[Resolvido] Other:Malware-Gen[TRJ]

/_ Boa Tarde! prrsilva _\

Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/FRST_Logo.jpg&key=c15718bb8dd09587f9609594b5c08ed5e52c3c9d1c882702f6697f6f447d11bc" alt="FRST_Logo.jpg" /> > ( ... by Farbar )
O banner àcima,acessa a ferramenta para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit >

No link àcima,é para uso em sistemas 64bits!
Salve-o no desktop! (Área de trabalho ...)
Execute a ferramenta! Clique "Sim" >> "Examinar".

/applications/core/interface/imageproxy/imageproxy.php?img=http://4.t.imgbox.com/4y9giFrI.jpg&key=e139a576677427cef459662f3742a19b4656d7f6e9c77c567cce8c5cae3c9197" alt="4y9giFrI.jpg" />

Antes de clicar "Examinar",verifique se as caixinhas em "Whitelist" estão assinaladas.
Em "Exame Opcional",deixe marcada as checkbox "Addition.txt" e "Arquivos 90 Dias".
Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
Poste os relatórios! (FRST.txt + Addition.txt)
Como os logs serão extensos,envie-os à /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/EUE4tdb.jpg&key=a1493902e025170e24c1db9b5cbad8c87dbfb6dcd8089f17bcd66f77da7e54c1" alt="EUE4tdb.jpg" />

Clique no botão Parcourir...
Busque o relatório e clique no botão Abrir.
Clique no botão "Créer le lien Cjoint".
Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acrVh6GY.jpg&key=a98031df11d71116e6fc6fe6586a03c4ab49a7be484751ed5881cb409d37ce42" alt="acrVh6GY.jpg" />

O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Copierlelien_zpsd51f499f.jpg&key=660428e74964025a431cba1b51ee2132f7bbee4aaf74172bd3f0a3be25c5b2b1" alt="Copierlelien_zpsd51f499f.jpg" />

Ou clique "**Copier le lien (*)" e cole o link ao seu Post**.
Fique atento,pois teremos 2 links a serem postados!

A+

Boa noite, DigRam

segue links

http://www.cjoint.com/c/FFlayZ8lRap

http://www.cjoint.com/c/FFlaBalDtwp

/_ Bom Dia! prrsilva _\

Copie estas informações que estão em vermelho,para o Bloco de Notas.
Salve-a com o nome fixlist. << Texto!
Salve-a no desktop! (** *Área de trabalho ...*** )

start
CloseProcesses:
emptytemp:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
S0 gbpddreg; system32\drivers\gbpddreg64.sys [X]
ShortcutWithArgument: C:\Users\PAULO\Desktop\Emissor de Nota Fiscal Eletronica (NF-e) 3.10 - Versao de Teste.lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.emissornfehom.fazenda.sp.gov.br/v310/aplicativo/emissorNFe.jnlp "C:\Users\PAULO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1735e12a-366fe556"
ShortcutWithArgument: C:\Users\PAULO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Secretaria da Fazenda\Emissor de Nota Fiscal Eletronica (NF-e) 3.10 - Versao de Teste.lnk -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.emissornfehom.fazenda.sp.gov.br/v310/aplicativo/emissorNFe.jnlp "C:\Users\PAULO\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1735e12a-366fe556"
ShortcutWithArgument: C:\Users\PAULO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [1518]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]
reboot:

end

Execute FRST/FRST64 >> Clique "Fix" << Aguarde!
Na mensagem,clique Executar.
Poste o relatório! (Fixlog.txt)

A+

Boa noite, DigRam

segue relatório

http://www.cjoint.com/c/FFlwljZheem

/_ Boa Noite! prrsilva _\

Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )
Ou daqui: < AdwCleaner >
Ao acessar,clique em "Download Now".
Salve-o no desktop!

< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" /> >

Desabilite seu antivírus!
Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/AdwCleaner_Examinar_zps828ed634.jpg&key=ab3daa6c25adcfd393aa42949dcd0177a1c4f1dba193cc7c9704843f6ef97402" alt="AdwCleaner_Examinar_zps828ed634.jpg" />

Ps: Dê início ao scan,clicando em "Verificar" ou "Examinar".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Limpar_zps06005ae9.jpg&key=e03b122437ba41a51aeb80130d87464e234beda92d71d6cab1205ee84e50d78e" alt="AdwCleaner_Limpar_zps06005ae9.jpg" />

Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
Copie o log ou clique "Relatorio".
Poste: < C:\AdwCleaner\AdwCleaner[C1].txt >

Abs!

