Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa noite, ao usar um programa baixado pela internet meu computador vem apresentando problemas como:
lentidão tambem janelas e navegadores abrem constantemente e sozinhos
já o edge abre com ---ografia
desktop alem de aparentar alongado na vertical aparece esbranquecido
letra dos atalhos se tornaram no formato de datilografia
e arquivos viraram atalhos.lmk
FRST
http://www.cjoint.com/c/GFAbv2TFOa8
Addition
http://www.cjoint.com/c/GFAbwSJeig8
No aguardo. muito Obrigado
Olá DigRam obrigado por responder
Desculpa a demora
tenho uma partição linux que eu somente tenho 6 segundos para escolher com qual sistema deve iniciar windows, se não inicia automaticamente inicia como linux, por isso tenho reboot´s dando errado em alguns pendrives.
o que acontece: meu pendrive não está reiniciando, pois havia um linux bootavel instalado nele, onde eu o apaguei, mas agora está infectando a maquina novamente pois não saiu os virus, por este motivo preciso desinstalar a repartição ubuntu como descrito neste site https://computadorcomwindows.com/2015/08/21/tutorial-como-remover-particoes-de-um-dispositivo-usb-pen-drive/
pois quando eu reinicio dou um reboot, pede para q remova o disco removivel com sistema operacional instalado farei isso.
porem faria isso se não tivesse apagado meus arquivos do pendrive, mas mesmo assim acusa como tendo um SO. Então eu deveria recolocar o SO novamente no pendrive, porem o que me impede é a .ISO que tenho está em formato .RAR e de acordo com este video eu deveria tira-lo mas depois de feito o processo não aparece o formato .ISO nem nada, como faço para tirar um formato .ISO do arquivo .rar? quero desinstalar o ubuntu tenho todos os arquivos para fazer um pendrive bootavel com o mesmo SO que havia instalado só não sei fazer um .RAR virar .ISO como no caso é o que eu deveria fazer de acordo com este video:
poderia me ajudar? pois quando termina o processo não aparece nada
ops:
_________________________________________________________________________________________________
Não consigo encontrar programa: Online Application (x32 Version: 2.6.0 - Microleaves)
para desistalaçao em painel controle> desinstalar ou alterer um programa. nem mesmo pela cortana.
existe um meio mais eficaz de encontrar um programa para sua desinstalação se é que este programa não esteja com o nome modificado ou alterado ou renomeado
_________________________________________________________________________________________________
De qualquer forma relatorio fixlog reboot no pendrive:
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-06-2017 01
Executado por Hakaz7 (29-06-2017 00:06:16) Run:1
Executando a partir de C:\Users\Hakaz7\Desktop
Perfis Carregados: Hakaz7 (Perfis Disponíveis: Hakaz7 & aldem)
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
start
CloseProcesses:
HKLM\...\Run: [Login] => C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe [5367296 2017-06-25] () <==== ATEN��O
HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DiskWMpower\DiskPower.exe [210432 2017-02-10] () <==== ATEN��O
HKLM\...\RunOnce: [OMEWPRODUCT_UJAYA] => C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe [340480 2017-06-25] (RW3N) <==== ATEN��O
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restri��o <==== ATEN��O
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [X44WUWTEZG7JBPE] => C:\Program Files\4PKCUNJOVT\HEQR3MPPU.exe [1040384 2017-06-25] (RW3N)
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [AIEXR79YGJQMP3I] => C:\Program Files\694ASJ82FT\694ASJ82F.exe [1040384 2017-06-25] (RW3N)
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [nfqu5xdln43] => C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe [8192 2017-06-25] ()
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [wsnoxgrylyi] => C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe [8192 2017-06-25] ()
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [0LNI83FHNYQ9GCY] => C:\Program Files\RLR47SCMCK\RLR47SCMC.exe [1040384 2017-06-25] (RW3N)
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [E1DU437K072Q4H7] => C:\Program Files (x86)\0skpobfw0eo\7F1D7.exe [1040384 2017-06-25] (RW3N)
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [YeaDesktop] => C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe [3513856 2017-06-13] () <==== ATEN��O
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [msiql] => C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe [2072576 2017-06-25] () <==== ATEN��O
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\...\Run: [{BEF52EAB-8493-F95E-1956-6E8C5FBC5B0C}] => C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe [117561 2017-05-13] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncShell.dll -> Nenhum Arquivo
S2 89798490c2b4d681479595f7b986c615; C:\Program Files\89798490c2b4d681479595f7b986c615\6fedccfacdec2958edd3d0f4f6a249a1.exe [1184768 2017-06-23] () [Arquivo n�o assinado] <==== ATEN��O
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2855152 2016-06-05] (Microsoft Corporation)
S2 egGetSvc; C:\Program Files (x86)\EagleGet\EGMonitor.exe [247464 2016-12-22] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 OtherSearch; C:\Program Files (x86)\ZBeAlTQs36\kl.dll [762368 2017-06-25] () [Arquivo n�o assinado] <==== ATEN��O
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-03-07] () <==== ATEN��O
R1 e9fbb8bffa005bf33fed2856825b190d; C:\WINDOWS\system32\drivers\e9fbb8bffa005bf33fed2856825b190d.sys [71536 2017-06-23] (KE84TD) <==== ATEN��O
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATEN��O
2017-06-25 19:04 - 2017-06-25 20:39 - 00002656 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore
2017-06-25 19:04 - 2017-06-25 20:39 - 00000322 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job
2017-06-25 19:04 - 2017-06-25 19:07 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater
2017-06-25 19:04 - 2017-06-25 19:06 - 00000486 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\Users\Todos os Usu�rios\service.exe
2017-06-25 19:04 - 2017-06-25 19:04 - 01623552 _____ C:\ProgramData\service.exe
2017-06-25 19:04 - 2017-06-25 19:04 - 00016802 _____ C:\WINDOWS\System32\Tasks\PrintsCouth
2017-06-25 19:04 - 2017-06-25 19:04 - 00003506 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\UCBrowser
2017-06-25 19:04 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\UCChannel
2017-06-25 19:03 - 2017-06-25 19:04 - 00000000 ____D C:\Program Files (x86)\YeaDesktop
2017-06-25 19:03 - 2017-06-25 19:03 - 00930816 _____ C:\Users\Hakaz7\AppData\Local\test_db_cara.db
2017-06-25 19:03 - 2017-06-25 19:03 - 00140800 _____ C:\Users\Hakaz7\AppData\Local\installer.dat
2017-06-25 19:03 - 2017-06-25 19:03 - 00011568 _____ C:\Users\Hakaz7\AppData\Local\InstallationConfiguration.xml
2017-06-25 19:03 - 2017-06-25 19:03 - 00001052 _____ C:\Users\Public\Desktop\magicdisk.lnk
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk
2017-06-25 19:03 - 2017-06-25 19:03 - 00000000 ____D C:\Program Files (x86)\mgdisk
2017-06-25 19:02 - 2017-06-25 19:06 - 00000410 _____ C:\WINDOWS\Tasks\Updater_Online_Application.job
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G3.job
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G2.job
2017-06-25 19:02 - 2017-06-25 19:06 - 00000378 _____ C:\WINDOWS\Tasks\Online Application V2G1.job
2017-06-25 19:02 - 2017-06-25 19:02 - 00003304 _____ C:\WINDOWS\System32\Tasks\Updater_Online_Application
2017-06-25 19:02 - 2017-06-25 19:02 - 00003296 _____ C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G3
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G2
2017-06-25 19:02 - 2017-06-25 19:02 - 00003268 _____ C:\WINDOWS\System32\Tasks\Online Application V2G1
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\WINDOWS\SysWOW64\SSL
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\Microleaves
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\AdvinstAnalytics
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files\89798490c2b4d681479595f7b986c615
2017-06-25 19:02 - 2017-06-25 19:02 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-06-25 18:59 - 2017-06-25 18:59 - 00002052 _____ C:\WINDOWS\System32\Tasks\O6dPumpAUx
2017-06-25 18:58 - 2017-06-25 19:11 - 00000000 ____D C:\Program Files (x86)\ZBeAlTQs36
2017-06-25 18:58 - 2017-06-25 18:59 - 00000002 _____ C:\END
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files\RLR47SCMCK
2017-06-25 18:58 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\DiskWMpower
2017-06-25 18:57 - 2017-06-25 18:58 - 00000000 ____D C:\Program Files (x86)\0skpobfw0eo
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\694ASJ82FT
2017-06-25 18:57 - 2017-06-25 18:57 - 00000000 ____D C:\Program Files\4PKCUNJOVT
2017-06-25 18:56 - 2017-06-25 18:56 - 00000000 ____D C:\Program Files (x86)\KMSPico
2017-06-25 18:51 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Desktop\KMSPico__Windows_10_Activator.mp4
2017-06-24 15:07 - 2017-06-24 15:07 - 10227008 _____ C:\Users\Hakaz7\Downloads\KMSPico__Windows_10_Activator.mp4
2017-06-25 18:56 - 2017-06-25 18:56 - 0061440 _____ (The Gentee Group) C:\Users\Hakaz7\AppData\Local\Temp\genteert.dll
2017-06-25 18:58 - 2017-06-25 18:58 - 0453383 _____ (WeMonetize ) C:\Users\Hakaz7\AppData\Local\Temp\S05G6B6.exe
2017-06-25 19:04 - 2017-03-07 10:44 - 00599440 _____ () C:\Program Files (x86)\UCBrowser\Application\UCService.exe
2017-06-25 19:04 - 2017-06-25 19:04 - 05367296 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe
2017-06-25 18:57 - 2017-06-25 18:57 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe
2017-06-25 18:58 - 2017-06-25 18:58 - 00008192 _____ () C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe
2017-06-25 19:03 - 2017-06-13 17:34 - 03513856 _____ () C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe
2017-06-25 19:04 - 2017-06-25 19:04 - 02072576 _____ () C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe
2017-06-25 19:04 - 2017-03-07 10:44 - 02150288 _____ () C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe
2017-05-13 00:38 - 2017-05-13 00:38 - 00117561 _____ () C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe
2017-06-25 20:00 - 2017-06-25 20:00 - 00481792 _____ () C:\WINDOWS\TEMP\gC0E1.tmp.exe
2017-06-25 20:00 - 2017-06-25 20:00 - 00460800 _____ () C:\WINDOWS\TEMP\gCB23.tmp.exe
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncShell64.dll => Nenhum Arquivo
CustomCLSID: HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64\FileSyncApi64.dll => Nenhum Arquivo
Task: {09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-04-18] (Microleaves) <==== ATEN��O
Task: {2B3D4C55-B27B-4266-8CC0-D449AC953618} - System32\Tasks\O6dPumpAUx => C:\Program Files (x86)\ZBeAlTQs36\updengine.exe [2017-06-25] () <==== ATEN��O
Task: {31514E56-53B7-4929-BDFA-92C5A4FF0702} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-06-25] (UC Web Inc.) <==== ATEN��O
Task: {58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} - System32\Tasks\PrintsCouth => Rundll32.exe "C:\Program Files\PrintsCouth\PrintsCouth.dll",bUjgdkEtA <==== ATEN��O
Task: {AA993382-ABE3-4686-AF3D-F26B0FE219EA} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATEN��O
Task: {B6B84572-80FD-403E-AAFC-D5BDA21495D5} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATEN��O
Task: {B8B826C3-E110-4C85-845F-D8E70B51CBE7} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATEN��O
Task: {BE4A6AE7-1342-466F-8250-46DF14D45C07} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe [2017-02-07] (Microleaves LTD) <==== ATEN��O
Task: {D30C4AF5-8775-40AC-84EF-E353332925FC} - System32\Tasks\89798490c2b4d681479595f7b986c615 => sc start 89798490c2b4d681479595f7b986c615 <==== ATEN��O
Task: {F323D747-D4A8-4462-AD3A-B99AA23FC9E4} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-03-07] (UCWeb Inc) <==== ATEN��O
Task: C:\WINDOWS\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATEN��O
Task: C:\WINDOWS\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATEN��O
Task: C:\WINDOWS\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATEN��O
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATEN��O
Task: C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATEN��O
Task: C:\WINDOWS\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATEN��O
WMI_ActiveScriptEventConsumer_ASEC: <==== ATEN��O
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk -> C:\Program Files\Nightly\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://www.yeadesktop.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yeadesktop.com/
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [25444]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1498914]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1223458]
FirewallRules: [UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe
FirewallRules: [TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe] => (Allow) C:\users\hakaz7\desktop\u1504.exe
FirewallRules: [{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{E397A2C9-41F9-4C86-B2D0-043A9B6120BA}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{500A9256-49D3-4BAC-AEB9-4B1EE56300F8}] => (Allow) C:\Program Files\Nightly\firefox.exe
C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe
C:\Program Files (x86)\DiskWMpower\DiskPower.exe
C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe
C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe
C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe
C:\users\hakaz7\desktop\u1504.exe
C:\ProgramData\service.exe
C:\Users\Todos os Usu�rios\service.exe
CreateRestorePoint:
EmptyTemp:
Reboot:
end
*****************
Processos fechados com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Login => valor removido (a) com sucesso.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DiskPower => valor não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OMEWPRODUCT_UJAYA => valor não encontrado (a).
