Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Boa tarde turma!
Primeiramente olá aos moderadores e parabéns a todos! Sou usuário do forum "Remoção de Malwares" à décadas, e o trabalho feito aqui é fora de série!
Bom, faz muito tempo que nao faço uma análise de logs, e o notebook vem estado muito lento após eu ter clicado em alguns links suspeitos enquanto procurava alguns torrents p baixar.
Gostaria de deixar o log limpinho por favor, seguem os relatorios:
Addition.txt: https://www.cjoint.com/c/LDops5YQRg4
FRST.txt: https://www.cjoint.com/c/LDopt4nDq84
>
12 horas atrás, DigRam disse:
/!\ Boa Noite! Gsbad /!\
Copie estas informações que estão no spoiler, para o Bloco de Notas.
Salve-o ao desktop, com o nome fixlist.
Mostrar conteúdo oculto
Closeprocesses:
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [38768 2021-05-05] (Avast Software s.r.o. -> Avast Software)
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ca-5868-11eb-a20e-a4bb6d6cde80} - "F:\setup.exe"
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ea-5868-11eb-a20e-a4bb6d6cde80} - "G:\Launcher.exe"
FirewallRules: [TCP Query User{EDD34FE8-FE5B-4EB1-BC0A-2F92A4D579CE}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{1B378227-FA43-4417-BEDA-4A24F9DF6714}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{B4245339-EC78-46C9-ABF0-53053438013C}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{14EFBD45-A904-49AC-A438-00FDDE3BF7A0}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{44564E68-EBD2-4DDB-A3F7-3F388ADCE9FF}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{2ED338B5-B27D-42D0-B924-4248C03D39B1}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [{3D49692B-00C0-440E-900F-7BDA5F68FB59}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{C50C87E0-E284-4326-BCED-DE61FAECAA1B}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{BBB0435B-BCDC-462F-A332-CD8DDB6D375E}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{45EC089A-E35B-4EF8-9753-8554F708AEB9}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Application Data:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [5490]
Hosts:
Emptytemp:Abra a FRST e clique "Corrigir" e aguarde a finalização do scan.
Poste o relatório! (Fixlog.txt)
[]s
Bom dia @DigRam
Segue o relatório Fixlog.txt:
Resultado da Correção pela Farbar Recovery Scan Tool (x64) Versão: 22-04-2022
Executado por gsbad (26-04-2022 08:26:57) Run:1
Executando a partir de C:\Users\gsbad\Desktop
Perfis Carregados: gsbad
Modo da Inicialização: Normal
==============================================
fixlist Conteúdo:
*****************
Closeprocesses:
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [38768 2021-05-05] (Avast Software s.r.o. -> Avast Software)
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ca-5868-11eb-a20e-a4bb6d6cde80} - "F:\setup.exe"
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ea-5868-11eb-a20e-a4bb6d6cde80} - "G:\Launcher.exe"
FirewallRules: [TCP Query User{EDD34FE8-FE5B-4EB1-BC0A-2F92A4D579CE}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{1B378227-FA43-4417-BEDA-4A24F9DF6714}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe] => (Allow) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{B4245339-EC78-46C9-ABF0-53053438013C}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [{14EFBD45-A904-49AC-A438-00FDDE3BF7A0}] => (Block) C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe => Nenhum Arquivo
FirewallRules: [TCP Query User{44564E68-EBD2-4DDB-A3F7-3F388ADCE9FF}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{2ED338B5-B27D-42D0-B924-4248C03D39B1}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe] => (Allow) C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe => Nenhum Arquivo
FirewallRules: [{3D49692B-00C0-440E-900F-7BDA5F68FB59}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{C50C87E0-E284-4326-BCED-DE61FAECAA1B}] => (Allow) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{BBB0435B-BCDC-462F-A332-CD8DDB6D375E}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
FirewallRules: [{45EC089A-E35B-4EF8-9753-8554F708AEB9}] => (Block) D:\curseforge\Overwolf\0.194.0.15\OverwolfBrowser.exe => Nenhum Arquivo
AlternateDataStreams: C:\ProgramData:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\All Users:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\All Users:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\Users\Todos os Usuários:chnpbmzkyg [274]
AlternateDataStreams: C:\Users\Todos os Usuários:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Application Data:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Application Data:YXVtLmh6aQ [5490]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:chnpbmzkyg [274]
AlternateDataStreams: C:\ProgramData\Dados de Aplicativos:YXVtLmh6aQ [5490]
Hosts:
Emptytemp:
Reboot:
*****************
Processos fechados com sucesso.
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => valor restaurado com sucesso
C:\WINDOWS\system32\GroupPolicy\Machine => movido com sucesso
C:\WINDOWS\system32\GroupPolicy\GPT.ini => movido com sucesso
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => movido com sucesso
C:\ProgramData\NTUSER.pol => movido com sucesso
HKLM\System\CurrentControlSet\Services\aswWintun => removido (a) com sucesso.
aswWintun => o serviço removido (a) com sucesso.