Boa noite, DigRam

segue relatório

http://www.cjoint.com/c/FFmcxkPdFqm

/_ Bom Dia! prrsilva _\

Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/k00HFWk.jpg&key=41c7ebadcdf490a10bc7c2aaf09be7632d88314ee5403bb58d213d715265d441" alt="k00HFWk.jpg" /> > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/6LcRokv.jpg&key=4684c965737c18f7476fe10aa0d12f9a5f0279583460e462d3bcad9875ed3ea0" alt="6LcRokv.jpg" /> > ( ... de Nicolas Coolman )

/applications/core/interface/imageproxy/imageproxy.php?img=http://www.nicolascoolman.fr/wp-content/plugins/wpdm-download-button/images/54003ae4505a2.jpg&key=64d34f15ec269def53f78e9ba6f75fc67098165d11823b42da6f7982b6018dd5" alt="54003ae4505a2.jpg" />

Estando na página,clique: Télécharge
Salve-a ao desktop! ( ZHPDiag3 )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1377.photobucket.com/albums/ah43/caedurodrigues/Removal%2520Tools2/Icon_zhpdiag3_zpsaigd3wcv.jpg&key=af766b55352aec73845b5681f0b096fd2e0ac10427c0871588b3fea898ffce8a" alt="Icon_zhpdiag3_zpsaigd3wcv.jpg" />

Execute ZHPDiag3.exe,como administrador,para instalar a ferramenta!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1377.photobucket.com/albums/ah43/caedurodrigues/Removal%2520Tools/run_as_adm1_zps9c608e64.png&key=e484ad99b0e7b5b0c09508ddfd92a73813b9c33dfcb8fa9d676723fb348eeae7" alt="run_as_adm1_zps9c608e64.png" />

/applications/core/interface/imageproxy/imageproxy.php?img=http://0.t.imgbox.com/RWbLZW9S.jpg&key=b5d03c8c1d06de0f8895e292a127993985c5a07616bc4e97015514cee49c73c6" alt="RWbLZW9S.jpg" />

Ao abri-la,clique Scanner.
Aguarde a conclusão!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/au97Ide.jpg&key=810e49f2521c590269545ed80e8328eefd6c27d3cfb7216d8be74dbec407242b" alt="au97Ide.jpg" />

À seguir,clique Relatório.
Poste o log de diagnóstico: ~ Modo: Scanner
Ps: Como o log será extenso,envie-o à Pjjoint.malekal.
Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
Clique no botão Parcourir...
Busque o relatório ao desktop.
Clique no botão Abrir.
Clique no botão "Créer le lien Cjoint".
Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/acrVh6GY.jpg&key=a98031df11d71116e6fc6fe6586a03c4ab49a7be484751ed5881cb409d37ce42" alt="acrVh6GY.jpg" />

O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Copierlelien_zpsd51f499f.jpg&key=660428e74964025a431cba1b51ee2132f7bbee4aaf74172bd3f0a3be25c5b2b1" alt="Copierlelien_zpsd51f499f.jpg" />

Ou clique "**Copier le lien (*)" e cole o link ao seu Post**.

A+

Bom dia, DigRam

segue relatório

http://www.cjoint.com/c/FFmpsQNWCHC

/_ Boa Tarde! prrsilva _\

O23 - Service: KMS Server Service (KMSEmulator) . (...) - C:\ProgramData\KMSAuto\KMSES.exe

O23 - Service: Service KMSELDI (Service KMSELDI) . (. - Service_KMS.) - C:\Program Files\KMSpico\Service_KMS.exe SS - Auto [09/10/2014] [ 277504] KMS Server Service (KMSEmulator) . (...) - C:\ProgramData\KMSAuto\KMSES.exe SS - Auto [11/12/2013] [ 1050904] Service KMSELDI (Service KMSELDI) . (...) - C:\Program Files\KMSpico\Service_KMS.exe O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: KMSpico v9.1.3 - (...) [HKLM][64Bits] -- KMSpico_is1 O43 - CFD: 16/04/2016 - [] AD -- C:\Program Files\KMSpico O43 - CFD: 12/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0 O43 - CFD: 09/10/2014 - [] D -- C:\ProgramData\KMSAuto O43 - CFD: 06/07/2015 - [0] D -- C:\Program Files (x86)\McAfee Security Scan O43 - CFD: 09/10/2015 - [] D -- C:\ProgramData\boost_interprocess O43 - CFD: 13/10/2015 - [0] D -- C:\ProgramData\{126CFB2A-3098-4C8B-A9BB-8D922A069FE0} O43 - CFD: 02/09/2015 - [0] D -- C:\ProgramData\{2ACB8283-3DA0-4D9A-8EC6-CE39EEA98C97} O43 - CFD: 25/02/2016 - [0] D -- C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} O43 - CFD: 12/04/2016 - [0] D -- C:\Users\PAULO\AppData\Local\ActiveSync O43 - CFD: 12/04/2016 - [0] SHD -- C:\Users\PAULO\AppData\Local\Histórico O43 - CFD: 09/10/2014 - [0] D -- C:\Users\PAULO\AppData\Local\Programs\Common O43 - CFD: 0 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\CrashDumps O43 - CFD: 0 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\DataSharing O43 - CFD: 0 - [0] D -- C:\WINDOWS\System32\Config\systemprofile\AppData\Local\Packages O87 - FAEL: "{34E00C70-37C7-452F-8442-6D4BC20B39AA}" [in-None-P6-TRUE] .(...) -- C:\Program Files\KMSpico\Service_KMS.exe O87 - FAEL: "{C1F2B17F-FFA1-4E4B-B169-0856D32B86FF}" [in-None-P17-TRUE] .(...) -- C:\Program Files\KMSpico\Service_KMS.exe O87 - FAEL: "{AC8AA236-49D3-4B45-831D-553E896D84B7}" [in-None-P6-TRUE] .(...) -- C:\Program Files\KMSpico\Service_KMS.exe O87 - FAEL: "{D79ECEF4-A612-45D0-86E8-BFF71E67BEFC}" [in-None-P17-TRUE] .(...) -- C:\Program Files\KMSpico\Service_KMS.exe HKLM\SYSTEM\CurrentControlSet\Services\KMSEmulator HKCU\SOFTWARE\SuperDownloads.com.br HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KMSpico_is1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} C:\Program Files\KMSpico\Service_KMS.exe C:\ProgramData\KMSAuto\KMSES.exe C:\Program Files\KMSpico C:\ProgramData\KMSAuto