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\X44WUWTEZG7JBPE => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AIEXR79YGJQMP3I => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\nfqu5xdln43 => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wsnoxgrylyi => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\0LNI83FHNYQ9GCY => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\E1DU437K072Q4H7 => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YeaDesktop => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\msiql => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{BEF52EAB-8493-F95E-1956-6E8C5FBC5B0C} => valor removido (a) com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a).
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave não encontrado (a).
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => chave removido (a) com sucesso.
HKLM\Software\Wow6432Node\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave não encontrado (a).
89798490c2b4d681479595f7b986c615 => serviço não encontrado (a).
ClickToRunSvc => Não foi possível finalizar o serviço.
HKLM\System\CurrentControlSet\Services\ClickToRunSvc => chave removido (a) com sucesso.
ClickToRunSvc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\egGetSvc => chave removido (a) com sucesso.
egGetSvc => serviço removido (a) com sucesso.
HKLM\System\CurrentControlSet\Services\MBAMService => chave removido (a) com sucesso.
MBAMService => serviço removido (a) com sucesso.
OtherSearch => serviço não encontrado (a).
HKLM\System\CurrentControlSet\Services\UCBrowserSvc => chave removido (a) com sucesso.
UCBrowserSvc => serviço removido (a) com sucesso.
e9fbb8bffa005bf33fed2856825b190d => serviço não encontrado (a).
ucdrv => Não foi possível finalizar o serviço.
HKLM\System\CurrentControlSet\Services\ucdrv => chave removido (a) com sucesso.
ucdrv => serviço removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => movido com sucesso
C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => movido com sucesso
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => movido com sucesso
C:\WINDOWS\Tasks\UCBrowserUpdater.job => movido com sucesso
C:\Users\Todos os Usuários\service.exe => movido com sucesso
"C:\ProgramData\service.exe" => não encontrado (a).
C:\WINDOWS\System32\Tasks\PrintsCouth => movido com sucesso
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => movido com sucesso
C:\Users\Hakaz7\AppData\Local\UCBrowser => movido com sucesso
"C:\Program Files (x86)\UCBrowser" pasta mover:
Não pode ser movido "C:\Program Files (x86)\UCBrowser" => Agendado para ser movido na reinicialização.
C:\Users\Hakaz7\AppData\Roaming\UCChannel => movido com sucesso
"C:\Program Files (x86)\YeaDesktop" => não encontrado (a).
C:\Users\Hakaz7\AppData\Local\test_db_cara.db => movido com sucesso
C:\Users\Hakaz7\AppData\Local\installer.dat => movido com sucesso
C:\Users\Hakaz7\AppData\Local\InstallationConfiguration.xml => movido com sucesso
C:\Users\Public\Desktop\magicdisk.lnk => movido com sucesso
C:\Users\Public\Documents\XMUpdate => movido com sucesso
C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk => movido com sucesso
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YeaDesktop" => não encontrado (a).
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mgdisk => movido com sucesso
C:\Program Files (x86)\mgdisk => movido com sucesso
C:\WINDOWS\Tasks\Updater_Online_Application.job => movido com sucesso
C:\WINDOWS\Tasks\Online Application V2G3.job => movido com sucesso
C:\WINDOWS\Tasks\Online Application V2G2.job => movido com sucesso
C:\WINDOWS\Tasks\Online Application V2G1.job => movido com sucesso
C:\WINDOWS\System32\Tasks\Updater_Online_Application => movido com sucesso
C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 => movido com sucesso
C:\WINDOWS\System32\Tasks\Online Application V2G3 => movido com sucesso
C:\WINDOWS\System32\Tasks\Online Application V2G2 => movido com sucesso
C:\WINDOWS\System32\Tasks\Online Application V2G1 => movido com sucesso
C:\WINDOWS\SysWOW64\SSL => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\Microleaves => movido com sucesso
C:\Users\Hakaz7\AppData\Local\AdvinstAnalytics => movido com sucesso
"C:\Program Files\89798490c2b4d681479595f7b986c615" => não encontrado (a).
C:\Program Files (x86)\Microleaves => movido com sucesso
C:\WINDOWS\System32\Tasks\O6dPumpAUx => movido com sucesso
C:\Program Files (x86)\ZBeAlTQs36 => movido com sucesso
C:\END => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu => movido com sucesso
C:\Program Files\RLR47SCMCK => movido com sucesso
C:\Program Files (x86)\DiskWMpower => movido com sucesso
C:\Program Files (x86)\0skpobfw0eo => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf => movido com sucesso
C:\Program Files\694ASJ82FT => movido com sucesso
C:\Program Files\4PKCUNJOVT => movido com sucesso
C:\Program Files (x86)\KMSPico => movido com sucesso
C:\Users\Hakaz7\Desktop\KMSPico__Windows_10_Activator.mp4 => movido com sucesso
C:\Users\Hakaz7\Downloads\KMSPico__Windows_10_Activator.mp4 => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Temp\genteert.dll => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Temp\S05G6B6.exe => movido com sucesso
C:\Program Files (x86)\UCBrowser\Application\UCService.exe => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe => movido com sucesso
"C:\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe" => não encontrado (a).
"C:\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe" => não encontrado (a).
"C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe" => não encontrado (a).
C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe => movido com sucesso
"C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\UCAgent.exe" => não encontrado (a).
"C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe" => não encontrado (a).
C:\WINDOWS\TEMP\gC0E1.tmp.exe => movido com sucesso
"C:\WINDOWS\TEMP\gCB23.tmp.exe" => não encontrado (a).
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => chave removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09A0DB44-E3A4-4CFC-88EA-91F03F43EE96} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Updater_Online_Application => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater_Online_Application => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2B3D4C55-B27B-4266-8CC0-D449AC953618} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B3D4C55-B27B-4266-8CC0-D449AC953618} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\O6dPumpAUx => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\O6dPumpAUx => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{31514E56-53B7-4929-BDFA-92C5A4FF0702} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31514E56-53B7-4929-BDFA-92C5A4FF0702} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserSecureUpdater => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58EEAD2C-1FD8-4B21-9AC0-8289CECF37B1} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\PrintsCouth => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PrintsCouth => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA993382-ABE3-4686-AF3D-F26B0FE219EA} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA993382-ABE3-4686-AF3D-F26B0FE219EA} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application V2G2 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G2 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6B84572-80FD-403E-AAFC-D5BDA21495D5} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6B84572-80FD-403E-AAFC-D5BDA21495D5} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application V2G3 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G3 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8B826C3-E110-4C85-845F-D8E70B51CBE7} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8B826C3-E110-4C85-845F-D8E70B51CBE7} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdaterCore => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BE4A6AE7-1342-466F-8250-46DF14D45C07} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE4A6AE7-1342-466F-8250-46DF14D45C07} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\Online Application V2G1 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Online Application V2G1 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{D30C4AF5-8775-40AC-84EF-E353332925FC} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D30C4AF5-8775-40AC-84EF-E353332925FC} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\89798490c2b4d681479595f7b986c615 => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\89798490c2b4d681479595f7b986c615 => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F323D747-D4A8-4462-AD3A-B99AA23FC9E4} => chave removido (a) com sucesso.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F323D747-D4A8-4462-AD3A-B99AA23FC9E4} => chave removido (a) com sucesso.
C:\WINDOWS\System32\Tasks\UCBrowserUpdater => não encontrado (a).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UCBrowserUpdater => chave removido (a) com sucesso.
C:\WINDOWS\Tasks\Online Application V2G1.job => não encontrado (a).
C:\WINDOWS\Tasks\Online Application V2G2.job => não encontrado (a).
C:\WINDOWS\Tasks\Online Application V2G3.job => não encontrado (a).
C:\WINDOWS\Tasks\UCBrowserUpdater.job => não encontrado (a).
C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job => não encontrado (a).
C:\WINDOWS\Tasks\Updater_Online_Application.job => não encontrado (a).
WMI_ActiveScriptEventConsumer_ASEC: <==== ATENÇÃO => removido (a) com sucesso.
C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Inicializador de aplicativos do Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Atalho argumento removido (a) com sucesso..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Public\Desktop\Google Chrome.lnk => Atalho argumento removido (a) com sucesso..
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Atalho argumento removido (a) com sucesso..
C:\WINDOWS\system32\drivers => ":ucdrv-x64.sys" ADS removido (a) com sucesso..
C:\WINDOWS\system32\drivers => ":x64" ADS removido (a) com sucesso..
C:\WINDOWS\system32\drivers => ":x86" ADS removido (a) com sucesso..