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2927f9ca-5868-11eb-a20e-a4bb6d6cde80} => removido (a) com sucesso.
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2927f9ea-5868-11eb-a20e-a4bb6d6cde80} => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EDD34FE8-FE5B-4EB1-BC0A-2F92A4D579CE}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1B378227-FA43-4417-BEDA-4A24F9DF6714}C:\program files\windowsapps\spotifyab.spotifymusic_1.160.672.0_x86__zpdnekdrzrea0\spotify.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4245339-EC78-46C9-ABF0-53053438013C}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14EFBD45-A904-49AC-A438-00FDDE3BF7A0}" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{44564E68-EBD2-4DDB-A3F7-3F388ADCE9FF}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2ED338B5-B27D-42D0-B924-4248C03D39B1}C:\users\gsbad\appdata\local\discord\app-1.0.9003\discord.exe" => removido (a) com sucesso.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3D49692B-00C0-440E-900F-7BDA5F68FB59}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C50C87E0-E284-4326-BCED-DE61FAECAA1B}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BBB0435B-BCDC-462F-A332-CD8DDB6D375E}" => não encontrado (a)
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{45EC089A-E35B-4EF8-9753-8554F708AEB9}" => não encontrado (a)
C:\ProgramData => ":chnpbmzkyg" ADS removido (a) com sucesso.
C:\ProgramData => ":YXVtLmh6aQ" ADS removido (a) com sucesso.
C:\WINDOWS\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso.
"C:\Users\All Users" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\Users\All Users" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\Users\Todos os Usuários" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\Users\Todos os Usuários" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\ProgramData\Application Data" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\ProgramData\Application Data" => ":YXVtLmh6aQ" ADS não encontrado (a).
"C:\ProgramData\Dados de Aplicativos" => ":chnpbmzkyg" ADS não encontrado (a).
"C:\ProgramData\Dados de Aplicativos" => ":YXVtLmh6aQ" ADS não encontrado (a).
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.
=========== EmptyTemp: ==========
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 366092028 B
Java, Flash, Steam htmlcache => 451412321 B
Windows/system/drivers => 14816845 B
Edge => 9216 B
Chrome => 2428912016 B
Brave => 763762413 B
Firefox => 209477399 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7274 B
NetworkService => 1460816 B
gsbad => 91672209 B
RecycleBin => 0 B
EmptyTemp: => 4 GB de dados temporários Removidos.
================================
O sistema precisou ser reiniciado.
==== Fim de Fixlog 08:32:02 ====/!\ Bom Dia! Gsbad /!\
> Baixe: < ZHPCleaner > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/6LcRokv.jpg&key=4684c965737c18f7476fe10aa0d12f9a5f0279583460e462d3bcad9875ed3ea0" /> ... de Nicolas Coolman >
> Ou |Aqui!| << Mirror!
>
Citar
https://www.youtube.com/watch?v=8olWT8u5RYQ
> Caso tenha algum impedimento ao download,assista este tutorial que foi postado no YouTube,para desativar o Windows SmartScreen.
> Estando na página,clique /applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/7ukwnm8.jpg&key=411680a7552ecf5560e81caa8178fc7cb71e09190a8cbd96b9b9f256cdfd3139" />
> Salve-a ao desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/nDQ00tR.jpg&key=5a7684e4ed599a69b7680762ec1e2092f2d6d3e0149cc28a4fbaede09240d2f7" />
> Ao **abrir** esta tela,**evite** clicar em **Update** ou **Atualização**,para não ser **direcionado** ao **ZHPBrowser**.
> Ps: **Feche** a **mensagem** ao clicar no "**X**".
[/applications/core/interface/imageproxy/imageproxy.php?img=http://7.t.imgbox.com/6MKUYyzn.jpg&key=8f3fd1595941bd85ca77864e608c9a5cb5b4cb9870e031caf9d8839bddf0baed" />](http://imgbox.com/6MKUYyzn)
> Com a **ferramenta aberta**,clique em **Scanner**.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/ljOOETD.jpg&key=17f616a66a0ac1f98d58b7ad72fc71eb684f7e9613c302777e420d4af6d64274" />
> Aguarde a **conclusão!**
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/9g2LW3p.jpg&key=0e1bebfae36cbb4c260bebf282446e492aa1234bbb6cdf835ba00e03c61990c3" />
> Ao concluir,clique **Repair**.
