. O arquivo não será movido.)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\system32\lagarith.dll [216064 2011-12-07] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\system32\x264vfw.dll [3591680 2015-02-28] (x264vfw project) [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\system32\xvidvfw.dll [240128 2015-06-22] () [Arquivo não assinado]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\system32\ff_vfw.dll [112128 2015-08-03] () [Arquivo não assinado]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\system32\ac3acm.acm [122880 2012-07-21] (fccHandler) [Arquivo não assinado]
==================== Atalhos & WMI ========================
(As entradas podem ser listadas para serem restauradas ou removidas.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Módulos Carregados (Whitelisted) =============
2019-07-26 18:42 - 2009-05-01 11:51 - 001069056 _____ (Cisco Systems, Inc.) [Arquivo não assinado] C:\Program Files\MediatekWiFi\Common\CiscoEapFast.dll
2019-03-27 23:48 - 2019-03-27 23:48 - 000115200 _____ (Microsoft Corporation) [Arquivo não assinado] [O arquivo está em uso] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Modo de Segurança (Whitelisted) ==================
==================== Associação (Whitelisted) =================
==================== Internet Explorer (Versão 11) (Whitelisted) ==========
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://login.latinamweb.com/
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://www.msn.com/pt-br/?ocid=iehp
HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pt-br/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Conteúdo: =========================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2009-07-13 23:04 - 2009-06-10 18:39 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Outras Áreas ===========================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-2968044519-3865384213-3263409630-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2968044519-3865384213-3263409630-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Auditorio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2968044519-3865384213-3263409630-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Aula\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2968044519-3865384213-3263409630-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\secretaria\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2968044519-3865384213-3263409630-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\Teste\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
(Se uma entrada for incluída na fixlist, será removida.)
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
==================== Regras do Firewall (Whitelisted) ================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{693D4740-FB12-4B3F-B7BE-F7D883014547}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{DCB374FE-8789-471F-AADB-9394FC4DBD1B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{CE8CBC0B-07D1-4AAD-8FEF-1A9C43BAB48C}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6FD5CA16-B1BA-4B62-B9B6-3421D210FA94}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{174D11B4-5251-4D07-A15E-9C9D5876A97A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B5697BB9-C96F-4A63-BCF5-E56E197B7BF2}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\RTLDHCP.exe (Realtek Semiconductor Corp -> Realtek)
FirewallRules: [{FF056310-57AF-405E-A347-F356F222EBCC}] => (Allow) C:\Program Files\D-Link\DWA-131 revE\IHV\PortableWiFi.exe (D-LINK CORPORATION -> D-Link Corp.)
FirewallRules: [{6AA5A65C-C670-40D3-9138-BF20056B41F8}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe (Ralink) [Arquivo não assinado]
FirewallRules: [{C2E38C2D-E9C2-45F2-8F8F-76BCE370F2B9}] => (Allow) C:\Program Files\MediatekWiFi\Common\RaMediaServer.exe (Ralink) [Arquivo não assinado]
FirewallRules: [{D9632D92-5854-404D-8938-6D32B0C8F19C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6373FBFE-E103-4462-A4B5-5038ADCF9A1D}] => (Block) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{D82718DB-BD9B-4847-9D01-BE69D3949FD2}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{0A625BEB-BC15-4D53-91D8-AD2973329779}] => (Allow) C:\Program Files\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
==================== Pontos de Restauração =========================
28-05-2021 12:06:35 Ponto de Verificação Agendado
==================== Dispositivos Apresentando Falhas No Gerenciador ============
==================== Erros no Log de eventos: ========================
Erros em Aplicativos:
==================
Error: (06/05/2021 03:59:14 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C7675311-F968-4D59-B80C-F1F04910A8F1}: o usuário User-PC\User discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 633.
Error: (06/05/2021 03:59:04 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3F1D5EB8-9F55-4145-A050-C2F1155DB138}: o usuário User-PC\User discou uma conexão de nome Banda Larga 3G que falhou. O código do erro retornado na falha é 633.
Error: (06/05/2021 03:21:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (06/02/2021 10:38:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/31/2021 02:26:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/28/2021 01:49:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/28/2021 10:55:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/28/2021 10:40:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Erros de Sistema:
=============
Error: (06/05/2021 04:16:52 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: O seguinte alerta fatal foi recebido: 70.
Error: (06/05/2021 04:03:51 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{4FD35F81-BB13-4102-90B0-385B371E2834} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
Error: (06/05/2021 04:02:37 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{4FD35F81-BB13-4102-90B0-385B371E2834} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
Error: (06/05/2021 04:01:31 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{4FD35F81-BB13-4102-90B0-385B371E2834} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
Error: (06/05/2021 03:57:55 PM) (Source: Server) (EventID: 2505) (User: )
Description: O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7947425-9DE5-41EC-B41C-2433C7CDD62D} porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
Error: (06/05/2021 03:26:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Serviço de Compartilhamento de Rede do Windows Media Player devido ao seguinte erro:
O serviço não respondeu à requisição de início ou controle em tempo hábil.