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2173846D-BE62-4434-BAC0-2B5C666DBB60}C:\users\hakaz7\desktop\u1504.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C901EC6-9AC6-4C79-AE1F-E7A0BB4FC635}C:\users\hakaz7\desktop\u1504.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F6AB5A9-2C0A-4298-9444-50E2AA16F76F} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E397A2C9-41F9-4C86-B2D0-043A9B6120BA} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE6F9839-9CC3-4226-AF12-E1B67F2C41C9} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{500A9256-49D3-4BAC-AEB9-4B1EE56300F8} => valor removido (a) com sucesso.
"C:\Users\Hakaz7\AppData\Local\Temp\00023593\conhost.exe" => não encontrado (a).
"C:\Program Files (x86)\DiskWMpower\DiskPower.exe" => não encontrado (a).
"C:\Program Files (x86)\0skpobfw0eo\GUZCOETY26GISDY.exe" => não encontrado (a).
"C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe" => não encontrado (a).
"C:\Users\Hakaz7\AppData\Local\Temp\00023550\msiql.exe" => não encontrado (a).
C:\users\hakaz7\desktop\u1504.exe => movido com sucesso
"C:\ProgramData\service.exe" => não encontrado (a).
"C:\Users\Todos os Usuários\service.exe" => não encontrado (a).
Ponto de Restauração criado com sucesso.
=========== EmptyTemp: ==========
BITS transfer queue => 7745088 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 170884552 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 175595466 B
Edge => 3629331 B
Chrome => 516531349 B
Firefox => 48206584 B
Opera => 219745650 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 24963 B
systemprofile32 => 128 B
LocalService => 54122 B
NetworkService => 71794 B
Hakaz7 => 508654752 B
aldem => 1449418 B
RecycleBin => 1096 B
EmptyTemp: => 1.5 GB de dados temporários Removidos.
================================
Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 29-06-2017 00:15:59)
"C:\Program Files (x86)\UCBrowser" => Não pode ser movido
==== Fim de Fixlog 00:16:02 ====/_ Boa Noite! Aldemir Pinheiro _\
> Somente poderei ajudá-lo em situações que envolvam malwares,que é o objetivo desta sala.
> Baixe: < RogueKiller_portable32 > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/RogueKiller_Logo.jpg&key=99f754ad8ac3afe28f2674c5df4045eed7cd3d0d73384947ed6af1127ec30157" class="ipsImage" alt="RogueKiller_Logo.jpg" /> > ( ... by Adlice Software ) ( 32 bits version )
> Baixe: < RogueKiller_portable64 > < /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/ablsEVeT.jpg&key=ebe62f6e6b003c3e23d8db0ff92a90e81df2d7816af5fecaeb9b0fd72c8fa9e7" class="ipsImage" alt="ablsEVeT.jpg" /> > ( ... by Adlice Software ) ( 64 bits version )
> Salve-o ao desktop!
> Feche aplicativos que estejam abertos!
> Execute RogueKiller_portable32.exe ou RogueKiller_portable64.exe e aceite a Eula.
>
http://www.adlice.com/thanks-downloading-roguekiller/
> Feche esta página da Adlice Software,que lhe abre ao navegador.
> Ps: Se o "Filtro SmartScreen",do navegador IE,bloquear o anti-malware,clique em "Mais informações".
> À seguir,clique: "Executar de qualquer maneira"
> Clique na guia "SCAN" >> "Start Scan".
> Aguarde a conclusão!
> Clique "Open Report" >> "Open TXT".
> Copie e poste o relatório! (Modo: Escanear)
[Abs]
>
17 horas atrás, DigRam disse:
/_ Boa Noite! Aldemir Pinheiro _\
> Somente poderei ajudá-lo em situações que envolvam malwares,que é o objetivo desta sala.
pode me dizer onde consigo informações a respeito de problemas no qual já foi sitado por mim ou onde encontrar ajuda a perguntas básicas ou quais salas são adequadas para este tipo de assunto principalmente para um principiante como eu?
pq ficar procurando no youtube é um tiro no escuro.
só pra constar: navegador edge abre automaticamente inumeros e sites mesmo sem conecção com a internet
________________________________________________________________________________________________________________
RogueKiller:
_________________________________________________________________________________________________________________
RogueKiller V12.11.4.0 (x64) [Jun 26 2017] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : Hakaz7 [Administrador]
Started from : C:\Users\Hakaz7\Desktop\RogueKiller_portable64.exe
Modo : Escanear -- Data : 06/30/2017 14:44:34 (Duration : 00:54:01)
¤¤¤ Processos : 7 ¤¤¤
[Proc.Injected] explorer.exe(2992) -- C:\WINDOWS\explorer.exe[7] -> Encontrado
[Suspicious.Path] 1xxqi5i4d4p.exe(5084) -- C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe[-] -> Encontrado
[Suspicious.Path] vj0qppnix0s.exe(5144) -- C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe[-] -> Encontrado
[Adw.Wizzcaster] 413UK2YQ5.exe(5224) -- C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe[-] -> Encontrado
[Suspicious.Path] g5yau5p535c.exe(5236) -- C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe[-] -> Encontrado
[Adw.Wizzcaster] K98SCZW5C.exe(5624) -- C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe[-] -> Encontrado
[PUP.UCBrowser] (SVC) ucdrv -- \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys[7] -> Encontrado
¤¤¤ Registro : 38 ¤¤¤
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Encontrado
[PUP.OnlineIO] (X86) HKEY_LOCAL_MACHINE\Software\Microleaves -> Encontrado
[PUP.OtherSearch|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\OtherSearch -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\UCBrowserPID -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\.DEFAULT\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Installer -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowserPID -> Encontrado
[Adw.Sokuxuan] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\YeaDesktop -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Installer -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Encontrado
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowserPID -> Encontrado
[Adw.Sokuxuan] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\YeaDesktop -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Encontrado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-18\Software\UCBrowser -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 3v01hnawfvt : "C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj\g5zb2q2gx3a.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 0xro0ptlrzv : "C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj\pkghddf0hlo.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | daikrzkppxy : "C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e\g535xe2lo02.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | ggiblzdfwv1 : "C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop\cz1qwc0wjes.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | uc2zbx2dqbu : "C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3\0tcets4rqji.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | d3wtulpy20p : "C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | z13law2el1c : "C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe" [-] -> Encontrado
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | xvfe0x4jyk5 : "C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 3v01hnawfvt : "C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj\g5zb2q2gx3a.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | 0xro0ptlrzv : "C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj\pkghddf0hlo.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | daikrzkppxy : "C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e\g535xe2lo02.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | ggiblzdfwv1 : "C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop\cz1qwc0wjes.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | uc2zbx2dqbu : "C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3\0tcets4rqji.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | d3wtulpy20p : "C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | z13law2el1c : "C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe" [-] -> Encontrado
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Run | xvfe0x4jyk5 : "C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe" [-] -> Encontrado
[PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ucdrv (\??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X]) -> Encontrado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{225009b3-5eee-4ba0-960b-97377dcf2249} | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X]) -> Encontrado
[PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {94632381-B65E-4552-8059-C9C64450C04D} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe|Name=è¿?é?·äº?å? é??å¼?æ?¾å¹³å°|Desc=è¿?é?·äº?å? é??å¼?æ?¾å¹³å°| [x] -> Encontrado
[PUP.UCBrowser] (X86) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9} | StubPath : "C:\Program Files (x86)\UCBrowser\Application\6.1.2107.204\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --wow-install-target-path="C:\Program Files (x86)\UCBrowser" [x] -> Encontrado
¤¤¤ Tarefas : 1 ¤¤¤
[PUP.UCBrowser] \UCBrowserSecureUpdater -- "C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe" (--update-config) -> Encontrado
¤¤¤ Arquivos : 6 ¤¤¤
[PUP.OnlineIO|PUP.Gen0][Pasta] C:\ProgramData\Microleaves -> Encontrado
[Ads.Generic|Hidden.ADS][Stream] C:\WINDOWS\System32\drivers:ucdrv-x64.sys -> Encontrado
[Ads.Generic|Hidden.ADS][Stream] C:\WINDOWS\System32\drivers:x64 -> Encontrado
[Ads.Generic|Hidden.ADS][Stream] C:\WINDOWS\System32\drivers:x86 -> Encontrado
[PUP.OnlineIO|PUP.Gen0][Pasta] C:\ProgramData\Microleaves -> Encontrado
[PUP.UCBrowser][Pasta] C:\Program Files (x86)\UCBrowser -> Encontrado
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Arquivos de hosts : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
¤¤¤ Navegadores : 0 ¤¤¤
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ +++++
--- User ---
[MBR] 697b9a7974949dcb254cac2251b57da7
[BSP] e32eb9ff587e78f4eecfaf0fb4d0c9ee : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 406614 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 832954366 | Size: 69773 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Seagate Expansion SCSI Disk Device +++++
--- User ---
[MBR] 28375214bf2efb974f53181af2f8db89
[BSP] 8bee9f484750d1919fa4256a17b2d457 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Função incorreta. )
+++++ PhysicalDrive2: Kingston DataTraveler C10 USB Device +++++
--- User ---
[MBR] a6fdc9e7353332f91bc51b303e048a9a
[BSP] a6efef6bee52c10cb8670af040e060f3 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x69) [VISIBLE] Offset (sectors): 1917127181 | Size: 820717 MB
1 - [XXXXXX] UNKNOWN (0xff) [VISIBLE] Offset (sectors): 1936942450 | Size: 830925 MB
2 - [XXXXXX] UNKNOWN (0x6c) [VISIBLE] Offset (sectors): 1768256047 | Size: 863341 MB
3 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 2885681152 | Size: 26 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )/_ Boa Noite! Aldemir Pinheiro _\
> Ao executar novamente a RogueKiller,você clicará em "Remove Selected".
> Ps: Nisto,é importante que ao acessar as guias,as caixinhas estejam marcadas!
> Clique "Finish" >> "Open Report" >> "Open TXT".
> Agora,teremos o log apresentando a(s) remoções efetuadas! (Modo: Deletar)
> Copie-o e poste o relatório!
http://www.hardware.com.br/comunidade/area/seguranca-debates-duvidas-dicas-etc.59/
> Quanto a pergunta sobre a sala em questão,recomendo o acesso ao GdH neste link àcima. Se o Komm lhe atender,suas chances de êxito serão elevadas.
