Arquivo do system32 fica pedindo para baixar o windows 10

Question

Boa  tarde !    Prezados(as)

O arquivo  GWXUXWorker.exe contido em c:\windows\system32\GWX ; fica pedindo para eu baixar o windows 10 ! Que coisa estranha :

http://s1062.photobucket.com/user/Edson_Melo/media/Screen Shot 03-30-15 at 04.31 PM.png.html?sort=3&o=0

Este arquivo foi criado em 28/03 passado agora .

O ccleanner pegou o  mesmo recentemente :

http://s1062.photobucket.com/user/Edson_Melo/media/Screen%20Shot%2003-30-15%20at%2002.13%20PM.png.html?sort=3&o=2

Abra&ccedil;os

Answer

Est&aacute; certo que ele &eacute; relacionado a Updates, mas n&atilde;o devia falar do Windows 10 ainda.

Mas no seu caso eu come&ccedil;aria a usar os programas indicados l&aacute; no 
[SIZE=4]An&aacute;lise de logs e remo&ccedil;&atilde;o de v&iacute;rus (arquivos maliciosos) ou mesmo se ainda n&atilde;o tiver confian&ccedil;a abriria um post l&aacute;.[/SIZE]

Answer

Boa  tarde !

Certo .  Apesar que com runscanner e malwarebytes nada .     Pois  para futura migra&ccedil;&atilde;o do seven  para o win 10 :

http://support.microsoft.com/en-us/kb/3035583

http://s1062.photobucket.com/user/Edson_Melo/media/Screen Shot 03-30-15 at 05.21 PM.png.html?sort=3&o=0

Runscanner logfile http://www.runscanner.net

* = signed file
- = file not found

General info
------------
Computer name : EDSON-PC
Creation time : 30/03/2015 18:25:35
Hosts  127.0.0.1 : Cannot read hosts file
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 9.11.9600.17691
OS : Windows 7 Home Basic
OS Build : 7601
OS SP : Service Pack 1
RunScanner Version : 2.0.0.60
User Language : Portugu&ecirc;s (Brasil)
User rights : Administrator
Windows folder : C:\Windows

Running processes
-----------------
* C:\Windows\System32\wininit.exe (Microsoft Corporation)
* C:\Windows\System32\winlogon.exe (Microsoft Corporation)
* C:\Windows\System32\services.exe (Microsoft Corporation)
* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)
  C:\Program Files\UX Pack\Aura\Aura.exe (Stealth Software)
* C:\Windows\System32\dllhost.exe (Microsoft Corporation)
* C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
* C:\Program Files\Gadwin\Gadwin PrintScreenPro\PrintScreenPro32.exe (Gadwin Systems)
* C:\PROGRA~1\GbPlugin\gbpsv.exe (GAS Tecnologia)
* C:\Windows\System32\dwm.exe (Microsoft Corporation)
* C:\Windows\System32\smss.exe (Microsoft Corporation)
* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)
* C:\Windows\system32\audiodg.exe (Microsoft Corporation)
* C:\Windows\System32\lsass.exe (Microsoft Corporation)
* C:\Program Files\Opera\28.0.1750.48\opera.exe (Opera Software)
* C:\Program Files\Opera\28.0.1750.48\opera_crashreporter.exe
* C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32\svchost.exe (Microsoft Corporation)
* C:\Windows\System32	askhost.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Windows\System32\csrss.exe (Microsoft Corporation)
* C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (IBM Corp.)
* C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (IBM Corp.)
* C:\Users\EDSON\Downloadsunscanner (1).exe (Runscanner.net)
* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
* C:\Windows\System32\lsm.exe (Microsoft Corporation)
  C:\Windows\explorer.exe (Microsoft Corporation)
* C:\Program Files\UX Pack\WinMetro\MetroBar.exe (IObit)
* C:\Program Files\UX Pack\WinMetro\MetroStart.exe (IObit)
* C:\Windows\System32\wbem\WmiApSrv.exe (Microsoft Corporation)