Error: (06/05/2021 03:26:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Serviço de Compartilhamento de Rede do Windows Media Player.
Error: (06/05/2021 03:25:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão do serviço Microsoft .NET Framework NGEN v4.0.30319_X86.
==================== Informações da Memória ===========================
BIOS: Standard 1.10 03/15/2007
placa-mãe: Standard L41II8 anf L41II9
Processador: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz
Percentagem de memória em uso: 89%
RAM física total: 2038.18 MB
RAM física disponível: 207.75 MB
Virtual Total: 4076.36 MB
Virtual disponível: 1334.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:55.79 GB) (Free:21.67 GB) NTFS
Drive e: (ZTEMODEM) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
\\?\Volume{94b629c0-e884-11da-8c87-806e6f6e6963}\ (Reservado pelo Sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Tabela de Partições ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 55.9 GB) (Disk ID: 0001791D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
==================== Fim de Addition.txt =======================
===========================================================================================
**USB Fix -log 1**
# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Version : 11.032
# Database :
# Contact : [https://www.usb-antivirus.com/contact](https://www.usb-antivirus.com/contact)
# ----------------------------------------------------
# Scan type : USB
# User : User (Administrator)
# Device : USER-PC
# Started : 05/06/2021 15:46:59
# ----------------------------------------------------
------------ | Analyzed disks |
No devices detected for this scan type.
------------ | Infected elements |
~ No element detected ~
------------ | Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Start.lnk : C:\Users\User\AppData\Roaming\skujmyc\avisyfw32.exe
04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe
------------ | Tasks |
Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall
Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe"
Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync
Infected elements : 0
Analyzed elements : 23109 in 00h 00m 20s
# UsbFix-Report-01.txt [2665B]
------------ | E.O.F |
=====================================================================================================================
**USB FIX log 2**
------------ | Infected elements |
Deleted! C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk
------------ | Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\System32\Userinit.exe,
04 - HKLM\..\Run : [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe"
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04GS - Mediatek Wireless Utility.lnk : C:\Program Files\MediatekWiFi\Common\RaUI.exe
------------ | Tasks |
Task - Adobe Acrobat Update Task --> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task - AviraSystemSpeedupUpdate --> "C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe" /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
Task - Avira_Antivirus_Systray --> "C:\Program Files\Avira\Antivirus\avgnt.exe" /min
Task - Avira_Security_Update --> "C:\Program Files\Avira\Security\Avira.Spotlight.Common.Updater.exe" /CheckAndInstall
Task - GoogleUpdateTaskMachineCore --> C:\Program Files\Google\Update\GoogleUpdate.exe /c
Task - GoogleUpdateTaskMachineUA --> C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Task - limpeza --> "C:\Program Files\CCleaner\CCleaner.exe"
Task - UsbFix Boot Scan --> "C:\Program Files\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{CBA7B802-89AC-4FD6-B9C1-4CA586D62793} --> C:\Windows\system32\msfeedssync.exe sync
------------ | C:\ %SystemDrive% - Fixed drive (NTFS) |
[10/06/2009 - 18:42:20 | A | 0 Ko] - config.sys
[05/06/2021 - 15:19:46 | ASH | 1565320 Ko] - hiberfil.sys
[05/06/2021 - 15:19:49 | ASH | 2087096 Ko] - pagefile.sys
[12/05/2021 - 11:02:17 | SHD] - Config.Msi
[26/04/2021 - 10:10:37 | SHD] - $Recycle.Bin
[10/06/2009 - 18:42:20 | A | 0 Ko] - autoexec.bat
[10/04/2006 - 00:02:19 | SHD] - found.000
[21/05/2006 - 02:37:26 | SHD] - Arquivos de Programas
[21/05/2006 - 02:37:27 | SHD] - Recovery
[13/07/2009 - 23:37:05 | D] - PerfLogs
[14/07/2009 - 01:53:55 | SHD] - Documents and Settings
[28/03/2017 - 17:59:14 | RHD] - MSOCache
[27/09/2017 - 18:30:02 | D] - hp12c
[10/06/2019 - 17:53:24 | D] - a742de876fe6412155d5cb816aac101b
[19/04/2021 - 15:06:47 | HD] - ProgramData
[26/04/2021 - 10:10:18 | RD] - Users
[12/05/2021 - 11:00:13 | D] - Windows
[05/06/2021 - 15:45:04 | RD] - Program Files
Infected elements : 2
Analyzed elements : 30388 in 00h 00m 14s
# UsbFix-Report-03.txt [3570B]
------------ | E.O.F |Discussão (9)
Carregando comentários...