[Abs]
fiz o Start scan, marquei as caixinhas, haviam muitas mas, percebi que não havia incluido pendrives e HD Externo forçando a parada de remoção por desligamento do pc.
liguei o computador, fiz um novo scan quando foi para marcar as caixinhas o numero diminuiu substancialmente (me pergunto: como se não houve remoção?) tudo bem! log de remoção atual:
RogueKiller V12.11.4.0 (x64) [Jun 26 2017] (Free) por Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Site : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Sistema Operacional : Windows 10 (10.0.14393) 64 bits version
Iniciou : Modo normal
Usuário : Hakaz7 [Administrador]
Started from : C:\Users\Hakaz7\Desktop\RogueKiller_portable64.exe
Modo : Deletar -- Data : 07/01/2017 17:54:44 (Duration : 00:52:54)
¤¤¤ Processos : 4 ¤¤¤
[Proc.Injected] explorer.exe(3216) -- C:\WINDOWS\explorer.exe[7] -> Interrompido [TermProc]
[Adw.Wizzcaster] 413UK2YQ5.exe(4688) -- C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe[-] -> Interrompido [TermProc]
[Adw.Wizzcaster] K98SCZW5C.exe(4712) -- C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe[-] -> Interrompido [TermProc]
[PUP.UCBrowser] (SVC) ucdrv -- \??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys[7] -> ERROR [41c]
¤¤¤ Registro : 5 ¤¤¤
[PUP.UCBrowser|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Deletado
[PUP.UCBrowser|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\UCBrowser -> Deletado
[PUP.UCBrowser] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ucdrv (\??\C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys) -> Deletado
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X]) -> Substituído ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{225009b3-5eee-4ba0-960b-97377dcf2249} | DhcpNameServer : 200.189.80.124 200.189.80.110 ([X][X]) -> Substituído ()
¤¤¤ Tarefas : 0 ¤¤¤
¤¤¤ Arquivos : 1 ¤¤¤
[PUP.UCBrowser][Pasta] C:\Program Files (x86)\UCBrowser -> Removido na reinicialização [91]
[PUP.UCBrowser][Pasta] C:\Program Files (x86)\UCBrowser\Security -> Removido na reinicialização [20]
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Arquivos de hosts : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤
¤¤¤ Navegadores : 0 ¤¤¤
¤¤¤ Verificação da MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ +++++
--- User ---
[MBR] 697b9a7974949dcb254cac2251b57da7
[BSP] e32eb9ff587e78f4eecfaf0fb4d0c9ee : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 406614 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 832954366 | Size: 69773 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: General USB Flash Disk USB Device +++++
--- User ---
[MBR] 357be95f00767e161449bcfa4f62daf5
[BSP] 9f23b466890e4b2c215f028c2e31a450 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 7650 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Não há suporte para o pedido. )
/_ Boa Noite! Aldemir Pinheiro _\
Se em um novo scan as detecções foram menores,isto deve-se ao uso de algum software de limpeza,reduzindo o número destas detecções.
> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/My%2520Tools%25204/ZHPCleaner_zps71d274df.jpg&key=dfc2cbaf1226075546950032c506270c0439c57203ca7c527f7221c835e7cf3f" class="ipsImage" alt="ZHPCleaner_zps71d274df.jpg" /> > ( /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/6LcRokv.jpg&key=4684c965737c18f7476fe10aa0d12f9a5f0279583460e462d3bcad9875ed3ea0" class="ipsImage" alt="6LcRokv.jpg" /> ... de Nicolas Coolman )
> Ou |Aqui!| << Mirror!
> Estando na página,clique
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/7ukwnm8.jpg&key=411680a7552ecf5560e81caa8178fc7cb71e09190a8cbd96b9b9f256cdfd3139" class="ipsImage" alt="7ukwnm8.jpg" />
> Salve-a no desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/psizeTv.jpg&key=1c335172bd8813ee2a17270ffc592714466fd22e6a0d02e01289ff5a950048d6" class="ipsImage" alt="psizeTv.jpg" />
> Clique "Eu".
> Clique Scanner.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/ljOOETD.jpg&key=17f616a66a0ac1f98d58b7ad72fc71eb684f7e9613c302777e420d4af6d64274" class="ipsImage" alt="ljOOETD.jpg" />
> Aguarde a conclusão!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/9g2LW3p.jpg&key=0e1bebfae36cbb4c260bebf282446e492aa1234bbb6cdf835ba00e03c61990c3" class="ipsImage" alt="9g2LW3p.jpg" />
> Ao concluir,clique Reparar.
> Surgirão guias que estarão em vermelho,indicando problemas a serem reparados.
> Clique Reparar.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/fN86PG8.jpg&key=0627b2d6ba9a8d38506700f60ee02989c4346b5b8c2a5f812deb142e1dc5d4dd" class="ipsImage" alt="fN86PG8.jpg" />
> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo
[Abs]
Oi DigRam! tudo bem?
Durante a verificação do ZHPCleaner o programa me perguntou se eu instalei uma numeração de server. não sei o que é server mas confirmei que sim
não sei dizer se essa minha posição foi correta. numa próxima verificação eu confirmo ou deixo de confirmar se instalei uma numeração de server? (pq eu não sei ao menos oque seja numeração nem server). Qual seu conselho: confirmo ou não?
log ZHPCleaner
----------------------------------------------------------------------------------------------------------------------------------------------------------
~ ZHPCleaner v2017.7.2.113 by Nicolas Coolman (2017/07/02)
~ Run by Hakaz7 (Administrator) (02/07/2017 21:35:25)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparo
~ Report : C:\Users\Hakaz7\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Hakaz7\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit (Build 14393)
---\\ Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.
---\\ Navegadores de Internet (3)
SUBSTITUIDO IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant [http://www.ourluckysites.com/search/?type=ds&ts=1492614365&z=823f5a8f46c5a000f42[...]] =>Hijacker.OurLuckySites
SUBSTITUIDO IE Params: HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch [http://www.ourluckysites.com/search/?type=ds&ts=1492614365&z=823f5a8f46c5a000f42[...]] =>Hijacker.OurLuckySites
SUBSTITUIDO TaskBar: C:\Users\Hakaz7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk [Bad : --load-extension="C:\Users\Hakaz7\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" [http://www.yeadesktop.com/](..)](http://www.yeadesktop.com/%5D(..)) =>PUP.Optional.Zusy
---\\ Arquivo hosts (19)
SUBSTITUIDO: 127.0.0.1 gf.tools.avast.com
SUBSTITUIDO: 127.0.0.1 pair.ff.avast.com
SUBSTITUIDO: 127.0.0.1 ipm-provider.ff.avast.com
SUBSTITUIDO: 127.0.0.1 id.avast.com
SUBSTITUIDO: 127.0.0.1 v4618535.iavs9x.u.avast.com
SUBSTITUIDO: 127.0.0.1 v4618535.ivps9x.u.avast.com
SUBSTITUIDO: 127.0.0.1 v4618535.ivps9tiny.u.avast.com
SUBSTITUIDO: 127.0.0.1 v4618535.vpsnitro.u.avast.com
SUBSTITUIDO: 127.0.0.1 v4618535.vpsnitrotiny.u.avast.com
SUBSTITUIDO: 127.0.0.1 v4618535.iavs5x.u.avast.com
SUBSTITUIDO: 127.0.0.1 v7.stats.avast.com
SUBSTITUIDO: 127.0.0.1 v7event.stats.avast.com
SUBSTITUIDO: 127.0.0.1 sm00.avast.com
SUBSTITUIDO: 127.0.0.1 submit5.avast.com
SUBSTITUIDO: 127.0.0.1 geoip.avast.com
SUBSTITUIDO: 127.0.0.1 w9448963.iavs9x.u.avast.com
SUBSTITUIDO: 127.0.0.1 w9448963.ivps9x.u.avast.com
SUBSTITUIDO: 127.0.0.1 w9448963.ivps9tiny.u.avast.com
Número de redirecionamentos encontrados 361/394
---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.
---\\ Explorer ( Arquivos, Pastas) (12)
MOVIDO pasta: C:\Users\Hakaz7\Desktop\KMSpico_patch - Atalho.lnk [Bad : C:\Users\Hakaz7\Downloads\KMSpico_patch](.Secure Download Ltd..) =>HackTool.KMSpico
MOVIDO pasta^: C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [UC Web Inc. - UCBrowser Security Driver] =>.Superfluous.UCBrowser
MOVIDO pasta: C:\WINDOWS\Prefetch\KMSPICO 10.2.1.EXE-DDF5CF46.pf =>HackTool.KMSpico
MOVIDO pasta: C:\WINDOWS\Prefetch\KMSPICO10.2.1__11516_IL16.EXE-37BA0FD8.pf =>HackTool.KMSpico
MOVIDO pasta: C:\WINDOWS\Prefetch\KMSPICO_PATCH.EXE-64F51FC8.pf =>HackTool.KMSpico
MOVIDO pasta: C:\WINDOWS\Prefetch\YEADESKTOP.EXE-2B22185B.pf =>PUP.Optional.Zusy
MOVIDO pasta: C:\WINDOWS\Prefetch\YEADESKTOP3.TMP-AA051ED6.pf =>PUP.Optional.Zusy
MOVIDO pasta: C:\Users\Hakaz7\Desktop\KMSpico_patch [Secure Download Ltd. - SoftPlanet Software Assistant Setup] =>HackTool.KMSpico
MOVIDO pasta: C:\Users\Hakaz7\Downloads\KMSPico 10.2.1.iso =>HackTool.KMSpico
MOVIDO pasta: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage =>PUP.Optional.Chatango
MOVIDO pasta: C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_st.chatango.com_0.localstorage-journal =>PUP.Optional.Chatango
MOVIDO arquivo*: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\UCBrowser =>.Superfluous.UCBrowser
---\\ Registro ( Chaves, Valores, Dados ) (58)
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 [Comodo Security] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB [F-Secure] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 [FRISK] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE [Bitdefender] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF [G-Data] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 [Malwarebytes] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF [Symantec] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 [Trend Micro] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 [Webroot] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A [SUPERAntiSpyware] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F [Kaspersky] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC [AVG Technologies] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 [PC Tools] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 [K7 Computing] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF [Doctor Web] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF [Emsisoft] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C [CheckPoint] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D [Emsisoft] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E [K7 Computing] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 [BullGuard] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF [McAfee] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB [Comodo Security] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF [McAfee] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E [Adaware Software] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 [Safer Networking] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 [Webroot] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 [ThreatTrack] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 [CurioLab] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 [Avira Operations] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 [BullGuard] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F [ESET] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 [AVG Technologies] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F [Avast Software] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 [Symantec] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 [Malwarebytes] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 [Trend Micro] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 [Kaspersky] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 [ThreatTrack] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA [Avast Software] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 [Total Defense] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF [AVG Technologies] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 [Bitdefender] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 [ESET] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A [Panda Security] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 [Doctor Web] =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\ucdrv [C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys] =>.Superfluous.UCBrowser
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\televisionfanatic.com [] =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\wdata.televisionfanatic.com [] =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.yeadesktop.com [] =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\yeadesktop.com [] =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\televisionfanatic.com [] =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\wdata.televisionfanatic.com [] =>.Superfluous.TelevisionFanatic
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.yeadesktop.com [168] =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\yeadesktop.com [] =>PUP.Optional.Zusy
SUPRIMIDO chave*: HKCU\Software\undefined [] =>.Superfluous.Downloader
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23E4C6D00564386418B357E6097ECF3E [02:\Software\Microleaves\ (Not File)] =>.Superfluous.Microleaves
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\ourluckysitesSoftware [] =>Hijacker.OurLuckySites
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1} [Microleaves] =>.Superfluous.Microleaves
---\\ Resumo dos elementos encontrados na sua estação de trabalho (9)
[https://nicolascoolman.eu/2017/05/16/hijacker-ourluckysites/](https://nicolascoolman.eu/2017/05/16/hijacker-ourluckysites/) =>Hijacker.OurLuckySites
[https://www.anti-malware.top/2016/05/17/adware-zusy/](https://www.anti-malware.top/2016/05/17/adware-zusy/) =>PUP.Optional.Zusy
[https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/](https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/) =>HackTool.KMSpico[https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/](https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/) =>PUP.Optional.Chatango
[https://nicolascoolman.eu/2017/06/26/trojan-certlock/](https://nicolascoolman.eu/2017/06/26/trojan-certlock/) =>PUM.Misplaced.Certificate---\\ Dodatkowe oczyszczenie. (29)
~ Chave de registro Tracing Supprimido (29)
~ Remover os relatórios antigos ZHPCleaner. (0)
---\\ Resultado de reparação
Reparação efectuada com sucesso
~ O sistema foi reiniciado.