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/88z05Yv.jpg&key=cf7e167afcb455fcd466b03d0e05ddf3a78efd594e8e4e5680a40e1a10f74511" />
> Ps: Ignore **possíveis alertas** quanto à sua **configuração de rede**. (DNS)
> Clique** Sim** >> **Sim!**
[/applications/core/interface/imageproxy/imageproxy.php?img=http://7.t.imgbox.com/CWxMrxRA.jpg&key=0766b1401c7f2a3c0d7d2272860c2b83abcae35df2605b9ebf777fd9dec628f7" />](http://imgbox.com/CWxMrxRA)
> Surgirão **guias** que estarão em **vermelho**,indicando **problemas a serem reparados**.
> Clique **Repair**.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/fN86PG8.jpg&key=0627b2d6ba9a8d38506700f60ee02989c4346b5b8c2a5f812deb142e1dc5d4dd" />
> Ao **concluir**,clique **Report**.
> Poste o **log** de **reparo**: **~ Type : Reparo**>
Citar
file:///C:/Users/xxx../AppData/Roaming/ZHP/ZHPCleaner.html
Ps: Ao clicar "Report",você obterá o relatório,dentre outras informações,em formato HTML.
file:///C:/Users/xxx.../AppData/Roaming/ZHP/ZHPCleaner.txt
Este será seu relatório direto,obtido ao modificar na barra de endereços,de (.html) para (.txt).
Basta selecionar (ctrl + A),copiar (ctrl + C) e colar ao seu Post ou Bloco de Notas. (ctrl + V)
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/dcE3kmT.jpg&key=6927a8e39f6822c8d13a6aa591b0ac9dc793f8e5d162632c795e53618d6572c6" />
Hospede o relatório em Hébergement de fichiers, Security-x.fr.
[]s
/!\ Boa Noite! Gsbad /!\
A lentidão ainda lhe incomoda?
> Baixe: < KpRm > ( ... by Kernel Panic )
> Clique Download e salve-o ao desktop, como local de destino.
> Na tela,marque:
**Apagar ferramentas
Deletar pontos de restauração
Criar um ponto de restauração**
> Eliminar quarentena: Eliminar agora
> Clique Executar e aguarde!
> Ao finalizar,clique OK!
[]s
Bom dia @DigRam! A lentidão ja deu uma melhorada, mas o meu google crome ainda esta iniciando com uma aba "ww7.clickseguro.com" q acredito ser algum malware, segue o relatorio:
>
Citar
# Run at 29/04/2022 11:18:54
# KpRm (Kernel-panik) version 2.9.3
# Website https://kernel-panik.me/tool/kprm/
# Run by gsbad from C:\Users\gsbad\Desktop
# Computer Name: GSDELL
# OS: Windows 10 X64 (19043)
# Number of passes: 1
- Checked options -
~ Delete Tools
~ Delete Restore Points
~ Create Restore Point
~ Delete Quarantines
- Delete Tools -
## FRST
[OK] C:\Users\gsbad\Desktop\Fixlog.txt deleted
[OK] C:\Users\gsbad\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\gsbad\Desktop\FRST64.exe deleted
[OK] C:\FRST deleted
## TDSSKiller
[OK] C:\TDSSKiller.3.1.0.28_18.07.2021_16.29.44_log.txt deleted
[OK] C:\TDSSKiller.3.1.0.28_18.07.2021_16.41.38_log.txt deleted
## ZHP Tools
[OK] C:\Users\gsbad\AppData\Local\ZHP deleted
[OK] HKCU\SOFTWARE\ZHP deleted
## ZHPCleaner
[OK] C:\Users\gsbad\Desktop\ZHPCleaner (R).txt deleted
[OK] C:\Users\gsbad\Desktop\ZHPCleaner (S).txt deleted
[OK] C:\Users\gsbad\Desktop\ZHPCleaner.exe deleted
[OK] C:\Users\gsbad\Desktop\ZHPCleaner.lnk deleted
- Other Lines -
## Quarantines never deleted
~ C:\Users\gsbad\AppData\Roaming\ZHP (ZHP)
- Clear Restore Points -
* No system recovery points were found
*
*
**
- Create Restore Point -
*
*
**
[OK] System Restore Point created
*
*
**
- Display System Restore Point -
*
*
**
~ ** RP named KpRm created at 04/29/2022 14:18:57
*
*
**
-- KPRM finished in 14.49s --
*
*
*
*
*
*
**
*
/!\ Boa Noite! Gsbad /!\
> Ou daqui: < AdwCleaner > << Link!
> Ao acessar,clique em "Download Now".
> Salve-o ao desktop!
> Desabilite seu antivírus!
< /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" class="ipsImage" alt="Executar_Administrador.jpg" data-imageproxy-source="http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg" /> >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
> Clique "Definições".