Unrated items
-------------
002  C:\Program Files\UX Pack\uxlaunch.exe (Windows X)
010 * C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.NET Runtime Optimization Service)
010 * C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service)
010 * C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe&reg; Flash&reg; Player Update Service 17.0 r0)
010 * C:\Program Files\Diebold\Warsaw\core.exe (GAS Tecnologia - Core)
010 * C:\PROGRA~1\GbPlugin\GbpSv.exe (G-Buster Browser Defense - Service)
010 * C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService)
010 * C:\Program Files\IObit\WinMetro\MetroSvc.exe (WinMetro Service)
011 * C:\Windows\system32\DRIVERS\gbpndisrdn.sys (GAS Tecnologia - LWF Helper Driver)
011 * C:\Windows\system32\drivers\gbpkm.sys (GbPlugin Device Driver)
011 * c:\windows\system32\drivers\aionkgcg.sys (Malware Defender Driver)
011 * C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80128.sys (RapportCerberus)
011 * C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (RapportEI)
011 * C:\Windows\System32\Drivers\RapportKELL.sys (RapportKE)
011 * C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG)
011 * C:\Windows\system32\DRIVERS\Rt86win7.sys (Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver  )
011 * C:\Windows\system32\drivers\uxpatch.sys (uxpatch)
034  C:\Windows\Explorer.exe (Microsoft Corporation)
047  Zone: seg.bb.com.br : https://seg.bb.com.br
047  Zone: www.bancobrasil.com.br : *.www.bancobrasil.com.br
047  Zone: www.bb.com.br : *.www.bb.com.br
047  Zone: www.bb.com.br : http://www.bb.com.br
047  Zone: www14.bancobrasil.com.br : https://www14.bancobrasil.com.br
047  Zone: www14.bancobrasil.com.br : *.www14.bancobrasil.com.br
047  Zone: www2.bancobrasil.com.br : https://www2.bancobrasil.com.br
047  Zone: www2.bancobrasil.com.br : *.www2.bancobrasil.com.br
050 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {E37CB5F0-51F5-4395-A808-5FA49E399F83}
052 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {C41A1C0E-EA6C-11D4-B1B8-444553540000}
052 * C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
052 * C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation) {DBC80044-A445-435b-BC74-9C25C1C588A9}
061 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {98C11555-BC81-40aa-A053-DAADC5630000}
061 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {E37CB5F0-51F5-4395-A808-5FA49E399F83}
062 * C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067 * C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)
073  Adobe Flash Player Updater.job : C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
100  Start Page HKLM : www.google.com
231 * C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info
254 * C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) {98C11555-BC81-40aa-A053-DAADC5630000}
001 MalwareDefender.exe
001 mdservice.exe

Missing files
-------------
032 rdpclip

# AdwCleaner v4.200 - Arquivo de log criado 31/03/2015 &agrave;s 14:00:41
# Atualizado 29/03/2015 por Xplode
# Base de dados : 2015-03-29.1 [Servidor]
# Sistema operacional : Windows 7 Ultimate  (x86)
# Usu&aacute;rio : EDSON - EDSON-PC
# Executando de : C:\Users\EDSON\Downloads\adwcleaner_4.200.exe
# Op&ccedil;&atilde;o : Verificar

***** [ Servi&ccedil;os ] *****

***** [ Arquivos / Pastas ] *****

***** [ Tarefas agendadas ] *****

***** [ Atalhos ] *****

***** [ Registro ] *****

***** [ Navegadores ] *****

-\ Internet Explorer v11.0.9600.17689

-\ Mozilla Firefox v

-\ Opera v28.0.1750.48

*************************

AdwCleaner[R0].txt - [643 bytes] - [31/03/2015 14:00:41]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [701 bytes] ##########

Abra&ccedil;os

Answer

:anjinho:

H&aacute; um execut&aacute;vel da Microsoft que prepara o Windows 7 ou o 8.1 para receber o Windows 10 via Windows Update. A princ&iacute;pio &eacute; algo que o usu&aacute;rio deva baixar e rodar primeiramente. N&atilde;o sei se alguma atualiza&ccedil;&atilde;o instala isso automaticamente.

:adeus:

Answer

[QUOTE=Tmfeijo, post: 7117900, member: 713513]Boa  tarde !    Prezados(as)

O arquivo  GWXUXWorker.exe contido em c:\windows\system32\GWX ; fica pedindo para eu baixar o windows 10 ! Que coisa estranha :

http://s1062.photobucket.com/user/Edson_Melo/media/Screen Shot 03-30-15 at 04.31 PM.png.html?sort=3&o=0

Este arquivo foi criado em 28/03 passado agora .

O ccleanner pegou o  mesmo recentemente :

http://s1062.photobucket.com/user/Edson_Melo/media/Screen Shot 03-30-15 at 02.13 PM.png.html?sort=3&o=2

Abra&ccedil;os[/QUOTE]
J&aacute; te disse algo sobre o Iobit[antes]
Tudo bem que est&aacute; no metro/ mas ele sempre procura um Update

Tente remover o Iobit

Answer

Boa  tarde !  Kraftwerk

&Eacute; o pr&oacute;prio GWX.exe que vem  junto com a up KB3035583  .  Mas estes arquivos abaixo ; pelo menos por enquanto ; n&atilde;o abre nada  .

http://s1062.photobucket.com/user/Edson_Melo/media/Screen Shot 03-31-15 at 12.36 PM.png.html?sort=3&o=0

http://translate.google.com.br/translate?hl=pt-BR&sl=en&u=http://www.infoworld.com/article/2903005/operating-systems/what-we-don-t-know-about-mystery-windows-patch-kb-3035583.html&prev=search

Uma prepara&ccedil;&atilde;o para o win 10 .

http://s1062.photobucket.com/user/Edson_Melo/media/Screen Shot 06-01-15 at 02.20 PM.png.html?sort=3&o=0

https://www.hardware.com.br/comunidade/v-t/1353235/22.html

Abra&ccedil;os

Ferramentas

Mover Tópico