---\\ Estatísticas
~ Items scan : 1546
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 434
~ End of clean in 00h01mn37s
~====================
ZHPCleaner-[R]-02072017-21_37_02.txt
ZHPCleaner--02072017-21_30_12.txt
/_ Bom Dia! Aldemir Pinheiro _\
Quanto a pergunta que me fez,a ZHPCleaner lhe deu a opção de remover alterações ao DhcpNameServer. De certa forma,ela foi promovida pela RogueKiller que a detectou como PUM.Dns. A sua concordância foi correta,mesmo não havendo correções pois a RogueKiller, nestes casos,costuma alertar para alguns Falsos Positivo.
> Baixe: < UsbFix >
> Ps: Utilize o navegador Internet Explorer,para o download.
> Salve-a ao desktop!
> Mantenha seu pendrive conectado ao PC.
> Abra a ferramenta UsbFix e dentre as opções escolha a limpeza. (Clean)
> Poste o relatório ao concluir!
[Abs]
bom dia DigRam
obrigado pela resposta sanou minhas duvidas, obrigado.
log UsbFix
__________________________________________________________________
############################## | UsbFix V 9.058 | [Limpar]
Usuário: Hakaz7 (Administrador) # ADMINISTRADOR
Atualizado em 03/07/2017 por SOSVirus
Começou em 12:07:33 | 03/07/2017
Site : https://www.usb-antivirus.com/pt/
Manual : https://www.usb-antivirus.com/pt/2014/03/tutorial-do-usbfix-scan/
Asistencia : https://www.sosvirus.net/es/
Detecção en vivo : https://www.usbfix.net/es/
Contato : https://www.usb-antivirus.com/pt/contato/
################## | System information |
MB: Hewlett-Packard (1493)
CPU: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
GC: Intel(R) B43 Express Chipset (Microsoft Corporation - WDDM 1.1)
RAM -> [Total : 2009 Mo | Free : 462 Mo]
Bios: Hewlett-Packard
Boot: Normal boot
OS: Microsoft™ Windows 10 Pro (6.3.14393 64-Bit)
WB: Internet Explorer : 11.00.14393.0
WB: Microsoft Edge : 11.00.14393.1358 (rs1_release.170602-2252)
WB: Google Chrome : 59.0.3071.115
WB: Mozilla Firefox : 41.0.2
WB: Opera : 46.0.2597.32
################## | Security Information |
AV: Windows Defender [Ativo |Atualizado]
AS: Windows Defender [Ativo |Atualizado]
AS: Malwarebytes Anti-Malware : 2.1.8.1057
FW: Windows Firewall [Ativo]
SC: Security Center [Ativo]
WU: Windows Update [Ativo]
**################## | Disk Information |**
C:\ (%SystemDrive%) -> Disco fixo # 397 Gb (55 Gb livre - 14%) [] # NTFS
E:\ -> Disco fixo # 932 Gb (454 Gb livre - 49%) [Seagate Expansion Drive] # NTFS
G:\ -> Disco removível # 2 Gb (2 Gb livre - 100%) [] # FAT32
**################## | Procura genérica |**################## | Startup |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\System32\Userinit.exe,
04 - HKCU\..\Run : [OneDrive] "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Hakaz7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKCU\..\Run : [EU5RVEXBWBCD1HU] "C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe"
04 - HKCU\..\Run : [QA88O0040CCVATA] "C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe"
04 - HKCU\..\RunOnce : [Uninstall C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
04 - [x64] HKLM\..\Run : [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
04 - [x64] HKLM\..\Run : [WindowsDefender] "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
04 - HKU\S-1-5-19\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-20\..\Run : [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [OneDrive] "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [Spotify Web Helper] "C:\Users\Hakaz7\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [EU5RVEXBWBCD1HU] "C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe"
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\Run : [QA88O0040CCVATA] "C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe"
04 - HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\..\RunOnce : [Uninstall C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Hakaz7\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
################## | C:\ %SystemDrive% - Disco fixo (NTFS) |
[03/05/2017 - 21:20:06 | A | 1 Ko] - C:\DelFix.txt
[03/07/2017 - 06:31:48 | ASH | 262144 Ko] - C:\swapfile.sys
[03/07/2017 - 07:39:01 | ASH | 2695396 Ko] - C:\pagefile.sys
[27/06/2017 - 11:27:03 | D] - C:\Windows.old
[29/06/2017 - 00:38:36 | D] - C:\Config.Msi
[02/01/2016 - 05:39:02 | SHD] - C:\$RECYCLE.BIN
[28/05/2017 - 15:11:28 | D] - C:\$WINDOWS.~BT
[10/07/2015 - 09:21:38 | SHD] - C:\Documents and Settings
[25/07/2015 - 21:33:21 | D] - C:\Arquivos de Programas
[25/07/2015 - 21:36:11 | D] - C:\swsetup
[25/07/2015 - 21:36:53 | D] - C:\drvrtmp
[26/07/2015 - 16:07:28 | D] - C:\Intel
[29/10/2015 - 18:16:44 | D] - C:\viva
[30/10/2015 - 04:18:34 | N | 0 Ko] - C:\BOOTNXT
[29/01/2016 - 12:57:23 | D] - C:\EEK
[16/07/2016 - 08:47:47 | D] - C:\PerfLogs
[26/08/2016 - 21:06:39 | D] - C:\Temp
[17/04/2017 - 22:11:45 | D] - C:\OneDriveTemp
[26/05/2017 - 11:37:27 | SHD] - C:\Recovery
[26/05/2017 - 11:47:09 | D] - C:\$GetCurrent
[26/05/2017 - 11:48:26 | D] - C:\Windows10Upgrade
[28/05/2017 - 14:55:10 | D] - C:\$SysReset
[28/05/2017 - 15:01:57 | RD] - C:\Users
[25/06/2017 - 19:02:22 | D] - C:\Microsoft
[29/06/2017 - 00:07:10 | RD] - C:\Program Files (x86)
[29/06/2017 - 00:16:02 | D] - C:\FRST
[29/06/2017 - 00:37:10 | RD] - C:\Program Files
[30/06/2017 - 17:12:55 | D] - C:\WINDOWS
[01/07/2017 - 14:47:25 | HD] - C:\ProgramData
[03/07/2017 - 12:06:41 | D] - C:\UsbFix
################## | E:\ - Disco fixo (NTFS) |
[08/01/2015 - 04:13:28 | A | 1120 Ko] - E:\Warranty.pdf
[15/06/2015 - 12:07:12 | A | 0 Ko] - E:\Autorun.inf
[08/01/2015 - 19:18:14 | A | 550 Ko] - E:\SeagateExpansion.ico
[24/03/2016 - 04:06:10 | A | 17529 Ko] - E:\Start_Here_Win.exe
[05/08/2016 - 14:49:30 | SHD] - E:\$RECYCLE.BIN
[31/12/1969 - 22:15:14 | D] - E:\LG_DVR_000000
[10/05/2016 - 01:50:44 | D] - E:\Seagate
[25/06/2017 - 14:03:45 | D] - E:\lair ribeiro
[25/06/2017 - 15:17:50 | D] - E:\Filmes
################## | G:\ - Disco removível (FAT32) |
[15/01/2015 - 17:02:16 | A | 1239 Ko] - G:\RevelandotodosossegredosdaDeep.pdf
Análise realizada em 31.87 segundos
################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/pt/ |
/_ Boa Tarde! Aldemir Pinheiro _\
> Poste novos logs da FRST. ( FRST.txt + Addition.txt )
[]s
/_ Bom Dia! Aldemir Pinheiro _\
>
(4H66) C:\Program Files\7K2E40Q4DR\
413UK2YQ5.exe
(4H66) C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe
> É de sua escolha estes arquivos na linha de processos?
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )
start
CloseProcesses:
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Program Files\D5K6CW0LI8
2017-06-28 10:55 - 2017-06-28 10:55 - 00000000 _____ C:\Users\Hakaz7\AppData\Local\{B281DE83-8424-46E1-9ABB-2F92524F9C4E}
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Program Files\7K2E40Q4DR
2017-06-27 11:27 - 2017-06-27 11:27 - 00001250 _____ C:\Users\Hakaz7\Desktop\Ao proctologista.docx - Atalho.lnk
2017-06-27 10:27 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\BEKAELOWIT
2017-06-27 10:27 - 2017-06-27 10:27 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4
2017-06-26 20:38 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\NB7ZC33F7V
2017-06-26 20:38 - 2017-06-26 20:38 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3
2017-06-26 19:08 - 2017-06-26 19:08 - 00000000 ____D C:\Users\Hakaz7\Documents\Modelos Personalizados do Office
2017-06-26 17:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\78VQBR8YQT
2017-06-26 17:37 - 2017-06-26 17:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop
2017-06-26 14:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\4SZFM77SUR
2017-06-26 14:37 - 2017-06-26 14:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e
2017-06-26 11:37 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\J5CU3D2TL0
2017-06-26 11:37 - 2017-06-26 11:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj
2017-06-26 08:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\131B5LOBA4
2017-06-26 08:37 - 2017-06-26 08:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj
2017-06-25 19:44 - 2017-06-29 00:32 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\Ehqvtion
2017-06-25 19:44 - 2017-06-25 19:44 - 01611944 _____ (Secure Download Ltd. ) C:\Users\Hakaz7\Downloads\KMSpico_patch
2017-06-25 19:04 - 2017-07-01 14:47 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-06-05 15:35 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Desktop\Legendas35.zip
2017-06-05 15:35 - 2017-04-28 01:57 - 04186534 _____ (Legendas Brasil ) C:\Users\Hakaz7\Desktop\Legendas35.exe
2017-06-05 15:31 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Downloads\Legendas35.zip
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATENÇÃO
C:\Program Files (x86)\UCBrowser
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool" (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs
/applications/core/interface/imageproxy/imageproxy.php?img=http://r17.imgfast.net/users/1712/29/07/67/smiles/434264.gif&key=8b580fd8c41338fe0925cd84ba4dbbb4293b15fe6a04cbd03d242b4e86624720" class="ipsImage" alt="434264.gif" />
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >
[A+]
Bom dia DigRam
não entendi: estes arquivos são de minha escolhas nas linhas dos processo?
que eu entende (se é que eu entendo) é o resultado do escaneamento do FRST e Addition.