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/XZTQ4T3.jpg&key=2222c2a03e84c8a3bac88773e5d38e54e881fc6fa40b2c4f344c1a8be11eba89" class="ipsImage" alt="XZTQ4T3.jpg" data-imageproxy-source="https://imgur.com/XZTQ4T3.jpg" />
> Estando em "Definições",deixe as configurações conforme este banner.
/applications/core/interface/imageproxy/imageproxy.php?img=https://imgur.com/bk0BviF.jpg&key=96ac2b7643e0e946084fe8eb3fc85c5650becd4e85eab476e50ac9b37d51e811" class="ipsImage" alt="bk0BviF.jpg" data-imageproxy-source="https://imgur.com/bk0BviF.jpg" />
> Ps: Dê início ao scan,clicando em "Verificar Agora".
> Ao concluir,clique "Limpar e Reparar".
> Na mensagem,clique "Limpar e Reiniciar".
> Ao concluir,clique "Ver Ficheiro de Registos".
> Copie e poste o relatório! (Mode: Clean)/(AdwCleaner[C00])
[]s
Bom dia @DigRam!
>
Citar
# -------------------------------
# Malwarebytes AdwCleaner 8.3.2.0
# -------------------------------
# Build: 03-23-2022
# Database: 2022-04-27.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 04-30-2022
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 11
# Failed: 0
*** [ Services ] ***
No malicious services cleaned.
*** [ Folders ] ***
No malicious folders cleaned.
*** [ Files ] ***
No malicious files cleaned.
*** [ DLL ] ***
No malicious DLLs cleaned.
*** [ WMI ] ***
No malicious WMI cleaned.
*** [ Shortcuts ] ***
No malicious shortcuts cleaned.
*** [ Tasks ] ***
No malicious tasks cleaned.
*** [ Registry ] ***
Deleted HKCU\Software\Classes\.bgl
Deleted HKCU\Software\Conduit
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
*** [ Chromium (and derivatives) ] ***
Deleted cknghehebaconkajgiobncfleofebcog
*** [ Chromium URLs ] ***
Deleted Iminent
*** [ Firefox (and derivatives) ] ***
No malicious Firefox entries cleaned.
*** [ Firefox URLs ] ***
No malicious Firefox URLs cleaned.
*** [ Hosts File Entries ] ***
No malicious hosts file entries cleaned.
*** [ Preinstalled Software ] ***
No Preinstalled Software cleaned.
*************************
[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
*************************
AdwCleaner[S00].txt - [2378 octets] - [30/04/2022 08:01:37]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
/!\ Bom Dia! Gsbad /!\
*** [ Chromium (and derivatives) ] ***
Deleted cknghehebaconkajgiobncfleofebcog
*** [ Chromium URLs ] ***
Deleted Iminent
>
>
Em relação ao Chrome, a ferramenta detectou uma extensão maliciosa e o Iminent.
Ps: Isto teve influência na remoção do clickseguro.com?
[]s
Ola amigo @DigRam!
O clickseguro ainda esta ativo
/monthly_2022_04/image.png.006a4e572e7629ffc17a1a30e15f2dc7.png" />
/!\ Bom Dia! Gsbad /!\
> Abra seu navegador Google Chrome e na barra de endereços, digite: chrome:policy
> Aperte Enter!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/WZ5ji3I.jpg&key=ec9367f10be1fe73779cbbad92e756e3fcf3bc94f496aea00f81aaba53899c90" />
> Clique no botão "Atualizar políticas".
> Feche o Chrome e abra-o novamente!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/rCm4x9z.jpg&key=8c4688f5ea580d50bcb163012e807eb270dcfaddadb1bf9df4adb1f530e3895e" />
> Siga este Tutorial que foi publicado no YouTube.
https://www.youtube.com/watch?v=YO9ADS0AQ-0
> Não resolvendo, você pode tentar estas soluções abaixo.
> Vá em "Personalizar e controlar o Google Chrome" >> Configurações.
> Estando em Configurações, acesse "Pesquisar".
> Clique: "Gerenciar mecanismos de pesquisa..."
> Indo em "Configurações padrão de pesquisa".
> Caso encontre, exclua algum mecanismo que ache suspeito.
> Informe!
[]s
/!\ Boa Noite! Gsbad /!\
Copie estas informações que estão no spoiler, para o Bloco de Notas.
Salve-o ao desktop, com o nome fixlist.
Closeprocesses:
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [38768 2021-05-05] (Avast Software s.r.o. -> Avast Software)
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ca-5868-11eb-a20e-a4bb6d6cde80} - "F:\setup.exe"
HKU\S-1-5-21-1036876464-1709329310-3854566978-1001\...\MountPoints2: {2927f9ea-5868-11eb-a20e-a4bb6d6cde80} - "G:\Launcher.exe"
Reboot:Abra a FRST e clique "Corrigir" e aguarde a finalização do scan.
Poste o relatório! (Fixlog.txt)
[]s