Grande parte das detecções apontam o validador KMSpico v9.1.3.
É de seu conhecimento esta instalação?

A+

Boa noite, DigRam

eu usei este validador para validar o word.

/_ Boa Noite! prrsilva _\

Ok! Entendi. Logo não executarei o script,mas saiba que estes validadores não dão nada graciosamente.
Baixe: < Malwarebytes Anti-Malware >
Acesse este Tutorial! ( Tutorial do Malwarebytes Anti-Malware )
Obtenha informações de instalação,atualização e configurações do MBAM.

/applications/core/interface/imageproxy/imageproxy.php?img=http://7.t.imgbox.com/RLCa6T0e.jpg&key=8687b4d0057621c1b0c154386b5ebaabe558402b3f75f55c9c7afb7d95e58c72" alt="RLCa6T0e.jpg" />

Escolha o "Tipo da Verificação": Verificação Personalizada
Ao concluir,envie suas detecções para a Quarentena.

/applications/core/interface/imageproxy/imageproxy.php?img=http://8.t.imgbox.com/2UeB0VKo.jpg&key=d202686cd30dce1a27350260eae05d67f3d3c97f5ec8a4f2ec571411664dbe81" alt="2UeB0VKo.jpg" />

Leia no Tutorial: "Como acessar o Log (relatório) do Malwarebytes:"
Poste o relatório! ( Scan Log )

A+

Boa noite, DigRam

segue relatório

http://www.cjoint.com/c/FFndKvdHZvC

/_ Bom Dia! prrsilva _\

Seus logs estão limpos!
Vamos remover as ferramentas utilizadas na desinfecção!
Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/delfix_108_zps75ef8ba4.jpg&key=b39e23e6b61919a1a815c38e03726a9072afe4f3d0095f800f63e2e4ac1f671e" alt="delfix_108_zps75ef8ba4.jpg" /> > ( ... de Xplode )

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/DelFix_Download_zpsb5d944c7.jpg&key=c11cd63c68a67a8bcd0443a3fe0e716fc51d8e7a80122a3b6bf3a92bc1cfea40" alt="DelFix_Download_zpsb5d944c7.jpg" />

Estando na página,clique em Download Now.
Salve-o em um local conveniente! ( desktop! )
Feche aplicativos que estejam abertos.

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_RCL_zpscdf4940b.jpg&key=445a21c4b466a62330035b9f4c21e594031045c85368f309c5eb1deb786c08f9" alt="DelFix_RCL_zpscdf4940b.jpg" />

Remover ferramentas de desinfecção
Criar backup do registro
Limpar pontos da restauração do sistema
Com estas caixinhas marcadas,clique Executar!
Reinicie o computador!
Tudo Ok?

A+

Boa noite, DigRam

segue relatório da ferramenta de desinfecção

http://www.cjoint.com/c/FFoaKqyCzX0

>
Boa noite, DigRam

segue relatório da ferramenta de desinfecção

http://www.cjoint.com/c/FFoaKqyCzX0

Obrigado pelo auxilio, espero contar c/vc sempre que necessário. Um grande abraço.

Caso Resolvido!

/applications/core/interface/imageproxy/imageproxy.php?img=http://8.t.imgbox.com/0sOlfRzv.jpg&key=c10cd8e1c5030022aaff8f509234ccec4df90c1a0daefa529492250dbd765b1d" alt="0sOlfRzv.jpg" />

Para sua Segurança!

Leia as dicas ou orientações contidas na Cartilha de Segurança para Internet.

Caso Resolvido!

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.