certo?!
fique a vontade para fazer perguntas
se eu souber responde-las terei o maior prazer
segue os logs
fixlog:
___________________________________________________________________________________
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 25-06-2017 01
Executado por Hakaz7 (04-07-2017 23:25:34) Run:2
Executando a partir de C:\Users\Hakaz7\Desktop
Perfis Carregados: Hakaz7 (Perfis Disponíveis: Hakaz7 & aldem)
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
start
CloseProcesses:
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh
2017-06-28 10:58 - 2017-06-28 10:58 - 00000000 ____D C:\Program Files\D5K6CW0LI8
2017-06-28 10:55 - 2017-06-28 10:55 - 00000000 _____ C:\Users\Hakaz7\AppData\Local\{B281DE83-8424-46E1-9ABB-2F92524F9C4E}
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw
2017-06-28 10:51 - 2017-06-28 10:51 - 00000000 ____D C:\Program Files\7K2E40Q4DR
2017-06-27 11:27 - 2017-06-27 11:27 - 00001250 _____ C:\Users\Hakaz7\Desktop\Ao proctologista.docx - Atalho.lnk
2017-06-27 10:27 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\BEKAELOWIT
2017-06-27 10:27 - 2017-06-27 10:27 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4
2017-06-26 20:38 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\NB7ZC33F7V
2017-06-26 20:38 - 2017-06-26 20:38 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3
2017-06-26 19:08 - 2017-06-26 19:08 - 00000000 ____D C:\Users\Hakaz7\Documents\Modelos Personalizados do Office
2017-06-26 17:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\78VQBR8YQT
2017-06-26 17:37 - 2017-06-26 17:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop
2017-06-26 14:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\4SZFM77SUR
2017-06-26 14:37 - 2017-06-26 14:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e
2017-06-26 11:37 - 2017-06-30 15:22 - 00000000 ____D C:\Program Files\J5CU3D2TL0
2017-06-26 11:37 - 2017-06-26 11:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj
2017-06-26 08:37 - 2017-06-30 15:21 - 00000000 ____D C:\Program Files\131B5LOBA4
2017-06-26 08:37 - 2017-06-26 08:37 - 00000000 ____D C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj
2017-06-25 19:44 - 2017-06-29 00:32 - 00000000 ____D C:\Users\Hakaz7\AppData\Local\Ehqvtion
2017-06-25 19:44 - 2017-06-25 19:44 - 01611944 _____ (Secure Download Ltd. ) C:\Users\Hakaz7\Downloads\KMSpico_patch
2017-06-25 19:04 - 2017-07-01 14:47 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2017-06-05 15:35 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Desktop\Legendas35.zip
2017-06-05 15:35 - 2017-04-28 01:57 - 04186534 _____ (Legendas Brasil ) C:\Users\Hakaz7\Desktop\Legendas35.exe
2017-06-05 15:31 - 2017-06-05 15:31 - 10218507 _____ C:\Users\Hakaz7\Downloads\Legendas35.zip
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== ATEN��O
C:\Program Files (x86)\UCBrowser
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end
*****************
Processos fechados com sucesso.
C:\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh => movido com sucesso
C:\Program Files\D5K6CW0LI8 => movido com sucesso
C:\Users\Hakaz7\AppData\Local\{B281DE83-8424-46E1-9ABB-2F92524F9C4E} => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw => movido com sucesso
C:\Program Files\7K2E40Q4DR => movido com sucesso
C:\Users\Hakaz7\Desktop\Ao proctologista.docx - Atalho.lnk => movido com sucesso
C:\Program Files\BEKAELOWIT => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\jeil3jocti4 => movido com sucesso
C:\Program Files\NB7ZC33F7V => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\0vegnqyiip3 => movido com sucesso
C:\Users\Hakaz7\Documents\Modelos Personalizados do Office => movido com sucesso
C:\Program Files\78VQBR8YQT => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\y22qjezlqop => movido com sucesso
C:\Program Files\4SZFM77SUR => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\nar5sit5k5e => movido com sucesso
C:\Program Files\J5CU3D2TL0 => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj => movido com sucesso
C:\Program Files\131B5LOBA4 => movido com sucesso
C:\Users\Hakaz7\AppData\Roaming\pzaonjy5alj => movido com sucesso
C:\Users\Hakaz7\AppData\Local\Ehqvtion => movido com sucesso
C:\Users\Hakaz7\Downloads\KMSpico_patch => movido com sucesso
"C:\Program Files (x86)\UCBrowser" pasta mover:
Não pode ser movido "C:\Program Files (x86)\UCBrowser" => Agendado para ser movido na reinicialização.
C:\Users\Hakaz7\Desktop\Legendas35.zip => movido com sucesso
C:\Users\Hakaz7\Desktop\Legendas35.exe => movido com sucesso
C:\Users\Hakaz7\Downloads\Legendas35.zip => movido com sucesso
ucdrv => Não foi possível finalizar o serviço.
HKLM\System\CurrentControlSet\Services\ucdrv => chave removido (a) com sucesso.
ucdrv => serviço removido (a) com sucesso.
"C:\Program Files (x86)\UCBrowser" pasta mover:
Não pode ser movido "C:\Program Files (x86)\UCBrowser" => Agendado para ser movido na reinicialização.
Ponto de Restauração criado com sucesso.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
========= Fim de RemoveProxy: =========
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
=========== EmptyTemp: ==========
BITS transfer queue => 6643328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 67071122 B
Java, Flash, Steam htmlcache => 1270 B
Windows/system/drivers => 1876815 B
Edge => 77801261 B
Chrome => 68035816 B
Firefox => 0 B
Opera => 107525006 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 874 B
NetworkService => 71450 B
Hakaz7 => 59723873 B
aldem => 0 B
RecycleBin => 1616258837 B
EmptyTemp: => 1.9 GB de dados temporários Removidos.
================================
Resultado dos arquivos que foram agendados para serem movidos (Modo de Inicialização: Normal) (Data&Hora: 04-07-2017 23:50:04)
"C:\Program Files (x86)\UCBrowser" => Não pode ser movido
"C:\Program Files (x86)\UCBrowser" => Não pode ser movido
==== Fim de Fixlog 23:50:09 ====/_ Boa Tarde! Aldemir Pinheiro _\
[Adw.Wizzcaster] 413UK2YQ5.exe(5224) -- C:\Program Files\7K2E40Q4DR\413UK2YQ5.exe[-] -> Encontrado
[Adw.Wizzcaster] K98SCZW5C.exe(5624) -- C:\Program Files\D5K6CW0LI8\K98SCZW5C.exe[-] -> Encontrado
---
---
> Quantoa aos arquivos,foram detectados por RogueKillercomo adwares.
> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" class="ipsImage" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )
> Ou daqui: < AdwCleaner > << Link!
> Ao acessar,clique em "Download Now".
> Salve-o no desktop!
> Desabilite seu antivírus!
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" class="ipsImage" alt="Executar_Administrador.jpg" /> >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
> Clique "Ferramentas" >> "Opções".
> Estando em "Opções",deixe as configurações conforme este banner.
> Clique "Ok".
> Ps: Dê início ao scan,clicando em "Verificar".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Limpar_zps06005ae9.jpg&key=e03b122437ba41a51aeb80130d87464e234beda92d71d6cab1205ee84e50d78e" class="ipsImage" alt="AdwCleaner_Limpar_zps06005ae9.jpg" />
> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatorio".
> Poste: < C:\AdwCleaner\AdwCleaner[C0].txt >
[Abs]
Que bom! DigRam que foram encontrados
o RogueKiller detectou como adwares, isso é ótimo que será eliminado. da trabalho mas valeu muito a pena.
adwcleaner este aqui é uma pena que você perde todas as extensões se não tiver anotado, se as mesmas forem essenciais para o uso da navegação, mas vale a pena, sua ajuda analise e remoção
recupera todo meu computador e isso é o suficiente! sem reclamações
AdwCleaner segue o log: abraços!
____________________________________________________________________________
# AdwCleaner v6.047 - Relatório criado 05/07/2017 às 15:35:36
# Atualizado em 19/05/2017 por Malwarebytes
# Banco de dados : 2017-07-05.1 [Local]
# Sistema operacional : Windows 10 Pro (X64)
# Usuário : Hakaz7 - ADMINISTRADOR
# Executando de : C:\Users\Hakaz7\Desktop\adwcleaner_6.047.exe
# Modo: Limpo
# Apoio : https://www.malwarebytes.com/support
*** [ Serviços ] ***
[-] Serviço excluído:ucdrv
[-] Serviço excluído:cfidsk
*** [ Pastas ] ***
[-] Pasta excluída:C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp
*** [ Arquivos ] ***
*** [ DLL ] ***
*** [ WMI ] ***
*** [ Atalhos ] ***
*** [ Atividades agendadas ] ***
*** [ Registro ] ***
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
[-] Chave excluída:HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
[-] Chave excluída:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Chave excluída na reinicialização:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SNARE
[#] Chave excluída na reinicialização:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[#] Chave excluída na reinicialização:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\snare
[-] Chave excluída:HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\MICROSOFT\wewewe
[-] Chave excluída:HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\PopWnd
[#] Chave excluída na reinicialização:HKCU\Software\MICROSOFT\wewewe
[#] Chave excluída na reinicialização:HKCU\Software\PopWnd
[#] Chave excluída na reinicialização:[x64] HKCU\Software\MICROSOFT\wewewe
[#] Chave excluída na reinicialização:[x64] HKCU\Software\PopWnd
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\DMunversion
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\{6711eba6-cf08-4edw-9528-86004fa424bb}
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchy
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{24F5E422-6A70-4FAA-8CAD-E23D5DC1DAE6}
[-] Chave excluída:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD0688A5-FC8B-4E93-A485-CBF606A56D49}
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babycp.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qtipr.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babycp.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babycp.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qtipr.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
[-] Chave excluída:HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ak.staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hp.myway.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\qtipr.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ak.staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\babycp.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hp.myway.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\qtipr.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\staticimgfarm.com
[#] Chave excluída na reinicialização:[x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.babycp.com
[-] Chave excluída:HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Valor apagado:HKCU\SOFTWARE\Classes\.crx\OpenWithProgids [UCHTML.AssocFile.CRX]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Valor apagado:HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.htm\OpenWithProgids [UCHTML.AssocFile.HTM]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.html\OpenWithProgids [UCHTML.AssocFile.HTML]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.mht\OpenWithProgids [UCHTML.AssocFile.MHT]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids [UCHTML.AssocFile.SHTM]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids [UCHTML.AssocFile.SHTML]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.webp\OpenWithProgids [UCHTML.AssocFile.WEBP]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.xht\OpenWithProgids [UCHTML.AssocFile.XHT]
[-] Valor apagado:HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids [UCHTML.AssocFile.XHTML]
[-] Chave excluída:HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
[-] Valor apagado:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Kitty]
[-] Valor apagado:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [3DM]
[-] Valor apagado:HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [YeaDesktop.exe]
*** [ Verificando navegadores ... ] ***
[-] [C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminado:ipmkfpcnmccejididiaagpgchgjfajgp
[-] [C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Eliminado:br.ask.com
*************************
:: Configurações Winsock restauradas
:: "Image File Execution Options" chaves excluídas
:: Configurações Proxy restauradas
:: Políticas do IE excluídas
:: Políticas do Chrome excluídas
:: As preferências do Chrome são redefinidas:C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default
:: As preferências do Chrome são redefinidas:C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Profile 1
!! As preferências do Chrome não são redefinidas:C:\Users\aldem\AppData\Local\Google\Chrome\User Data\Default
:: Arquivo de hosts cancelado
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [11144 Bytes] - [05/07/2017 15:35:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [10776 Bytes] - [05/07/2017 15:29:51]
C:\AdwCleaner\AdwCleaner[S1].txt - [10847 Bytes] - [05/07/2017 15:32:42]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [11366 Bytes] ##########
/_ Boa Tarde! Aldemir Pinheiro _\
> Baixe: < Sophos Virus Removal Tool >
> Salve Sophos Virus Removal Tool.exe ao desktop!
> Execute-o! -> (Run) -> Clique "Next".
> Aceite os termos de licença! (I accept the terms in this license agreement)
> Clique duas vezes "Next" e "Next".
> Clique "Install" >> Finish
> Clique em concluir para iniciar o programa.
> Uma vez que o banco de dados de vírus foi atualizado,clique em Iniciar verificação. (Start scanning)
> Se forem encontradas quaisquer ameaças clique em detalhes,então o arquivo log View... (canto inferior esquerdo)
> Copie e cole os resultados na sua resposta.
> Fechar o documento do bloco de notas,feche a tela de detalhes sobre a ameaça e, em seguida, clique em Iniciar limpeza.
> Clique em sair para fechar o programa.
[Abs]
olá DigRam
só tem um problema ele elimina uma ameaça por vez e para cada ameaça ele faz um novo reboot ao invés deu apareceu number threats 2 cleanup fiz o reboot eliminei 1 ameaça apos o reboot a segunda threats só que ao inves de apertar em cleanup para eliminar o segunda ameça eu cliquei novamente em scan aí ele não achou mais a encontrou anteriormente sendo que só limpou
uma sendo que havia duas. deseja que eu novos logs do FRST?
segue logs Sophos Virus Tool:
____________________________________________________________________________________________
2017-07-06 01:17:45.377 Sophos Virus Removal Tool version 2.6.1
2017-07-06 01:17:45.377 Copyright (c) 2009-2017 Sophos Limited. All rights reserved.
2017-07-06 01:17:45.377 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
2017-07-06 01:17:45.377 Windows version 6.2 SP 0.0 build 9200 SM=0x100 PT=0x1 WOW64
2017-07-06 01:17:45.379 Checking for updates...
2017-07-06 01:17:45.779 Update progress: proxy server not available
2017-07-06 01:18:06.893 Option all = no
2017-07-06 01:18:06.893 Option recurse = yes
2017-07-06 01:18:06.938 Option archive = no
2017-07-06 01:18:06.938 Option service = yes
2017-07-06 01:18:06.938 Option confirm = yes
2017-07-06 01:18:06.938 Option sxl = yes
2017-07-06 01:18:06.938 Option max-data-age = 35
2017-07-06 01:18:06.938 Option vdl-logging = yes
2017-07-06 01:18:07.006 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-07-06 01:18:07.006 Machine ID: e0d67e511372412e98fbf10bfe5598f3
2017-07-06 01:18:07.015 Component SVRTcli.exe version 2.6.1
2017-07-06 01:18:07.015 Component control.dll version 2.6.1
2017-07-06 01:18:07.015 Component SVRTservice.exe version 2.6.1
2017-07-06 01:18:07.015 Component engine\osdp.dll version 1.44.1.2286
2017-07-06 01:18:07.015 Component engine\veex.dll version 3.68.6.2286
2017-07-06 01:18:07.015 Component engine\savi.dll version 9.0.7.2286
2017-07-06 01:18:07.016 Component rkdisk.dll version 1.5.31.1
2017-07-06 01:18:07.016 Version info: Product version 2.6.1
2017-07-06 01:18:07.016 Version info: Detection engine 3.68.6
2017-07-06 01:18:07.016 Version info: Detection data 5.40
2017-07-06 01:18:07.016 Version info: Build date 30/05/2017
2017-07-06 01:18:07.016 Version info: Data files added 313
2017-07-06 01:18:07.016 Version info: Last successful update (not yet updated)
2017-07-06 01:18:09.069 Downloading updates...
2017-07-06 01:18:09.073 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-07-06 01:18:09.073 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-06 01:18:09.073 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-06 01:18:09.073 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-07-06 01:18:09.073 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-07-06 01:18:09.073 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-07-06 01:18:09.073 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-07-06 01:18:09.073 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-07-06 01:18:09.074 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-07-06 01:18:09.074 Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-07-06 01:18:09.074 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-07-06 01:18:09.074 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-07-06 01:18:09.074 Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-07-06 01:18:09.074 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-07-06 01:18:09.074 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-07-06 01:18:09.074 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-06 01:18:09.452 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-07-06 01:18:09.452 Update progress: [I19463] Product download size 166581621 bytes
2017-07-06 01:18:34.347 Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-07-06 01:18:34.348 Update progress: [I19463] Product download size 2265483 bytes
2017-07-06 01:18:36.182 Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-07-06 01:18:36.182 Update progress: [I19463] Product download size 2018230 bytes
2017-07-06 01:18:37.786 Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-07-06 01:18:37.786 Update progress: [I19463] Product download size 644214 bytes
2017-07-06 01:18:38.262 Installing updates...
2017-07-06 01:18:39.068 Error level 1
2017-07-06 01:18:55.233 Update successful
2017-07-06 01:19:07.405 Option all = no
2017-07-06 01:19:07.405 Option recurse = yes
2017-07-06 01:19:07.405 Option archive = no
2017-07-06 01:19:07.405 Option service = yes
2017-07-06 01:19:07.405 Option confirm = yes
2017-07-06 01:19:07.405 Option sxl = yes
2017-07-06 01:19:07.407 Option max-data-age = 35
2017-07-06 01:19:07.407 Option vdl-logging = yes
2017-07-06 01:19:07.436 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-07-06 01:19:07.436 Machine ID: e0d67e511372412e98fbf10bfe5598f3
2017-07-06 01:19:07.437 Component SVRTcli.exe version 2.6.1
2017-07-06 01:19:07.437 Component control.dll version 2.6.1
2017-07-06 01:19:07.437 Component SVRTservice.exe version 2.6.1
2017-07-06 01:19:07.437 Component engine\osdp.dll version 1.44.1.2286
2017-07-06 01:19:07.437 Component engine\veex.dll version 3.68.6.2286
2017-07-06 01:19:07.437 Component engine\savi.dll version 9.0.7.2286
2017-07-06 01:19:07.438 Component rkdisk.dll version 1.5.31.1
2017-07-06 01:19:07.438 Version info: Product version 2.6.1
2017-07-06 01:19:07.438 Version info: Detection engine 3.68.6
2017-07-06 01:19:07.438 Version info: Detection data 5.40
2017-07-06 01:19:07.438 Version info: Build date 30/05/2017
2017-07-06 01:19:07.438 Version info: Data files added 313
2017-07-06 01:19:07.438 Version info: Last successful update 05/07/2017 22:18:55
2017-07-06 01:47:06.592 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\1\Registrypatch.exe
2017-07-06 01:47:06.602 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\1\Registrypatch.exe
2017-07-06 01:47:09.575 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\2\Registrypatch.exe
2017-07-06 01:47:09.575 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\KMSPico\best erning installers\2\Registrypatch.exe
2017-07-06 01:51:57.839 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\dx3rnfnsvrw\vj0qppnix0s.exe
2017-07-06 01:55:56.435 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\bvxjgabo1nh\g5yau5p535c.exe
2017-07-06 01:58:29.559 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\4PKCUNJOVT\HEQR3MPPU.exe
2017-07-06 01:58:29.965 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\4PKCUNJOVT\uninstaller.exe
2017-07-06 01:58:30.201 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\694ASJ82FT\694ASJ82F.exe
2017-07-06 01:58:30.354 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\694ASJ82FT\uninstaller.exe
2017-07-06 01:58:33.730 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\ct1zxfqcdbf\hpjithhv0cb.exe
2017-07-06 01:58:40.125 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\vhpfwb2fywu\5ptibtmqh32.exe
2017-07-06 01:58:40.429 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\RLR47SCMCK\RLR47SCMC.exe
2017-07-06 01:58:40.640 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\RLR47SCMCK\uninstaller.exe
2017-07-06 01:58:41.362 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\0skpobfw0eo\7F1D7.exe
2017-07-06 02:18:56.331 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\7K2E40Q4DR\413UK2YQ5.exe
2017-07-06 02:18:56.352 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:18:56.352 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:18:56.352 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:00.898 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\7K2E40Q4DR\uninstaller.exe
2017-07-06 02:19:00.898 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:00.899 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:00.899 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:05.057 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\D5K6CW0LI8\K98SCZW5C.exe
2017-07-06 02:19:05.057 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:05.057 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:05.058 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:09.097 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files\D5K6CW0LI8\uninstaller.exe
2017-07-06 02:19:09.097 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:09.097 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:09.097 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:41.568 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Program Files (x86)\ZBeAlTQs36\updengine.exe
2017-07-06 02:19:41.569 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:41.569 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:41.569 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:49.790 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\0vegnqyiip3\0tcets4rqji.exe
2017-07-06 02:19:49.791 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:49.791 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:49.791 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:54.123 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\gn1ywbcgfkj\pkghddf0hlo.exe
2017-07-06 02:19:54.123 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:54.123 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:19:54.123 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:01.415 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\jeil3jocti4\1xxqi5i4d4p.exe
2017-07-06 02:20:01.416 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:01.416 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:01.416 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:05.557 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\nar5sit5k5e\g535xe2lo02.exe
2017-07-06 02:20:05.558 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:05.558 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:05.558 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:09.669 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\pzaonjy5alj\g5zb2q2gx3a.exe
2017-07-06 02:20:09.669 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:09.669 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:09.669 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:39.695 >>> Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\C\Users\Hakaz7\AppData\Roaming\y22qjezlqop\cz1qwc0wjes.exe
2017-07-06 02:20:39.695 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:39.695 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:39.695 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-07-06 02:20:40.060 Could not open C:\pagefile.sys
2017-07-06 02:29:21.735 Could not open C:\swapfile.sys
2017-07-06 02:29:25.847 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:29:25.848 Could not open C:\System Volume Information\{6678098f-5fd2-11e7-9e82-b499bafded39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:29:25.848 Could not open C:\System Volume Information\{801a60fd-6106-11e7-9e85-b499bafded39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:29:25.849 Could not open C:\System Volume Information\{d9d768aa-61b0-11e7-9e88-b499bafded39}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-06 02:31:02.153 Could not open C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Current Session
2017-07-06 02:31:02.153 Could not open C:\Users\Hakaz7\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2017-07-06 02:52:17.392 Could not open C:\WINDOWS\System32\config\BBI
2017-07-06 02:52:17.646 Could not open C:\WINDOWS\System32\config\RegBack\DEFAULT
2017-07-06 02:52:17.657 Could not open C:\WINDOWS\System32\config\RegBack\SAM
2017-07-06 02:52:17.659 Could not open C:\WINDOWS\System32\config\RegBack\SECURITY
2017-07-06 02:52:17.676 Could not open C:\WINDOWS\System32\config\RegBack\SOFTWARE
2017-07-06 02:52:17.686 Could not open C:\WINDOWS\System32\config\RegBack\SYSTEM
2017-07-06 03:17:29.196 Could not open LOGICAL:0003:00000000
2017-07-06 03:17:29.198 Could not open D:\
2017-07-06 03:20:39.356 The following items will be cleaned up:
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S
2017-07-06 03:20:39.356 Mal/Generic-S/_ Boa Tarde! Aldemir Pinheiro _\
Virus 'Mal/Generic-S' found in file C:\FRST\Quarantine\ <<
Vemos que as detecções do engenho da Sophos,ficaram restritas a pasta "Quarantine" da FRST.
Manualmente,vá até a esta pasta e delete seu conteúdo!
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
>
> Informações ao Registro que estão associadas as entradas quarentenadas.
>
Citar
https://www.symantec.com/connect/articles/how-customize-virtual-internet-explorer-settings
As detecções apontam esta subchave ou valor ligado ao Mal/Generic-S.
>
Citar
Virtual Internet Explorer (IE) vem com um conjunto de configurações padrão que são adequados para a maioria das circunstâncias; no entanto, editando o arquivo de definição de camada (ldf) usado para criar o aplicativo virtual é possível personalizar o IE para atender às necessidades específicas do cliente. Este artigo descreve como editar o ldf para personalizar o IE para atender às necessidades específicas do cliente.
Pelo visto,as entradas estão ligadas ao Virtual Internet Explorer (IE).
> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/2wZxkvW.jpg&key=d2690ac2468d5ab9922e75310a20dfebfdc6c0cf1664ad3518aa44a2d3bdffc1" /> > ( ... by Malwarebytes.org )
> Ou aqui! < JRT.exe >
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" />
> Tendo dificuldades,pode executá-lo em Modo de Segurança com Rede.
> Aguarde a conclusão e poste o relatório. ( JRT.txt )
[Abs]
Olá DigRam boa noite
Desculpa DigRam Mal/Generic-S eu não consigo encontrar
Não entendi muito bem, desculpa minha ignorância: devo deletar a pasta quarentine do FRST é isso ?! se não for, por favor me dê um passo a passo, me oriente melhor.
Não entendi quase nada, não entendi o que fazer com:
HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
referente a:
https://www.symantec.com/connect/articles/how-customize-virtual-internet-explorer-settings
não sei o que dizer, a respeito do seu trabalho para resolver problemas de quem você presta sereviço, é admiravel. requer muito estudo, esforço, mesmo sendo para resolver um problema individualmente de pessoa ou cliente para desinfecção. admirável. Que você seja bem recompensado por isso. Obrigado!
Não esquecendo também, Obrigado por expor o artigo. grato! assim ficamos sabendo o pq de as vezes poder ocorrer alguma demora para você retornar a responder, pois muito vai depender do grau de dificuldade de estudo, a respeito da desinfecção de certo vírus: como acha-lo e para onde foi instalado e se alojou. assim fica claro pra nós, não pré-julga-los (especialista em remoção de malwares).
continuando:
sobre o JRT sei marromeno o que fazer rsrs : seguir as orientações acima
a respeito da minha duvida não esqueça de responder por favor ou desenhar. Certo?!
té logo
/_ Boa Noite! Aldemir Pinheiro _\
Análise de logs não é tarefa fácil e requer longos períodos de preparação,que tive com jgarcia. Este foi instrutor do Linha Defensiva e Membro renomado aqui do iMasters.
Quanto a limpeza da pasta Quarantine,fiz referência ao seu conteúdo.
E as informações ao Registro,removerei posteriormente,por meio de script a ZA-Scan. Esta ferramenta será pedida após o relatório da JRT.
[Abs]
Bom dia DigRam
>
9 horas atrás, DigRam disse:
/_ Boa Noite! Aldemir Pinheiro _\
Análise de logs não é tarefa fácil e requer longos períodos de preparação. que tive com jgarcia.
realmente!
>
9 horas atrás, DigRam disse:
>
9 horas atrás, DigRam disse:
jgarcia. Este foi instrutor do Linha Defensiva e Membro renomado aqui do iMasters.
poxa que bacana em DigRam
aliás o que aconteceu com o linha defensiva? (não me refiro ao forum) eu os acompanhava, havia boas materias referente a segurança da informação lembro-me da divulgação duma palestra para quem podesse estar presente numa conferencia dum norte-americano aqui no brasil no brasil para falar a respeito de segurança (sobre Edward Snowden e +) show de bola velho, materias excelentes. foi aí que comecei seguir o jornalista Glenn Greenwald em diante. mas parece que na metade de 2015 o site do linha defensiva deixou de dar continuidade ao seu conteúdo. uma pena.
sobre a pasta quarentine vcê fez referencia ao seu conteúdo, eu subentendi que você me informava a respeito do procedimento.
então não fiz nada não deletei deixei como está.
log JRT
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Pro x64
Ran by Hakaz7 (Administrator) on 07/07/2017 at 7:49:39,58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/07/2017 at 7:52:37,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/_ Boa Tarde! Aldemir Pinheiro_\
O site LD passou por reformulações nestes últimos anos,pelo que pude constatar. Mas o Fórum continua com boa qualidade no atendimento aos seus Membros.
/applications/core/interface/imageproxy/imageproxy.php?img=https://static.stigviewer.com/static/images/big-logo-stig-viewer.73e9471b7500cf82b2e70f68f57196a3.png&key=2a5747cdf735d9462845d1ffcfec18bac94eed365aa3f137cf18492a03322c5b" />
Visitando stigviewer.com,encontramos mais informações ao valor/parâmetro que a Sophos detectou,como Mal/Generic-S.
>
Citar
Este parâmetro avisa o usuário de que a entrada do formulário está sendo redirecionada para outro site da Web. Como o formulário pode conter dados confidenciais, o usuário deve ser avisado de que os dados não estão sendo direcionados para o site que o usuário estava usando. Isso permite que o usuário tome uma decisão se os dados no formulário forem apropriados para inclusão no novo site da Web.
Eis a função do valor nas entradas detectadas pela Sophos e que devem ter a REG_DWORD igual a 1,ao parâmetro WarnOnPostRedirect.
Abra o Editor do Registro e navegue até as sucessivas chaves,onde ao chegar a Internet Settings,verifique se encontra o valor na dword igual a 1. Caso encontre diferente de 1,pode modificar!
[HKU\S-1-5-21-1487806579-2887001220-3690848270-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
WarnOnPostRedirect=Dword:00000001
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]
WarnOnPostRedirect=Dword:00000001
[]s
oi DigRam, boa tarde
desejo comprar o livro dum autor chamado renato cesar bini
este livro está disponivel a venda somente no seu site oficial
só tem um problema
o site pede para instalar plug-in do adobe flash player
que desejo muito adquirir
não sei se é confiável
e não entendo pq alguns sites pedem esses plug-in
o site é de 2009 talvez seja pq é independente e esteja desatualizado.
melhor não fazer login em nenhuma rede social há procura-lo pessoalmente via facebook já que como citado por você:
meus dados confidenciais de usuário pode ser redirecionadas a outros sites da web
tentarei seguir suas recomendações e logo, como também vou tentar encontrar no youtube par saber como abrir
o editor de registro e dar continuidade no prosseguimento por tentativa e erro de informações do google.
aliás posso fazer pergunta nesta sala recomendado por você?
essa é a hora que eu estou mais precisando pois eu ainda não fiz nenhuma nem a visitei.
>
Em 30/06/2017 at 22:39, DigRam disse:
http://www.hardware.com.br/comunidade/area/seguranca-debates-duvidas-dicas-etc.59/
> Quanto a pergunta sobre a sala em questão,recomendo o acesso ao GdH neste link àcima. Se o Komm lhe atender,suas chances de êxito serão elevadas.
/_ Boa Tarde! Aldemir Pinheiro _\
Não recomendo instalar nenhum Flash Player,pois sendo fake lhe trará problemas. Mas se o acesso ao site foi pelo Chrome,não se justifica esta solicitação ao plugin.
>
<Aldemir Pinheiro> também vou tentar encontrar no youtube par saber como abrir o editor de registro e dar continuidade no prosseguimento por tentativa e erro de informações do google.
> Para ter acesso ao Editor do Registro,basta apertar "Windows + R" e digitar na caixa: regedit >> Aperte Enter.
>
<Aldemir Pinheiro> aliás posso fazer pergunta nesta sala recomendado por você?
essa é a hora que eu estou mais precisando pois eu ainda não fiz nenhuma nem a visitei
> Sim! O Komm é uma jóia preciosa lá no GdH,e não vejo a hora dele se integrar aos quadros do iMasters como Moderador.
> Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1377.photobucket.com/albums/ah43/caedurodrigues/Removal%2520Tools/SFT_Icon_zpsf8e1bf56.png&key=50ea599a4148658ca55b3ee0c7481356f54733c2bc24a6e3f86d76dad34561da" class="ipsImage" alt="SFT_Icon_zpsf8e1bf56.png" /> SFTGC > ( ... de Pierre13 )
< Ou Aqui > << Link!
> Descompacte-o e salve-o ao desktop!
> Desabilite seu antivírus!
> Tendo dificuldades no download,utilize o navegador Internet Explorer.
> Para Windows 10,8.1 e 7,execute "SFTGC.exe" como administrador!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/SFTGC_Go_zps151dad06.jpg&key=1b6242bb716a1a228385ec3e75d2bd83e0dff6646ff08e4d73d5097c9c6f66c5" class="ipsImage" alt="SFTGC_Go_zps151dad06.jpg" />
> Execute-o e clique "Go".
> Aguarde seu término,que é rápido.
> Poste o relatório! ( SFT.txt )
> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
> Acesse,para esta tarefa! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" class="ipsImage" alt="Cjoint_Logo.jpg" /> >
[Abs]
/_ Bom Dia! Aldemir Pinheiro _\
> Desinstale: <5>
1.0.0.1 (HKLM-x32\...\YeaDesktop) (Version: 1.0.0.1 - ) <<
DiskWMpower version 1.0 <<
Online Application (x32 Version: 2.6.0 - Microleaves) <<
OtherSearch (HKLM-x32\...\OtherSearch) (Version: 4.0.0.0 - Skyler Emil) <<
Social2Search (HKLM\...\89798490c2b4d681479595f7b986c615) (Version: 11.14.1.75 (i1.0) - Social2Search)<<
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... )
start
CloseProcesses: